Qhash Foundation — PGP Public Key

Use this key to verify signatures and (optionally) encrypt messages to hello@qhash.foundation.
Repository: https://github.com/qhashfoundation/pgp

Fingerprint (most important)

59A6 7140 C80E 1E75 C405 36F5 BDA3 E386 B808 5C04
Always compare this fingerprint after importing the key. If it doesn’t match, do not trust the key.

Download from GitHub

Public key file (repo view): qhashfoundation_pub.asc
Raw download URL (works with curl/wget): https://raw.githubusercontent.com/qhashfoundation/pgp/main/qhashfoundation_pub.asc
Import via curl:
curl -fsSL -o qhashfoundation_pub.asc "https://raw.githubusercontent.com/qhashfoundation/pgp/main/qhashfoundation_pub.asc"
gpg --import qhashfoundation_pub.asc
gpg --fingerprint 59A67140C80E1E75C40536F5BDA3E386B8085C04
Import via wget:
wget -O qhashfoundation_pub.asc "https://raw.githubusercontent.com/qhashfoundation/pgp/main/qhashfoundation_pub.asc"
gpg --import qhashfoundation_pub.asc
gpg --fingerprint 59A67140C80E1E75C40536F5BDA3E386B8085C04

Fetch from keys.openpgp.org

If the key is uploaded to keys.openpgp.org, users can retrieve it by fingerprint:
Receive by fingerprint:
gpg --keyserver hkps://keys.openpgp.org --recv-keys 59A67140C80E1E75C40536F5BDA3E386B8085C04
Receive by email (works after the email address has been verified on keys.openpgp.org):
Locate by email:
gpg --auto-key-locate keyserver --locate-keys hello@qhash.foundation
Refresh keys periodically:
Refresh:
gpg --refresh-keys

Verify signatures

Detached signature (common for downloads/releases):
Verify a file + signature:
gpg --verify file.sig file
Clear-signed message (text):
Verify clearsigned text:
gpg --verify statement.txt.asc

What a “Good signature” means