Contact Information for www.elstel.org
It is up to you whether you wanna use our secure key for online encryption (3072bit) or our offline-key with 4096bit. You need to comply with the same security precautions as we do when using these keys! To gain the best achievable security you may first encrypt with our offline key and then wrap the result another time with our online key; please add in plain text to the message that it has been double encrypted (both decryption processes will then be held offline). However if encrypted twice or offline you may need to wait longer for our response. While our offline key is stored in RAM it can never be fully protected from theft. That is why we have an online key that is securely stored on a smart card.
Instructions on how to use the GPG key
Please make sure that you
- Obtain a genuine copy of our public gpg key.
- Do not encrypt or store private keys on a computer which is online but not protected sufficiently (for details please read our article about GnuPG!).
- Always keep your private key with you (f.i. on an USB stick) / Never leave it unattended.
- Try to avoid using a computer which could have been compromised even if that computer is offline.
- Include your own public key for a response.
- To stay anonymous you may use a throwaway e-mail via Tor.
- Tell us that you have complied with these instructions.
- The most sensitive information may require a secure destruction of the private key after the message has been read.
If you should have sent us an encrypted message we will send you another message with the content 'ACK' back timely. It will indicate that we have received the message in deed. However we will likely not have read your message until then yet!
More detailed instructions on what to do can be fetched via software/GnuPG-usage.html.en.visit www.elstel.org