PGPKeys
OpenPGP Key Policy
How my OpenPGP key is structured and operated, and where to obtain it. Publishing the operating policy costs nothing in security — the key material stays offline; only the design is public.
Current key (since 2026-07-12)
Primary ed25519 B22B 98AB B2D5 0330 7AB6 A316 0718 EFA6 506B B669 [C] certify-only Subkey ed25519 0C15 3FFE 2B02 7436 5ACB 1BF1 AEFA 86FA 828C 52C5 [S] signing (git, documents) Subkey cv25519 B7D6 4271 182C BBA3 054C 52CF CAA5 0DCD 0443 2C4F [E] encryption Subkey ed25519 1378 A9E1 4459 222D 12C3 D2EB 424E 58B7 A453 07FE [S] signing (secondary machine) Subkey ed25519 BFDB 1F43 3932 B67B D108 9817 3416 6963 D548 6096 [A] authentication (SSH)
- The primary (certify-only) key is kept offline and is used solely to manage subkeys and identities. Day-to-day operations use subkeys only.
- Signing subkeys are machine-scoped — no private subkey is shared across machines.
- Keys have no expiry; compromise response relies on revocation and re-distribution via keyservers and WKD.
- All git commits and tags are signed (shown as Verified on GitHub).
Where to obtain this key
- This site: /pgp-key.asc
- WKD:
gpg --locate-keys yusuke@haya.company - keys.openpgp.org: verified for both email identities
- GitHub: github.com/yhay81.gpg
- Keyoxide: verified identity proofs
Identity proofs
This key is bidirectionally linked to github.com/yhay81 and my domains (haya-inc.co.jp, yusuke-hayashi.com) through proofs verifiable on Keyoxide.
Previous key
RSA-4096 89C3 25D4 1DD3 055B (2020–2026) was revoked as superseded by the current key on 2026-07-12.
Last updated: 2026-07-13