PGP Setup & Verification Guide
PGP (Pretty Good Privacy) is the foundation of Kerberos authentication. Every official announcement, mirror address or security alert is signed by the main admin key. This section explains how to generate, import and verify PGP keys safely in both desktop and mobile environments in 2026.
1. Installing GPG Suite
For Linux or Tails, GnuPG is pre‑installed. For Windows, download GPG4Win; macOS users can use GPGTools. Verify installer signature before running.
Generate a Keypair
Run gpg --full-generate-key then choose RSA 4096 / expire 1y. Use no real email; Torified aliases are recommended.
Protect the private key with a long passphrase.
Import Kerberos Public Key
Download KerberosPGP.asc from Official Mirrors.
Import it with gpg --import KerberosPGP.asc.
Verify Fingerprints
Check the key fingerprint against the values listed on Kerberos documentation. Example: 9B4D 7A13…F6BC. If it differs, treat it as compromised.
2. Verifying Signatures
Every message PGP‑signed by Kerberos admins can be verified via GnuPG terminal:
gpg --verify announcement.txt.asc announcement.txtA valid signature will display "Good signature from Kerberos Security Team". If you see unknown key ID, import again from an official mirror.
Linux / CLI Workflow
Use textual interfaces for full control and transparency: no GUI caches or hidden files. Combine with torsocks wget for safe downloads.
Mobile Verification
Android users can use OpenKeychain. Import the Kerberos public key, then copy and verify PGP blocks via Termux for fast checks.
Refreshing Keys
Kerberos rotates its PGP subkeys periodically. Run gpg --refresh-keys once a week or use our onion keyserver listed below.
3. Onion Keyserver
Kerberos maintains a distributed PGP keyserver available only inside Tor:
http://kerberoskeysrv77z.onion
4. Security Recommendations
- ✦ Never upload your private key to cloud storage.
- ✦ Revoke old keys when you lose control of a device.
- ✦ Use subkeys per task (Signature, Encryption, Auth).
- ✦ Maintain an offline key with USB or air‑gapped hardware.
By following these protocols, you maintain zero‑trust integrity within Kerberos network and guard yourself from phishing or spoofing. The Kerberos PGP infrastructure is engineered for long‑term cryptographic trust even under extreme censorship.