Binautopsy Labs maintains a single PGP key for confidential vulnerability reports, sensitive scoping correspondence, and artefact-exchange coordination.
Key
security@binautopsy.com | |
| Key ID | 0x783E 8C5A |
| Fingerprint | 5421 993B 5145 A156 5263 22A0 783E 8C5A EAB8 0385 |
| Algorithm | EDDSA (Ed25519) signing + ECDH (Curve25519) encryption |
| Created | 2026-04-25 |
| Expires | 2028-04-25 (rotated annually before expiry) |
Download
The ASCII-armored public key is published at /.well-known/pgp-key.txt.
curl https://binautopsy.com/.well-known/pgp-key.txt | gpg --import
After importing, verify the fingerprint matches 5421 993B 5145 A156 5263 22A0 783E 8C5A EAB8 0385 before using the key. Do not trust the key if the fingerprint differs.
What to use it for
- Vulnerability disclosure (subject prefix
BA-DISCLOSURE) - Sensitive scoping correspondence before a secure portal link is issued
- Artefact exchange when the secure portal is not appropriate (e.g. very small payloads, advisory-only material)
What not to use it for
- Bulk artefact transfer — use the single-use secure portal link issued on confirmed scoping
- Routine commercial enquiries — use scope@binautopsy.com in the clear
Rotation policy
The key is rotated annually before expiry. Rotation is announced on the trust page with the new fingerprint and a statement signed with the previous key.