Contact Information for www.elstel.org
Encryption would in deed only make real sense if both sides had uncompromised hardware with no backdoors, which is likely not the case. I am not aware of any such hardware.
It is up to you whether you wanna use our secure key for online encryption (3072bit) or our offline-key with 4096bit. You need to comply with the same security precautions as we do when using these keys! In the meantime both keys have been secured via gpg-smartcard. You may need to wait somewhat longer when you send us an encrypted message (possibly longer for the offline key).
Instructions on how to use the GPG key
These guidelines are all good, correct and valuable and should then also be followed when encrypting.
Please make sure that you
- Obtain a genuine copy of our public gpg key.
- Do not encrypt or store private keys on a computer which is online but not protected sufficiently (for details please read our article about GnuPG!).
- Always keep your private key with you (f.i. on an USB stick) / Never leave it unattended.
- Try to avoid using a computer which could have been compromised even if that computer is offline.
- Include your own public key for a response.
- To stay anonymous you may use a throwaway e-mail via Tor.
- Tell us that you have complied with these instructions.
- The most sensitive information may require a secure destruction of the private key after the message has been read.
If you should have sent us an encrypted message we will send you another message with the content 'ACK' back timely. It will indicate that we have received the message in deed. However we will likely not have read your message until then yet!
More detailed instructions on what to do can be fetched via software/GnuPG-usage.html.en.