Postmaster's Public Keys

Table of Contents:

1. Primary/Master PGP Public Key
2. Signing PGP Public Key
3. Encryption PGP Public Key
4. Inline Full/All PGP Public Keys
5. Direct Link to Postmaster's PGP Public Keys File
6. Additional PGP Public Key Retrieval Methods
7. Old/Retired Public Keys

---

Primary/Master PGP Public Key

• Fingerprint: 745B DD64 0E0E 0316 0CBA 95AD C6BB FE75 607C 5B06
• Algorithm: EdDSA - ed25519
• DNS Verification (DNSSEC authenticated): TXT _fp.pgp.primary.postmaster.theregoesmy.email

---

Signing PGP Public Key

• Fingerprint: F96D 8808 1F72 A092 7C28 1D24 08D8 C4FE 888C EE49
• Algorithm: EdDSA - ed25519
• Issued: 2025-11-17
• Expires: 2026-11-17
• DNS Verification (DNSSEC authenticated): TXT _fp.pgp.signing.postmaster.theregoesmy.email

---

Encryption PGP Public Key

• Fingerprint: 9349 D7BB 6F95 A5D5 F1EE 9617 1FAB 8A41 2AFB 5953
• Algorithm: ECDH - curve25519
• Issued: 2025-11-17
• Expires: 2026-11-17
• DNS Verification (DNSSEC authenticated): TXT _fp.pgp.encryption.postmaster.theregoesmy.email

---

Inline Full/All PGP Public Keys

        
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZV09+xYJKwYBBAHaRw8BAQdABTGut6nUzVtGjmLgb+ZHBKUl/4e2JR+OPg6y
nvaD0Kq0KVBvc3RtYXN0ZXIgPHBvc3RtYXN0ZXJAdGhlcmVnb2VzbXkuZW1haWw+
iJYEExYIAD4CGwEFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQR0W91kDg4DFgy6
la3Gu/51YHxbBgUCaRqCGQUJBaUPHgAKCRDGu/51YHxbBiMVAP9XUNY0uEVi5yJ1
6LqfQVAxBmaq9M+3rMfbIbVpr8HbbwEA6T+70SCxe+PymDWjVfr9S8A5inBalE2Q
9ZRUrlCK1QCIlgQTFggAPhYhBHRb3WQODgMWDLqVrca7/nVgfFsGBQJlXT37AhsB
BQkB58sABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEMa7/nVgfFsGi3cA/RHz
Wn8SkC+6iqPPWero2LwQK5GdqzWFngVuKJSqbBh9AP9II8sYTvM/qS2AiacaU84X
HNxcq7L4peLlBZ7hWawIDrgzBGc2hvoWCSsGAQQB2kcPAQEHQMnD0sKmI6Y/VCgF
rOnx/C8NZ330lq3obJHSJa0oLbbdiIcEKBYKAC8WIQR0W91kDg4DFgy6la3Gu/51
YHxbBgUCaRsy8xEdAWFubnVhbCByb3RhdGlvbgAKCRDGu/51YHxbBrKHAPoDuQaa
QiBOez35b1W4Z/AYn9UcH5DxRNLetRS/dJUdWAEAvGHqEJ1mKE9oMHTwF5U7xhSz
FSKKD6+Ds1UOhADBrg+I9QQYFgoAJhYhBHRb3WQODgMWDLqVrca7/nVgfFsGBQJn
Nob6AhsCBQkB4TOAAIEJEMa7/nVgfFsGdiAEGRYKAB0WIQR/xbbsLpPGcrVAHJkx
iQ9yRoB4PgUCZzaG+gAKCRAxiQ9yRoB4PpAlAQCkyl6LpM11L1xsDj0J8zRmOr0i
Fj4Cb/Nz5tYe4FfA7AEAh3ctVMuMeqLwzaM3e6SEBR8OpMzuOi28/JrtzQ82MQHg
DgEAnG3Y0AI+7Sn6MQuTlQUntB0WnyHvtR/PTdCLjBCnJWwA/392R7RHYYFwZglY
MToxe/Af8kyLCsMhDUTay7ELvQoLuDgEZzaHCxIKKwYBBAGXVQEFAQEHQKx3W15K
54+Oj7AnXAe6PxPM6Pf0ozAGmH+IR/kcXBJBAwEIB4iHBCgWCgAvFiEEdFvdZA4O
AxYMupWtxrv+dWB8WwYFAmkbMvMRHQFhbm51YWwgcm90YXRpb24ACgkQxrv+dWB8
WwZCJwEAs7HQgdCcCmMi8yAqSniAAcVzNhJ8Bk0KO7xWREmJxTsBAJ8qOgnnrQU+
5HsGZ2MXYrV/i8bYAhq4svAlcK/xKHcNiH4EGBYKACYWIQR0W91kDg4DFgy6la3G
u/51YHxbBgUCZzaHCwIbDAUJAeEzgAAKCRDGu/51YHxbBu0mAP9HTaOKxzKgf8c5
9FHpmC1O0h+oKcz3e3eNUadQ4/7dEgEAm65AzR1m2K4SdkwIANZdpyX21RX4zz6R
Ze0do2oBYwO4MwRpGoJjFgkrBgEEAdpHDwEBB0DhO61RlvSQAEF1C0+m1bmLHp8H
lOYncCKrLBMit4Ts54j1BBgWCgAmFiEEdFvdZA4OAxYMupWtxrv+dWB8WwYFAmka
gmMCGwIFCQHhM4AAgQkQxrv+dWB8WwZ2IAQZFgoAHRYhBPltiAgfcqCSfCgdJAjY
xP6IjO5JBQJpGoJjAAoJEAjYxP6IjO5JJWsBAPB5DG6FemiF8nL9EjSTfOzSLUu7
iFsmxcApejrX+10aAP4khlzlyZUkL+B9b39Y27Q9AHPSpKjGe+bs6+eolW88C6uZ
AQCWWeeqjvse8dP7gYoG/vJSjQqN7kj2P9xWrgD26GPMiwEAvlxtENrTggddQ0o5
w99Riqk6YbwRecEoqHkw35GPtwq4OARpGoKAEgorBgEEAZdVAQUBAQdAiCn/JLlq
yolxwn8L5Bl1WiF3NZUn/jwg2M05Es3TsQUDAQgHiH4EGBYKACYWIQR0W91kDg4D
Fgy6la3Gu/51YHxbBgUCaRqCgAIbDAUJAeEzgAAKCRDGu/51YHxbBjGVAQDcO+SE
swM2iBvQdK0bnddQJzGyDQoK+Lzyj55nJuCIGAD/UrgtCFVx0MKdZuUM99BumjYg
IEQ2J1n7vrl7sfhbfwk=
=GJ/o
-----END PGP PUBLIC KEY BLOCK-----
        
        

---

Direct Link to Postmaster's PGP Public Keys File
SHA256 Digest of Postmaster's PGP Public Keys File: 3f07ebca866fea2d10a508c173d789860df833118e6804d6d4a8afee80f39abf

---

Additional PGP Public Key Retrieval Methods
All of these methods were tested as 'working' on GnuPG 2.4.8 (built circa 2025) for postmaster's PGP public keys. Most of these, except WKD, are only applicable/convenient to GnuPG.

• CERT
  • Established method (RFC 2538, RFC 4398)
  • Usually only used with GnuPG, little interoperability
  • Type 3 (PGP): full public key block in DNS; larger DNS response
  • Type 6 (IPGP): fingerprint length, fingerprint, and URI to full public key block; smaller DNS response
  • The zone operator has decided to publish type 3 records for a few reasons:
    • Only needs DNS, therefore less overall maintenance
    • Software that is DNSSEC aware will always receive authentic responses
    • Older GnuPG versions could not retrieve the URI (and therefore the public key block) for a type 6 (IPGP) CERT record, despite parsing the fingerprint in the CERT record correctly
  • Hint:

    gpg --verbose --auto-key-locate cert --locate-keys {email-address}

• WKD
  • Modern method (no RFCs yet, still under draft)
  • Highly interoperable and widely adopted
  • Requires a web server, not just DNS
  • Hint:

    gpg --verbose --auto-key-locate wkd --locate-keys {email-address}

  • Since newer GnuPG versions use WKD by default, it's possible to be even more concise:

    gpg --locate-keys {email-address}

• GnuPG curl/fetch
  • Shortcut to downloading the file and running "gpg --import"
  • Hint:

    gpg --verbose --fetch-keys https://theregoesmy.email/keys/direct/postmaster.asc

If running an older version of GnuPG, it may also be possible to use GPG PKA. Note: this does NOT work on the version of GnuPG previously mentioned with the above working methods.

• PKA
  • Unofficial, legacy method (no RFCs)
  • Only used by GnuPG, no interoperability
  • Likely phased out by newer versions of GnuPG
  • Hint:

    gpg --verbose --auto-key-locate pka --locate-keys {email-address}

---

Old/Retired Public Keys