*** How to contact me ***

Need or want to contact me directly? This page lets you know how!

The easiest way to get in touch for one-off things is email at maria [at] merkel [dot] name. I will respond from another email address, but I prefer not to publish the actual address on this website to avoid spam. If you really want to avoid using the forwarding address, you can extract my actual email from my PGP key or S/MIME certificates below, but please use the one ending in .cc, not the .info one.

For especially sensitive communications, please use maria [at] secure [dot] merkel [dot] info. Email to this account will never touch third-party hosting providers.

For larger (or ongoing) conversations that do not require increased security, Discord will be easier. I'm Maria mmerkel there. You can also use Twitter at https://twitter.com/MarMerkel or Matrix at @maria:merkel.info.

If you want to send me a letter you can do so at Maria Merkel, Postfach 11 12, 82101 Germering, Germany. If you need to send anything larger than a letter (or are using a courier and thus can't use a PO box), you can use Maria Merkel, Blahaj Ltd, The Media Centre, 7 Northumberland Street, Huddersfield, United Kingdom, HD1 1RL. If you use the second address, please make sure to include at minimum Blahaj Ltd and The Media Centre, and ideally my name as well. The UK is not where I live, so things will take a while to reach me. If you know me, ask for my actual address instead.


** Encryption and Signature **

Want to make sure your message won't be intercepted or tampered with? Need to make sure a message was really sent by me?

For email I *strongly* prefer S/MIME over PGP. Not only is it more convenient for me, it is also more secure. I've listed the reasons below, but the short version is that my S/MIME keys are stored more securely (or more specifically, are guaranteed to be and stay stored securely), which is not possible for my PGP keys due to limitations in GPG.

Download the S/MIME certificate for my .cc email address at https://maria.cc/download/smime_cc.crt
Download the S/MIME certificate for my .info email address at https://maria.cc/download/smime_info.crt
Download my PGP key at https://maria.cc/download/pgp.asc

Alternatively, you can find my PGP key on key servers under fingerprint 63ECF119878AF6385C81EB5FBA84BB1F1CE8A110.

If you want to verify a PGP signature from me and don't have GPG installed, you can use https://keybase.io/verify and make sure that it returns "Signed by mmerkel" (linking to https://keybase.io/mmerkel). This means trusting Keybase to not manipulate results or intercept data, so please do not use this to encrypt sensitive messages to me.


** Why S/MIME over PGP? **

I take great care to ensure the security of important cryptographic key material (including all keys published on this website) while ensuring that key material stays available to me (and only me) even if something goes wrong. I cannot control what data people will rely on these keys for, so I believe it is my responsibility to safeguard them appropriately.

Ultimately, the primary goal is security, which is why all of my key material is stored on hardware security modules (primarily smart cards or security tokens). Unfortunately, GPG has no proper support for this hardware with the exception of Yubikeys and PGP-specific cards, neither of which provide good ways to ensure secure backups.

The hardware I primarily use for key storage supports a backup mechanism which can be set up in a way where a master device can authorize other devices to join a key domain, in which keys can be copied and transferred between devices. This process has a built in mechanism that prevents key material from being transferred to less secure storage (such as a file on a computer), it will only allow copies to be made to devices of the same security level (and only if the receiving device has previously been authorized by the master device). This allows me to generate keys securely on a primary device, which I can then put into secure offline storage. For day-to-day use, copies of the keys are made to other secure devices that I can keep within reach or carry with me.

The hardware supported by GPG does not support any such backup mechanism. In fact, there are only two options: generate a key on the device and be unable to ever copy it anywhere, making you lose the ability to decrypt data if the device breaks or access to it is lost, or generate a key outside of the device and import a copy of it onto it. My PGP keys are generated in an ephemeral environment using a CSPRNG seeded from a TRNG, but to allow for backups they do not exist in HSMs alone. The backups are stored with multiple layers of encryption, some of the keys for which are in turn stored on hardware security devices kept in secure locations, which means this method should in practice be equally secure, however this does mean that the key material can in theory be decrypted and stored in decrypted form. Like with my S/MIME and other keys, the day-to-day use copy of these keys is stored on secure hardware to avoid compromise through malware while making convenient use on my normal devices possible.