Web Key Directory

Werner Koch wk at gnupg.org
Fri May 6 10:22:48 CEST 2016


It has not been mentioned in the 2.1.12 announcement because it is still
an experimental feature, but you may want to check it out anyway:
    The Web Key Directory is an experimental feature to retrieve a key
    via https.  It is similar to OpenPGP DANE but also uses an
    encryption to reveal less information about a key lookup.
    For example the URI to lookup the key for Joe.Doe at Example.ORG is:
    (line has been wrapped for rendering purposes).  The hash is a
    z-Base-32 encoded SHA-1 hash of the mail address' local-part.  The
    address wk at gnupg.org can be used for testing.

(The published Windows installer does not yet support this due to its
 lack of TLS support).

Here is an example:

  $ gpg --auto-key-locate clear,wkd,local --locate-key wk at gnupg.org
  gpg: key F2AD85AC1E42B367: "Werner Koch <wk at gnupg.org>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1
  gpg: automatically retrieved 'wk at gnupg.org' via WKD
  pub   dsa2048/F2AD85AC1E42B367 2007-12-31 [SC] [expires: 2018-12-31]
  uid                 [  full  ] Werner Koch <wk at gnupg.org>

"clear" is used to override what I have in my gpg.conf, "wkd" is the new
method, and "local" (i.e. the pubring.kbx) would we used if a key could
not be found via wkd.  Because a hash of the local-part is used there is
also a new gpg option:

  $ gpg --with-wkd-hash -k F2AD85AC1E42B367
  pub   dsa2048/F2AD85AC1E42B367 2007-12-31 [SC] [expires: 2018-12-31]
  uid                 [  full  ] Werner Koch <wk at gnupg.org>
                      nq6t9teux7edsnwdksswydu4o9i5es3f at gnupg.org

A draft specification can be found at 

   This specification describes a service to locate OpenPGP keys by mail
   address using a Web service and the HTTPS protocol.  It also provides
   a method for secure communication between the key owner and the mail
   provider to publish and revoke the public key.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list