openpgp4fpr URI scheme

This document describes IANA registered URI scheme used to identify OpenPGP version 4 public keys.

Syntax

openpgp4fpr:<fingerprint>

Where fingerprint is exactly 40 characters of lower and upper-case letters A, B, C, D, E, F and digits (0-9).

Formal definition using Augmented Backus-Naur Form:

openpgp4fpr-uri = "openpgp4fpr:" fingerprint
fingerprint     = 40*40HEXDIG

Example:

openpgp4fpr:653909A2F0E37C106F5FAF546C8857E0D8E8F074

The uppercase hexadecimal digits ‘A’ through ‘F’ are equivalent to the lowercase digits ‘a’ through ‘f’, respectively. If two URIs differ only in the case of hexadecimal digits used in the scheme specific part, they are equivalent.

Semantics

URIs in the openpgp4fpr scheme are used to identify OpenPGP key by the master key fingerprint.

Applications that use this scheme may lookup the key data with that fingerprint using implementation-defined methods (e.g. keyserver lookup using the HTTP Keyserver Protocol).

Encoding considerations

As fingerprint contains only characters in the unreserved set there is no need to encode the scheme specific part of the URI.

Interoperability considerations

Unknown, use with care.

Security considerations

Unknown, use with care.

History

• 2010: Monkeysphere project introduced the openpgp4fpr scheme for sharing OpenPGP key fingerprints.
• 2012: OpenKeychain adds support for scanning QR Codes with openpgp4fpr URIs as a way to exchange keys.
• 2015: WHATWG accepted openpgp4fpr as a whitelisted scheme.
• 2018: OpenKeychain adds support for scanning vCards with openpgp4fpr URIs set in the KEY field.
• 2018: openpgp4fpr added by IANA as a registered URI scheme.

Applications

Protocol handler in browsers

For supported browsers it is possible to install a handler that will lookup the key on the keyserver.

After adding the protocol this link will search the key by fingerprint: openpgp4fpr:653909A2F0E37C106F5FAF546C8857E0D8E8F074

QR-encoded URI

OpenKeychain can read openpgp4fpr URIs encoded as QR barcodes. When a URI like that is scanned the application will use the fingerprint and search for the key on defined keyservers.

It is advisable to use all uppercase in the URI so that the QR code can be efficiently encoded.

Example QR encoded fingerprint that can be scanned by OpenKeychain:

QR-encoded vCard

OpenKeychain also supports scanning fingerprints from QR-encoded vCards. The fingerprint is put as an openpgp4fpr URI inside KEY field of the vCard.

Example vCard:

BEGIN:VCARD
FN:Linus Torvalds
EMAIL:torvalds.at.kernel.org
KEY:OPENPGP4FPR:ABAF11C65A2970B130ABE3C479BE3E4300411886
END:VCARD

Encoded as a QR-code:

When this code is scanned by a regular scanner it will add a contact to the address book. Scanning this code with OpenKeychain’s built-in QR scanner will lookup the key by fingerprint on the default keyservers.

NFC

OpenKeychain also supports reading key fingerprints using openpgp4fpr scheme from regular NFC tags. When a tag is encountered that contains the openpgp4fpr URI OpenKeychain will be launched and will look for that key on the default keyservers.

References

1. http://monkeysphere.info/validation-agent/protocol/
2. http://permalink.gmane.org/gmane.comp.security.monkeysphere/592
3. https://github.com/effigies/openpgp4info