Web Key Directory

Web Key Directory is a new key discovery scheme that allows discovering OpenPGP keys from e-mail addresses.

For example, when looking for a key for Joe.Doe@Example.ORG the key would be fetched from the following location:

https://example.org/.well-known/openpgpkey/hu/iy9q119eutrkn8s1mk4r39qejnbu3n5q

Checker

Check your deployment of Web Key Directory:

Privacy notice: the e-mail address that you provide is never stored and processed only during this check.

Applications

Following applications support discovering keys using Web Key Directory:

  • Enigmail (keys are automatically discovered when composing new e-mail),
  • GnuPG 2 (gpg --locate-key test-wkd@metacode.biz),
  • GpgOL (keys are automatically discovered when composing new e-mail),
  • KMail,
  • OpenKeychain (search by e-mail address, clicking on WKD links),
  • OpenPGP.js (openpgp.WKD).

Providers

Setting up

Adding key to Web Key Directory requires calculating encoded hash of the name and exporting binary key to that location.

For example, given e-mail address test-wkd@metacode.biz:

$ gpg --list-keys --with-wkd test-wkd@metacode.biz
pub   rsa2048/0x6BA55ED83ABAE1BB 2018-05-08 [SC] [expires: 2020-05-07]
      Key fingerprint = 74EC 8D3D A82A 79DA A25D  F10C 6BA5 5ED8 3ABA E1BB
uid                   [ultimate] Test WKD Key <test-wkd@metacode.biz>
                      4hg7tescnttreaouu4z1izeuuyibwww1@metacode.biz
sub   rsa2048/0x3B5E7761615E2207 2018-05-08 [E] [expires: 2020-05-07]

The hash is 4hg7tescnttreaouu4z1izeuuyibwww1.

Exporting the key (gpg --export test-wkd@metacode.biz) and putting it on:

https://metacode.biz/.well-known/openpgpkey/hu/4hg7tescnttreaouu4z1izeuuyibwww1

will make it available to all applications using Web Key Directory.

See also