Arija A.'s Cryptographic Keys

I am passionate about end-to-end encryption. To communicate securely, please use my OpenPGP keys listed below to encrypt emails, messages, files, or verify my online signatures. Also you can give me shell access on your server by adding my SSH key to /home/ari/.ssh/authorized_keys (🧌) or something... Anywho, I maintain two (2) OpenPGP keys and one (1) SSH key:

• OpenPGP/GPG (RSA4096): 5594A925063F3E68885A8F42B6B1654EDCB0F20C -- PRIMARY KEY
  • Ari-web: https://ari.lt/5594A925063F3E68885A8F42B6B1654EDCB0F20C.asc
  • PGP: https://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0xB6B1654EDCB0F20C
  • OpenPGP: https://keys.openpgp.org/vks/v1/by-fingerprint/5594A925063F3E68885A8F42B6B1654EDCB0F20C
  • Mailvelope: https://keys.mailvelope.com/pks/lookup?op=get&search=ari@ari.lt
  • FlowCrypt: https://flowcrypt.com/attester/pub/ari@ari.lt
  • Ubuntu: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x5594a925063f3e68885a8f42b6b1654edcb0f20c
  • DNS: dig d2efaa6dd6ae6136c19944fae329efd3fb2babe1e6eec26982a422aa._openpgpkey.ari.lt OPENPGPKEY
  • Web-Key-Directory: https://ari.lt/.well-known/openpgpkey/hu/qfckua8a7bfyw78pn18y63jp9xkjnqoa
• OpenPGP/GPG key (ECC): 20A6FBAC2E07A6256E5A435A841A60BFE0406195 -- SECONDARY KEY
  • Ari-web: https://ari.lt/20A6FBAC2E07A6256E5A435A841A60BFE0406195.asc
  • OpenPGP: https://keys.openpgp.org/vks/v1/by-fingerprint/20A6FBAC2E07A6256E5A435A841A60BFE0406195
  • Ubuntu: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x20a6fbac2e07a6256e5a435a841a60bfe0406195
• SSH key (Ed25519): SHA1:a40e6df61c83a32526b4b18f32dc48b590895893 -- PRIMARY KEY
  • Ari-web: https://ari.lt/a40e6df61c83a32526b4b18f32dc48b590895893.pub

If you want to be completely sure about authenticity of these keys, confirm it with the signed keys0.txt (signed with primary), signed keys1.txt (signed with secondary), and signed keys2.txt (signed with SSH key) with keys found on this page or any of the mirrors.

These keys should stay consistent in my social media profiles, email (feel free to contact me to ask me for a signed message for verification), git commits, signatures, and this website.

If you notice anything unusual, you should first contact me through the channel you initiated the communication with, without sending any sensitive information. Then, we can proceed with a secure key exchange for further communication. The steps to perform the handshake are as follows:

1. Use the same communication channel through which initial contact was made, with no exceptions. Any deviation will be treated as a potential compromise.
2. To initiate the key exchange, send me the old OpenPGP key-encrypted string "H3ll0!". Also:
   1. Attach your new (or old) insecure OpenPGP public key in binary format, as per RFC 4880.
   2. The exchange will proceed using the provided keys, which are initially considered insecure, for end-to-end encryption. This means that until a secure key exchange has been successfully completed, all messages exchanged must be encrypted or signed using the old OpenPGP key.
3. Upon receiving the string and new OpenPGP key, I will respond with:
   1. The current time in Lithuania, formatted as YYYY-MM-DD HH:MM:SS (UTC+2/UTC+3, depending on daylight saving time)
   2. A unique HTTPS URL hosted on the domain ari.lt, with a path comprising a hexadecimal string of exactly 64 characters (e.g., /dacfd071f63a5f7a2fce20ba187cdebd3bd163e8b5f2ca61cb3b6e5d0ee05563) - this string is the SHA256 hash of the file contents, exactly.
   3. The URL must return only the time signed with the compromised OpenPGP key (ASCII-armoured). This signature must be separate from the protocol message (i.e., different/new signature) in the response body, with no additional headers or HTML content.
   4. Ensure the URL path and certificate are validated. You should verify the URL's validity and check the SHA256 fingerprint of the TLS certificate used for HTTPS. Ensure the certificate matches the published fingerprint, and that it is issued by Let's Encrypt.
   5. Validate the SHA256 digest of the content and ensure it matches.
4. Upon verifying the Lithuanian time, the URL, its contents, its digest, and the signatures:
   1. You will respond with "Checks out!" encrypted using the old OpenPGP key as per the protocol.
   2. You will also send your new public OpenPGP key in binary format.
5. Upon receiving your public OpenPGP key:
   1. I will generate a new OpenPGP key pair and encrypt my new public key using your provided OpenPGP key.
   2. I will send you the encrypted public key in binary format, along with additional metadata such as the key creation timestamp and expiry information.
6. You will then send me the following:
   1. The message "Hello! Does this work?" encrypted using my newly encrypted public key.
7. If the handshake is successful:
   1. I will reply with "Yes, it worked. What is the purpose of this exchange and contact?" encrypted using your OpenPGP public key.
   2. If I do not respond within 24 hours, you must attempt to contact me through an alternate communication channel.
8. Once the handshake has been successfully completed, we will continue normal communication using the secure channel established during this process.
9. At any time after the key exchange, you may request identity verification again. Upon such a request, I will provide an encrypted HTTPS URL on the ari.lt domain, containing a signed OpenPGP message with the current time in Lithuania.
10. At any time, either party may cease communication, which must be considered a handshake failure. Any keys exchanged will be treated as potentially compromised.