How to get a public key registered with a key server

Prerequisites

You need a personal or company GPG key. If you don't have one, this explains how to generate a GPG key.

Export your public key

gpg --export --armor john@example.com > john_doe.pub

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGiBEm7B54RBADhXaYmvUdBoyt5wAi......=vEm7B54RBADh9dmP
-----END PGP PUBLIC KEY BLOCK-----

About the arguments:

--export Export the public key information of the key belonging to john@example.com
--armor Create a base64 encoded ascii string rather than using a binary format
john@example.com The key id to export
> john_doe.pub Save the output into this file

Php Version 5640 Vulnerabilities Verified ^new^ Jun 2026

One of the most critical verified vectors in PHP 5.6.40 involves the misuse of the unserialize() function.

Replace removed extensions with modern alternatives (e.g., migrating to mysqli or PDO ).

PHP is one of the most widely used programming languages on the web, powering over 80% of websites, including popular platforms like WordPress, Facebook, and Wikipedia. However, its popularity also makes it a prime target for hackers and cyber attackers. Recently, a new version of PHP, version 5.6.40, was released, which has been verified to fix several vulnerabilities. In this article, we will take a closer look at these vulnerabilities, their impact, and what you need to do to protect your website. php version 5640 vulnerabilities verified

To protect your website from PHP vulnerabilities, follow these best practices:

// DANGEROUS $user_object = unserialize($_COOKIE['user_data']); One of the most critical verified vectors in PHP 5

If you want, I can:

Although 5.6.40 addressed several older vulnerabilities, it is plagued by numerous unpatched flaws discovered after its release. Because the PHP group stopped patching this branch, these issues are permanent. Key Vulnerability Types and CVEs However, its popularity also makes it a prime

If an immediate upgrade is impossible due to legacy code dependencies, you must protect the application:

While many RCEs were patched in 5.6.40, the version is frequently targeted by exploits like (specifically when paired with NGINX and php-fpm), which allows unauthenticated remote attackers to execute arbitrary code on the server. Information Disclosure (PHAR Extension) :

Alternate way to submit your public key to the key servers using the CLI

gpg --keyid-format LONG --list-keys john@example.com
pub   rsa4096/ABCDEF0123456789 2018-01-01 [SCEA] [expires: 2021-01-01]
      ABCDEF0123456789ABCDEF0123456789
uid              [ ultimate ] John Doe <john@example.com>

This shows the 16-byte Key-ID right after the key-type and key-size. In this example it's the highlighted part of this line:

pub rsa4096/ABCDEF0123456789 2018-01-01 [SCEA] [expires: 2021-01-01]

The next step is to use this Key-ID to send it to the keyserver, in our case the MIT one.

gpg --keyserver keyserver.ubuntu.com --send-keys ABCDEF0123456789

Congratulations, you published your public key.

Please allow a couple of minutes for the servers to replicate that information before starting to use the key.

General notes on Security

A keyserver does not make any claims about authenticity. It merely provides an automated means to get a public key based on its ID. It's up to the user to decide whether the result is to be trusted, as in whether or not to import the public key to the local chain. Do not blindly import a key but at least verify its fingerprint. The phar.io fingerprint information can be found in the footer.
Instead of using a keyserver, public keys can of course also be imported directly. Linux distributions for example do that by providing their keys in release-packages or the base OS installation image. Phive will only contact a keyserver in case the key used for signing is not already known, a.k.a can not be found in the local chain.