I got an email from purism asking to confirm my order details. I answered that email from email@example.com and my mailer decided to encrypt that email because a public key was available for that adress. Strange thing: i got an answer back telling “I am not able to decrypt your email” which confuses me. A company especially like purism isn’t able to decrypt an email encrypted using their own key?
The answer contained as well a public key and asked me to use that key. I cannot find that key neither on their webside nor on the usual key servers. how can i trust that?
Hello. It was me that replied to your email.
I am sorry, but there must have been an error because our email firstname.lastname@example.org does not have a GPG key. Anyone that wants to start an encrypted communication via email can ask for it to the support email and a key is sent to that person to star a GPG conversation with a purism employee.
Fingerprints for the GPG keys of all Purism employee’s can be found here: https://puri.sm/about/team/
And my keys can also be looked up here: http://keys.gnupg.net/pks/lookup?search=joao.azevedo%40puri.sm&fingerprint=on&op=index
The public key you used is for signing repos, not for email. (For some reason support email address was used for that.)
email@example.com is just an alias, if you need to send encrypted email contact support and ask for a public key of one of our staff. You can verify key fingerprints here: https://puri.sm/about/team/