Jessica Rodriguez

Software engineer, occasional blogger.

I use my PGP key to sign commits and tags on a limited number of personal projects. While I will respond to emails sent using PGP, I’d strongly recommend against doing so:

  • Various issues best explained by experts. Like this episode of Security Cryptography Whatever, or this blog by Soatok.
  • I’m not a regular user of PGP+email and will probably screw up somewhere.
  • I’ve been down this road before and it only leads to pain and suffering. Let alone getting things to work nicely on mobile.
    • I’ll only check from my PCs for this reason.

If you need secure communications, ask for my Signal username. Otherwise, we can try to work something out but no guarantees.

My current PGP key is 6D71 C504 6A9A 4B98 DAE9 5EE8 BBA3 C03E D204 C805, corresponding to [dev at (the same domain)]. Retrieve it from WKD and keyservers using the sq CLI:

# Pull from WKD and the keyservers
sq network search <fingerprint_or_email>
# Trust the cert once you verify it
sq pki link add --cert <fingerprint> --all