My GnuPG/OpenPGP key as of 2022-02-11 is:

pub   rsa4096 2011-10-06 [SC]
uid           [ultimate] Elena Grandi (``of Valhalla'') <>
uid           [ultimate] Elena Grandi <>
uid           [ultimate] Elena Grandi (``of Valhalla'') <>
uid           [ultimate] Elena ``of Valhalla'' <>
uid           [ultimate] Elena Grandi <>
sub   rsa2048 2015-11-18 [A] [expires: 2025-05-30]
sub   rsa2048 2019-04-29 [S] [expires: 2025-05-30]
sub   rsa2048 2019-04-29 [E] [expires: 2025-05-30]

It is available for download from this site: 0xD599FF6101809E2A.asc, but the most up-to-date version can be found on a keyserver such as, or

I've followed a guide on the debian wiki to create a main key, to be stored in a safer place and used just to sign other keys, and a signing subkey with limited expiration time kept on a pgp card for daily use.


Stats for my key are avaiable on the PGP pathfinder & key statistics.

You could also use the wotsap program (available in the main GNU/Linux distributions) and the updated wot data from Christoph Egger.

The wot files on the wotsap homepage are no longer updated since the swiss keyserver went down in February 2012, and as of 2012-12-08 their wotsap analysis page still published outdated data.

Signing Policy

My signing policy is available at (signature); the current version is repeated here in HTML for convenience.

Previous versions and changelog.

GPG Signing Policy of Elena Grandi


This is the signing policy for key 0x01809E2A:

pub   4096R/01809E2A 2011-10-06
uid                  Elena Grandi (``of Valhalla'') <>
uid                  Elena ``of Valhalla'' <>
uid                  Elena Grandi <>
uid                  Elena Grandi (``of Valhalla'') <>
sub   4096R/0411EB6E 2011-10-06
sub   4096R/415A921F 2014-10-08 [expires: 2015-10-09]


I am willing to sign keys for people I meet in person, for example at a conference or a LUG/FSUG meeting, in reasonable circustances (not in a hurry, in a calm place, etc.).

The owner of the key should bring an hardcopy of the output of the command:

gpg --fingerprint $KEY_ID

or an equivalent listing of the same informations.

If the key is not available on public servers, the piece of paper should include an alternative address where I can easily retrieve the public key to sign.

I reserve the right not to sign a key; reasons may include, but are not limited to, insufficient identification or problems retrieving the key.

Signature Levels

I'm no longer using signature levels, since they don't seem to add much value.

Key trasport

After I've signed the UIDs, I will send the signed and possibly encrypted key back to each email address, as a light form of address ownership check; I will not upload the key to any keyserver.

Subsequent keys

If I have signed your key and you create a new one (e.g. because the old one is set to expire in the near future or you are migrating to a new format) I am willing to sign the new key without meeting in person as long as the following conditions are met.

  • The old key is not yet expired nor revoked when you send me the request (of course).
  • You send me an email signed with the old key and including the informations on the new key as needed for a new signature (fingerprint, UID you want to have signed, informations for key retrieval).

I will then sign the UIDs I had already signed on the old key; other UIDs may be signed or not at my discretion.

Pseudonym keys

I will only sign pseudonym identities on keys if I've known the owner of the key under that pseudonym for more than a year.

Photo uid

I won't generally sign photo UIDs because they are hard to properly verify.


Reciprocity is appreciated, but not required: if we meet so that I can sign your key I expect that you look at my ID and fingerprint; if then you have a reason not to sign it I understand it, but appreciate if, situation permitting, you explain what the issues are, so that I can fix them for the future.

Send a comment: unless requested otherwise I may add it, or some extract, to this page.

Return to Top