Automatic WKD via

Vincent Breitmoser look at
Sun Feb 2 23:36:42 CET 2020

Hey folks,

I just added an experimental feature to, which enables fully
automated, managed WKD for any domain.

Usage is super simple: Just set the CNAME record of the "openpgpkey" subdomain
to "".  Once that is done, all keys that have verified
addresses on for that domain will be automatically available
via WKD.

The CNAME entry should look like this:

> $ drill
>	300	IN	CNAME

There is a checker script to see whether the CNAME record looks ok from's point of view:

> $ curl\?domain\
> CNAME lookup ok: resolves to

This feature isn't publicly documented yet, but I consider it stable enough for
public use. I'm still gathering feedback to see how it goes, and so far users
have been pretty positive about the feature. It works well for folks who want to
publish their keys on WKD, but don't want to go through the hassle of
maintaining the directory on their server. (like me, incidentally :)

 - V

More information about the Gnupg-devel mailing list