Automatic WKD via keys.openpgp.org
Vincent Breitmoser
look at my.amazin.horse
Sun Feb 2 23:36:42 CET 2020
Hey folks,
I just added an experimental feature to keys.openpgp.org, which enables fully
automated, managed WKD for any domain.
Usage is super simple: Just set the CNAME record of the "openpgpkey" subdomain
to "wkd.keys.openpgp.org". Once that is done, all keys that have verified
addresses on keys.openpgp.org for that domain will be automatically available
via WKD.
The CNAME entry should look like this:
> $ drill openpgpkey.example.org
> openpgpkey.example.org. 300 IN CNAME wkd.keys.openpgp.org.
There is a checker script to see whether the CNAME record looks ok from
keys.openpgp.org's point of view:
> $ curl https://wkd.keys.openpgp.org/status/\?domain\=openpgpkey.example.org
> CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org
This feature isn't publicly documented yet, but I consider it stable enough for
public use. I'm still gathering feedback to see how it goes, and so far users
have been pretty positive about the feature. It works well for folks who want to
publish their keys on WKD, but don't want to go through the hassle of
maintaining the directory on their server. (like me, incidentally :)
- V
More information about the Gnupg-devel
mailing list