Postmaster's Public Keys
Table of Contents:
Primary/Master PGP Public Key
- Fingerprint: 745B DD64 0E0E 0316 0CBA 95AD C6BB FE75 607C 5B06
- Algorithm: EdDSA - ed25519
- DNS Verification (DNSSEC authenticated): TXT _fp.pgp.primary.postmaster.theregoesmy.email
Signing PGP Public Key
- Fingerprint: 7FC5 B6EC 2E93 C672 B540 1C99 3189 0F72 4680 783E
- Algorithm: EdDSA - ed25519
- Issued: 2024-11-14
- Expires: 2025-11-14
- DNS Verification (DNSSEC authenticated): TXT _fp.pgp.signing.postmaster.theregoesmy.email
Encryption PGP Public Key
- Fingerprint: D35D D10D 4DB5 D556 0954 35C0 78C9 F349 C62A 834D
- Algorithm: ECDH - curve25519
- Issued: 2024-11-14
- Expires: 2025-11-14
- DNS Verification (DNSSEC authenticated): TXT _fp.pgp.encryption.postmaster.theregoesmy.email
Inline Full/All PGP Public Keys
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZV09+xYJKwYBBAHaRw8BAQdABTGut6nUzVtGjmLgb+ZHBKUl/4e2JR+OPg6y
nvaD0Kq0KVBvc3RtYXN0ZXIgPHBvc3RtYXN0ZXJAdGhlcmVnb2VzbXkuZW1haWw+
iJYEExYIAD4CGwEFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQR0W91kDg4DFgy6
la3Gu/51YHxbBgUCZzaG7AUJA8ET8QAKCRDGu/51YHxbBuhuAP9Ck4xSnX1tKUWj
sPmd0lw4hya1lclupYxw05SD04y2ogD8Doqad7jWQ2mB7MPWj1ly7UKy8HTaN5RT
sZeK0Rlv1w24MwRlXT6RFgkrBgEEAdpHDwEBB0C98jkxzdDR94YhHNdf2VIQ8enb
W4CJDby3zlJo+kG6roiHBCgWCgAvFiEEdFvdZA4OAxYMupWtxrv+dWB8WwYFAmc2
h80RHQFhbm51YWwgcm90YXRpb24ACgkQxrv+dWB8WwYS0gEA0VGge/fFrwNTm+G7
ZTyGxVO9qu1+RPWtTs+Z29VEaJkBAJFPvAm8ckKj/JZ3vrimXVShZJx0UMuOFLjB
VkTuHT0NiPUEGBYIACYWIQR0W91kDg4DFgy6la3Gu/51YHxbBgUCZV0+kQIbAgUJ
AeEzgACBCRDGu/51YHxbBnYgBBkWCAAdFiEE4tv1JNeWlZt3r/KlmRlwzl2CAccF
AmVdPpEACgkQmRlwzl2CAcd8dwEAmYPjIDnaLlvBFR9YHfQdnyo3+CVH0KlEEtfU
xH5hW08A/2ojuP7uCHQR/qk4gTIiDO1brP7N4iFH1Fq2JmmBhVMKzr8A/1GJNmrw
dFHRo8ayFbRkc6bZil+bU+y3EODxK5h8NwyzAQDnGGVuaS4fNo8tN0THB8KZt561
BgqZbGy3daKtEGu5BLg4BGVdPtESCisGAQQBl1UBBQEBB0AmbpD/uXRmUJAjCNV/
scGnbPwM3rVT2zoRakhLPS//CAMBCAeIhwQoFgoALxYhBHRb3WQODgMWDLqVrca7
/nVgfFsGBQJnNofNER0BYW5udWFsIHJvdGF0aW9uAAoJEMa7/nVgfFsGHdIA/1jC
XZ4nlY3zpAoXZI0aCw62SHZhcbmSJzORsWmizFXeAP9XnPUhdrpopYKYBYy/0/dp
5MM2h53Ws27gI6spATvRBYh+BBgWCAAmFiEEdFvdZA4OAxYMupWtxrv+dWB8WwYF
AmVdPtECGwwFCQHhM4AACgkQxrv+dWB8WwZefgEA3QcVTT+ZEt4uCryxw4/ZYHh8
i21urn+gUHxYqX25krABAMvcC/vyl9ZysPbaUyUZIbDlkoUxuNjDA0DRgbyEcEQP
uDMEZzaG+hYJKwYBBAHaRw8BAQdAycPSwqYjpj9UKAWs6fH8Lw1nffSWrehskdIl
rSgttt2I9QQYFgoAJhYhBHRb3WQODgMWDLqVrca7/nVgfFsGBQJnNob6AhsCBQkB
4TOAAIEJEMa7/nVgfFsGdiAEGRYKAB0WIQR/xbbsLpPGcrVAHJkxiQ9yRoB4PgUC
ZzaG+gAKCRAxiQ9yRoB4PpAlAQCkyl6LpM11L1xsDj0J8zRmOr0iFj4Cb/Nz5tYe
4FfA7AEAh3ctVMuMeqLwzaM3e6SEBR8OpMzuOi28/JrtzQ82MQHgDgEAnG3Y0AI+
7Sn6MQuTlQUntB0WnyHvtR/PTdCLjBCnJWwA/392R7RHYYFwZglYMToxe/Af8kyL
CsMhDUTay7ELvQoLuDgEZzaHCxIKKwYBBAGXVQEFAQEHQKx3W15K54+Oj7AnXAe6
PxPM6Pf0ozAGmH+IR/kcXBJBAwEIB4h+BBgWCgAmFiEEdFvdZA4OAxYMupWtxrv+
dWB8WwYFAmc2hwsCGwwFCQHhM4AACgkQxrv+dWB8WwbtJgD/R02jiscyoH/HOfRR
6ZgtTtIfqCnM93t3jVGnUOP+3RIBAJuuQM0dZtiuEnZMCADWXacl9tUV+M8+kWXt
HaNqAWMD
=KajY
-----END PGP PUBLIC KEY BLOCK-----
Direct Link to Postmaster's PGP Public Keys File
SHA256 Digest of Postmaster's PGP Public Keys File:
d3f3383e18f398dbc7720d000dc8d19a442364a104071a0a49f1410feae65e59
Additional PGP Public Key Retrieval Methods
All of these methods were tested as 'working' on GnuPG 2.4.5 (built circa 2024) for postmaster's PGP
public keys. Most of these, except WKD, are only applicable/convenient to GnuPG.
- CERT
- Established method (RFC 2538, RFC 4398)
- Usually only used with GnuPG, little interoperability
- Type 3 (PGP): full public key block in DNS; larger DNS response
- Type 6 (IPGP): fingerprint length, fingerprint, and URI to full public key block; smaller DNS
response
- The zone operator has decided to publish type 3 records for a few reasons:
- Only needs DNS, therefore less overall maintenance
- Software that is DNSSEC aware will always receive authentic responses
- GnuPG 2.2.41 could not retrieve the URI (and therefore the public key block) for a type
6 (IPGP) CERT record, despite parsing the fingerprint in the CERT record correctly
- Hint:
gpg --verbose --auto-key-locate cert --locate-keys {email-address}
- WKD
- Modern method (no RFCs yet, still under draft)
- Highly interoperable and widely adopted
- Requires a web server, not just DNS
- Hint:
gpg --verbose --auto-key-locate wkd --locate-keys {email-address}
- Since newer GnuPG versions use WKD by default, it's possible to be even more concise:
gpg --locate-keys {email-address}
- GnuPG curl/fetch
- Shortcut to downloading the file and running "gpg --import"
- Hint:
gpg --verbose --fetch-keys https://theregoesmy.email/keys/direct/postmaster.asc
If running an older version of GnuPG, it may also be possible to use GPG PKA.
Note: this does NOT work on the version of GnuPG previously mentioned with the above working methods.
- PKA
- Unofficial, legacy method (no RFCs)
- Only used by GnuPG, no interoperability
- Likely phased out by newer versions of GnuPG
- Hint:
gpg --verbose --auto-key-locate pka --locate-keys {email-address}
Old/Retired Public Keys