I got an email from purism asking to confirm my order details. I answered that email from support@puri.sm and my mailer decided to encrypt that email because a public key was available for that adress. Strange thing: i got an answer back telling “I am not able to decrypt your email” which confuses me. A company especially like purism isn’t able to decrypt an email encrypted using their own key?
The answer contained as well a public key and asked me to use that key. I cannot find that key neither on their webside nor on the usual key servers. how can i trust that?
I am sorry, but there must have been an error because our email support@puri.sm does not have a GPG key. Anyone that wants to start an encrypted communication via email can ask for it to the support email and a key is sent to that person to star a GPG conversation with a purism employee.
The public key you used is for signing repos, not for email. (For some reason support email address was used for that.) support@puri.sm is just an alias, if you need to send encrypted email contact support and ask for a public key of one of our staff. You can verify key fingerprints here: https://puri.sm/about/team/