OpenPGP Key Policy

How my OpenPGP key is structured and operated, and where to obtain it. Publishing the operating policy costs nothing in security — the key material stays offline; only the design is public.

Current key (since 2026-07-12)

Primary  ed25519  B22B 98AB B2D5 0330 7AB6 A316 0718 EFA6 506B B669  [C] certify-only
Subkey   ed25519  0C15 3FFE 2B02 7436 5ACB 1BF1 AEFA 86FA 828C 52C5  [S] signing (git, documents)
Subkey   cv25519  B7D6 4271 182C BBA3 054C 52CF CAA5 0DCD 0443 2C4F  [E] encryption
Subkey   ed25519  1378 A9E1 4459 222D 12C3 D2EB 424E 58B7 A453 07FE  [S] signing (secondary machine)
Subkey   ed25519  BFDB 1F43 3932 B67B D108 9817 3416 6963 D548 6096  [A] authentication (SSH)
  • The primary (certify-only) key is kept offline and is used solely to manage subkeys and identities. Day-to-day operations use subkeys only.
  • Signing subkeys are machine-scoped — no private subkey is shared across machines.
  • Keys have no expiry; compromise response relies on revocation and re-distribution via keyservers and WKD.
  • All git commits and tags are signed (shown as Verified on GitHub).

Where to obtain this key

Identity proofs

This key is bidirectionally linked to github.com/yhay81 and my domains (haya-inc.co.jp, yusuke-hayashi.com) through proofs verifiable on Keyoxide.

Previous key

RSA-4096 89C3 25D4 1DD3 055B (2020–2026) was revoked as superseded by the current key on 2026-07-12.

Last updated: 2026-07-13