We are pleased to announce the release of Hockeypuck 2.3.1.

Hockeypuck 2.3.1 is primarily a bugfix and maintenance release:

* Fix broken delete-keys helper script
* Bumped dependencies and refactored redundant code paths
* Improved PKS support
* Config parameter to increase the number of results returned from a search

There are no breaking changes between the 2.2 and 2.3 branches, and SKS sync is supported between 2.2 and 2.3 peers.

Release notes can be found at https://
github.com/hockeypuck/hockeypuck/releases/tag/2.3.1

Hockeypuck 2.3 development is kindly supported by @NGIZero Core

----

Hockeypuck is a modern synchronising #OpenPGP #keyserver that is optimised for ease of deployment, particularly in containerised environments via docker-compose.

https://hockeypuck.io/
https://github.com/hockeypuck/hockeypuck

Die Vorbereitung hat - quasi als Live-Test - geklappt. Meine "formale" Mailadresse sendet jetzt von allen Geräten mindestens mit #PGPSignatur und ist über #Keyserver und #WKD auffindbar.
Ab Neujahr geht's dann los mit meinem Versuch ... 🙂

🚨 Let's build YET ANOTHER #keyserver because the world surely needs one more! 🙄 With a sprinkle of magical transparency logs, we’ll save humanity from the potential apocalypse of malicious keys. It's sure to revolutionize the way nobody cares about keyservers! 🔑✨
https://words.filippo.io/keyserver-tlog/ #transparencylogs #cybersecurity #innovation #techhumor #open_source #HackerNews #ngated

Building a Transparent Keyserver

https://words.filippo.io/keyserver-tlog/

#HackerNews #Building #a #Transparent #Keyserver #Keyserver #Transparency #Security #OpenSource #Cryptography

New Blog: #Keyserver Updates and Roadmap, December 2025

...

About half of the public #Hockeypuck keyservers have been upgraded to the 2.3 branch (as of 2025-12-08), including the pgpkeys.eu servers. A small number remain on 2.1 for compatibility reasons, but the remaining issues preventing upgrade of these 2.1 servers will be addressed in an upcoming 2.3.x release.

...

While HKPv2 and RFC9580 support are the current priorities, further improvements are planned for delivery in 2026 and 2027. These include:

* Allowing #OpenPGP key owners to explicitly restrict the distribution of third-party signatures over their User IDs, to prevent signature flooding.
* Out of band email proofs of User ID validity, to mitigate spam and impersonation.
* A fully-featured management API to better handle deletion and blocklisting of incorrect or spammy keys.
* Native rate limiting and tor exit node abuse detection.
* Detection (and potential removal) of keys with known vulnerabilities or weaknesses.
* Improvements to the dump and restore process to allow a running server to be backed up without a restart.

https://blog.pgpkeys.eu/keyserver-roadmap-2025-12.html

#infosec #cryptography #pgp

We are pleased to announce the release of Hockeypuck 2.3.

Hockeypuck 2.3 is primarily a technical-debt release, but also adds features to ease the upgrade process in a production environment:

* Updates to the PostgreSQL table schemas
* Offline, in-place reload of all key material
* Online reindexing of table schemas
* PKS support

There are no breaking changes between the 2.2 and 2.3 branches, and SKS sync is supported between 2.2 and 2.3 peers.

Release notes can be found at https://github.com/hockeypuck/hockeypuck/releases/tag/2.3

Hockeypuck 2.3 development is kindly supported by @NGIZero Core

----

Hockeypuck is a modern synchronising #OpenPGP #keyserver that is optimised for ease of deployment, particularly in containerised environments via docker-compose.

https://hockeypuck.io
https://github.com/hockeypuck/hockeypuck

• a new config option in the #PGP plugins enable automatic online discovery of PGP keys (according to your existing gpg.conf auto-key-locate
• whenever you recieve a mail signed by a public key missing (or expired) in your #GPG keyring, you'll have a button to trigger an online search for the key (either through #WKD or the older #keyserver based approach).

News from the coalface!

The pgpkeys.eu test swarm is now running an alpha version of #hockeypuck 2.3, and is gradually reindexing itself to populate the new SQL table structure required for RFC9580 and PQC support.

The PostgreSQL storage layer has been extensively refactored and improved. It now supports background reindexing during normal operation, and in-place reloading of the database without dumping to disk. Previously, reindexing and reloading were only possible by dumping, deleting the database, and reloading the dump from scratch, which was an error-prone manual process - in v2.3 reloading will be a single command, and reindexing happens automagically. 🤩

Old-school PKS sync has also been implemented natively, to enable (less efficient, more robust) sync between different versions of Hockeypuck, or even with non-SKS keyservers such as Hagrid 😈.

These changes will make it much easier for #keyserver operators to upgrade to newer versions of hockeypuck, and increase the reliability of the synchronising keyserver network.

Watch this space for more news, particularly about the upcoming support for PQC algorithms in #openpgp!

(Hockeypuck 2.3 development is generously supported by @NGIZero)

#PGPainless Ecosystem Release Marathon

✅ PGPainless 2.0.0
✅ SOP-Java 14.0.1
✅ Cert-D-Java 0.2.3
✅ Cert-D-PGPainless 0.2.3
✅ WKD-Java 0.1.3
✅ VKS-Java 0.1.4

#OpenPGP #WebKeyDirectory #KeyServer

News from the coalface:

Upgrading the #Hockeypuck #openpgp #keyserver in-place has historically not been a smooth experience. In particular, the search indexes are only updated on write during normal operation, and the database schema is not updated at all. When major changes are made to the back end code, the dataset therefore has to be dumped and reloaded. This requires double the disk space and adds to the burden of maintaining a keyserver.

In preparation for #rfc9580 and #pqc keys, we have been working on in-place migrations for the search indexes and database schemas. The hockeypuck master branch now reindexes search terms transparently on startup, which will ensure consistent search results after any changes to the indexing policy. We are also testing a feature to reload the full dataset in-place after an upgrade, which must be run in offline mode due to concurrency limitations, but should otherwise be seamless and does not affect resource usage. Together these changes will reduce the maintenance burden for keyserver operators, and smooth the path for future upgrades.

In-place post-upgrade migrations, plus improved sync resilience, and hopefully a few additional improvements (watch this space!), will be available in the forthcoming 2.3 release, which is generously supported by @NGIZero Core.

Ah, yes, the Linux Kernel's #PGP Web of Trust—because nothing screams "cutting-edge technology" like a system built on the tattered remains of #keyserver networks 🤦‍♂️. Who needs simplicity when you can have a Byzantine key repository maintained by a single guy named Konstantin? 🔐🔑
https://blog.kleine-koenig.org/ukl/the-linux-kernels-pgp-web-of-trust.html #LinuxKernel #WebOfTrust #Security #Technology #Humor #HackerNews #ngated

Hello world, this is the #OpenPGP #keyserver service at https://keys.openpgp.org!

This account provides a low-volume channel for updates about the service.

Hello world, this is the #OpenPGP #keyserver service at https://keys.openpgp.org!

This account provides a low-volume channel for updates about the service.

Hello world, this is the #OpenPGP #keyserver service at https://keys.openpgp.org tooting!

This account provides a low-volume channel for updates about the service.

Heutiger Aha-Moment: #PGP-Key-Verteilung über die eigene #Webseite, komplett ohne zentralisierte #Keyserver o.ä. - sehr schön! Gleich eingerichtet. ✅
Macht Ihr auch mit?

https://blog.mister-muffin.de/2025/03/31/til-openpgp-web-key-directory/

#GnuPG #GPG #PKI

Yo #infosec folks: I've *always* been on the fence about publishing my #pgp / #gpg / #gnupg public key, because I don't want spam from bots trawling the public #keyserver. Those of you who've posted your keys, would you say you get more spam or no difference?

Ahora si vemos como subir las Claves GPG para poder compartirla

https://youtu.be/zjVAF9pjMoA

#upload #keyserver #gpg #keys #public #segurada

We are pleased to announce the release of Hockeypuck 2.2.

Hockeypuck is a modern synchronising keyserver that is optimised for ease of deployment, particularly in containerised environments via docker-compose.

Hockeypuck 2.2 is a significant upgrade that includes the following changes:

# Features

• Fully stable sync
• Improved multithreading safety
• Deletion of personal data from hard-revoked keys
• Admin deletion of keys via signed submissions
• Detached revocation certificate support

# Bugfixes

• Missing direct key signature validation
• Missing subkeys with v3 sbinds
• Missing CORS headers
• HTTPS binding errors
• Many cosmetic improvements

# Deprecations

• SKS-keyserver recon compatibility
• UAT image packets
• User deletion and replacement of keys via `/pks/delete` and `/pks/replace` endpoints

More information: https://github.com/hockeypuck/hockeypuck/wiki

#gpg #gnupg #hockeypuck #openpgp #pgp #keyserver #sks

Anyone familiar with writing database queries and want to help #mailvelope #openpgp #keyserver work with #ferretdb instead of non-free #mongodb ?

https://github.com/mailvelope/keyserver/issues/142#issuecomment-2117988302

Background: mailvelope keyserver is the only openpgp keyserver software I found that supports key removals and GDPR-compliant/abuse resistant (the commonly used keys.openpgp.org software hagrid is not supported for outside deployments).

All older key server software don't do email verification and cannot remove keys.

Latest #openpgp #keyserver update: key-server.org is back in good sync with the rest of the network. This brings the total of well-oiled synchronising keyservers up to 21.