Gpg isn't that easy

I got an email from purism asking to confirm my order details. I answered that email from and my mailer decided to encrypt that email because a public key was available for that adress. Strange thing: i got an answer back telling “I am not able to decrypt your email” which confuses me. A company especially like purism isn’t able to decrypt an email encrypted using their own key?

The answer contained as well a public key and asked me to use that key. I cannot find that key neither on their webside nor on the usual key servers. how can i trust that?

Hello. It was me that replied to your email.

I am sorry, but there must have been an error because our email does not have a GPG key. Anyone that wants to start an encrypted communication via email can ask for it to the support email and a key is sent to that person to star a GPG conversation with a purism employee.

Fingerprints for the GPG keys of all Purism employee’s can be found here:

And my keys can also be looked up here:


The public key you used is for signing repos, not for email. (For some reason support email address was used for that.) is just an alias, if you need to send encrypted email contact support and ask for a public key of one of our staff. You can verify key fingerprints here:

1 Like