PGP Security — Qhash Foundation

PGP fingerprint (primary)

59A6 7140 C80E 1E75 C405 36F5 BDA3 E386 B808 5C04

Fingerprint (no spaces): 59A67140C80E1E75C40536F5BDA3E386B8085C04

Public key

PGP page: https://qhashfoundation.github.io/pgp/

Raw key download (curl/wget): qhashfoundation_pub.asc

Import & verify fingerprint

Copy/paste:

curl -fsSL -o qhashfoundation_pub.asc "https://raw.githubusercontent.com/qhashfoundation/pgp/main/qhashfoundation_pub.asc"
gpg --import qhashfoundation_pub.asc
gpg --fingerprint 59A67140C80E1E75C40536F5BDA3E386B8085C04

Verify signatures

Detached signature (common for releases):

Command:

gpg --verify file.sig file

Clear-signed text:

Command:

gpg --verify statement.txt.asc

What a “Good signature” means

Integrity: the content has not changed since it was signed.

Key control: the signer controlled the private key corresponding to this public key.

Identity binding is up to the verifier: confidence comes from cross-checking this fingerprint with copies published via trusted sources (this page, the author’s website, GitHub org profile, official social accounts, etc.).

Qhash proof-of-existence (public blockchain anchoring): Qhash anchors the hash of a signed file on a public blockchain, creating a tamper-evident timestamp that may have legal/probative value as evidence of prior existence and authorship/priority.