#keyserver — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #keyserver, aggregated by home.social.
-
Exciting news from the coalface! The first beta of Hockeypuck 2.4 with PQC support is now live on https://test.pgpkeys.eu for public evaluation.
#OpenPGP is going post-quantum in 2026, and the #Hockeypuck #keyserver software is prepared to distribute post-quantum-safe OpenPGP certificates.
Hockeypuck 2.4-beta1 supports post-quantum-safe signing and encryption algorithms based on ML-DSA-65, ML-DSA-87, ML-KEM-768, and ML-KEM-1024, each used in hybrid mode with either curve25519 or curve448 ECC. These are the mandatory and recommended algorithms from the upcoming OpenPGP PQC spec [1].
In order to distribute the new primary (signing) keys safely, without adversely impacting older client software, they are only distributed over the HKPv2 API. Hockeypuck implements the `certs`, `index` and `prefixlog` endpoints as defined in the latest HKP draft spec [2]. These enable upload, download, and querying of PQC-enabled primary keys.
PQC encryption subkeys using ML-KEM-65 are also distributed over the legacy HKP interface if they are attached to a v4 primary key, because these are safely ignored by #GnuPG.
(GnuPG’s “kyber” algorithms are unfortunately not supported due to interoperability issues)
Hockeypuck 2.4 development has been kindly supported by @NGIZero Core.
[1] https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc
[2] https://datatracker.ietf.org/doc/html/draft-gallagher-openpgp-hkp -
We are pleased to announce the release of Hockeypuck 2.3.3.
This is a feature-preview release that partially implements https://github.com/hockeypuck/hockeypuck/wiki/HIP-013:-In%E2%80%90Band-Metadata-Sync-Using-Trust-Packets . It also fixes a bug due to stale entries in the PostgreSQL database.
Hockeypuck 2.3.3 adds support for the enumerableDomains configuration parameter. This is a list of domains for which the keyserver will return results when queried by UserID, even if the keys have been hard-revoked (https://hockeypuck.io/configuration.html#TOC_1.3). This mitigates a regression introduced in Hockeypuck 2.2, which meant that some organizational deployments did not reliably serve hard revocations.
There are no breaking changes between the 2.2 and 2.3 branches, and SKS sync is supported between 2.2 and 2.3 peers.
Release notes can be found at https://
github.com/hockeypuck/hockeypuck/releases/tag/2.3.3Hockeypuck 2.3 development is kindly supported by @NGIZero Core
----
Hockeypuck is a modern synchronising #OpenPGP #keyserver that is optimised for ease of deployment, particularly in containerised environments via docker-compose.
https://
hockeypuck.io/
https://
github.com/hockeypuck/hockeypuck -
#PGPainless Ecosystem Release Marathon
✅ PGPainless 2.0.0
✅ SOP-Java 14.0.1
✅ Cert-D-Java 0.2.3
✅ Cert-D-PGPainless 0.2.3
✅ WKD-Java 0.1.3
✅ VKS-Java 0.1.4 -
We are pleased to announce the release of Hockeypuck 2.2.
Hockeypuck is a modern synchronising keyserver that is optimised for ease of deployment, particularly in containerised environments via docker-compose.
Hockeypuck 2.2 is a significant upgrade that includes the following changes:
# Features
• Fully stable sync
• Improved multithreading safety
• Deletion of personal data from hard-revoked keys
• Admin deletion of keys via signed submissions
• Detached revocation certificate support# Bugfixes
• Missing direct key signature validation
• Missing subkeys with v3 sbinds
• Missing CORS headers
• HTTPS binding errors
• Many cosmetic improvements# Deprecations
• SKS-keyserver recon compatibility
• UAT image packets
• User deletion and replacement of keys via `/pks/delete` and `/pks/replace` endpointsMore information: https://github.com/hockeypuck/hockeypuck/wiki