PGP Configuration & Message Verification

This guide explains how to generate, import, and verify PGP keys for Kerberos communications. Public‑key encryption ensures that no third party can read or tamper with messages between users and administrators. As of 2026, Kerberos requires all vendors and buyers to use PGP for authentication and two‑factor login.

1. Generate Your PGP Key Pair

Install GnuPG on your system and create a new key:

gpg --full-generate-key
  • Select RSA (4096 bits) for maximum compatibility.
  • Set an expiration date of 1 year and renew annually.
  • Use an anonymous email alias distinct from your real identity.

2. Export and Store Your Public Key

After creation, export the public key to share with other members:

gpg --armor --export > pubkey.asc

Keep the private key (secring.gpg or private.key) offline on a USB drive. Never upload it to cloud storage or send via email.

3. Import Kerberos Official Admin Keys

Download our public PGP keys from the Mirrors page and import them using:

gpg --import kerberos-admin.asc

Verify fingerprints against the official list below before trusting communication.

 Admin 1 – Core Key F5D9 2A71 7CBE 91D4 638F D3B1 B6A2 C3F4 1F22 E7B9
 Admin 2 – Security Audit Key 9CC1 FAE3 A174 BB2E A0C5 9E24 8065 A740 C4AA F913

4. Verify Messages and Announcements

All admin news and market updates come PGP‑signed. To verify a downloaded message:

gpg --verify announcement.asc

A successful result must show a good signature and a matching key ID with the list above.

PGP Usage Metrics 2026

 Active Keys

94 % of Kerberos accounts registered under valid PGP fingerprints.

 Encrypted Messages

98 % of support tickets and vendor messages use end‑to‑end PGP encryption.

5. Key Rotation and Revocation

Create a revocation certificate immediately after key generation and store it offline:

gpg --output revoke.asc --gen-revoke <keyID>

If you suspect a compromise, publish this certificate and create a new key pair for future use.