Web Key Directory

Werner Koch wk at gnupg.org
Fri May 6 10:22:48 CEST 2016 

Hi!

It has not been mentioned in the 2.1.12 announcement because it is still
an experimental feature, but you may want to check it out anyway:
    
    The Web Key Directory is an experimental feature to retrieve a key
    via https.  It is similar to OpenPGP DANE but also uses an
    encryption to reveal less information about a key lookup.
    
    For example the URI to lookup the key for Joe.Doe at Example.ORG is:
    
        https://example.org/.well-known/openpgpkey/
        hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q
    
    (line has been wrapped for rendering purposes).  The hash is a
    z-Base-32 encoded SHA-1 hash of the mail address' local-part.  The
    address wk at gnupg.org can be used for testing.

(The published Windows installer does not yet support this due to its
 lack of TLS support).

Here is an example:

  $ gpg --auto-key-locate clear,wkd,local --locate-key wk at gnupg.org
  gpg: key F2AD85AC1E42B367: "Werner Koch <wk at gnupg.org>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1
  gpg: automatically retrieved 'wk at gnupg.org' via WKD
  pub   dsa2048/F2AD85AC1E42B367 2007-12-31 [SC] [expires: 2018-12-31]
  uid                 [  full  ] Werner Koch <wk at gnupg.org>
  [...]

"clear" is used to override what I have in my gpg.conf, "wkd" is the new
method, and "local" (i.e. the pubring.kbx) would we used if a key could
not be found via wkd.  Because a hash of the local-part is used there is
also a new gpg option:

  $ gpg --with-wkd-hash -k F2AD85AC1E42B367
  pub   dsa2048/F2AD85AC1E42B367 2007-12-31 [SC] [expires: 2018-12-31]
  uid                 [  full  ] Werner Koch <wk at gnupg.org>
                      nq6t9teux7edsnwdksswydu4o9i5es3f at gnupg.org
  [...]

A draft specification can be found at 
https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-00.txt

   This specification describes a service to locate OpenPGP keys by mail
   address using a Web service and the HTTPS protocol.  It also provides
   a method for secure communication between the key owner and the mail
   provider to publish and revoke the public key.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list