Ryan Lewis — work GPG key

For sending me encrypted things in a work context (ryan.lewis@lhv.com).

Key

Field	Value
Email	`ryan.lewis@lhv.com`
Key ID	`68A698ADACB3C08D`
Fingerprint	`66F5 806C A493 A452 F834 0E05 68A6 98AD ACB3 C08D`
Algorithm	RSA 4096

Published on GitHub (ryanlewis).

Fetching the public key

Via GitHub API (unauthenticated)

curl -sS https://api.github.com/users/ryanlewis/gpg_keys \
  | jq -r '.[] | select(.emails[]?.email == "ryan.lewis@lhv.com") | .raw_key' \
  | gpg --import

Verify the fingerprint

Always cross-check against an out-of-band channel before trusting:

gpg --fingerprint ryan.lewis@lhv.com
# expect: 66F5 806C A493 A452 F834  0E05 68A6 98AD ACB3 C08D

Encrypting something to me

ASCII-armoured ciphertext is safe to paste into Slack, email, a Jira ticket, anywhere.

Encrypt a file

gpg --encrypt --armor --recipient ryan.lewis@lhv.com secrets.txt
# produces secrets.txt.asc — send that

Encrypt a string from stdin → clipboard (macOS)

echo "the secret" | gpg --encrypt --armor --recipient ryan.lewis@lhv.com | pbcopy

Encrypt + sign (recommended if you have your own key)

Adds a signature so I can verify it really came from you:

gpg --encrypt --sign --armor --recipient ryan.lewis@lhv.com secrets.txt

One-shot trust override

If gpg prompts There is no assurance this key belongs to the named user, you haven't set explicit trust on my key. For a one-off, bypass with:

gpg --encrypt --armor --trust-model always --recipient ryan.lewis@lhv.com secrets.txt

ryanlewis/public-work.md

Select an option

No results found