Key Discovery Made Simple

Werner Koch wk at
Wed Aug 31 12:42:19 CEST 2016

On Tue, 30 Aug 2016 21:02, kloecker at said:

> The web key discovery _is_ aimed at regular users. Werner's message suggest 
> that KMail's development version does already support this new key discovery 

Actually this has been introduced with GnuPG 2.1.13 and you can make use
of it by adding this option

auto-key-locate local,wkd,dane

to gpg.conf.  This looks up missing keys using WKD and if it can't be
found using the OpenPGP DANE method.  Thus it works for all clients
which invoke gpg with the mail address as recipient.  However, most
mailers first get a list of keys and then figure the keys out by
themselves and pass the fingerprint.  This is what needs to be changed.
We will soon add appropriate support for this to GPGME.

> protocol which makes key discovery for users of KMail much easier. Moreover, 
> apparently, KMail also supports publishing the user's key this way. I'm sure 
> enigmail will soon also support WKS. Devil's advocate: "Regular users don't 

Right, Andre implemented this but I am not 100% sure whether he already
pushed that.

> use Thunderbird+Enigmail, let alone KMail. Regular users either use webmail or 
> a corporate email client like Outlook. WKS is of no use for them."

We will add this to GpgOL of course.  So users could in theory make use
of it.

> Of course, setting up WKS for a domain is non-trivial and nothing regular 
> users will do. But, hopefully, some email providers of those regular users 
> will do it. I'm pretty sure that sane email providers like, etc. 

I noticed that (but only .de) supports WKD in addition to DANE.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
 /* Join us at OpenPGP.conf  <> */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: </pipermail/attachments/20160831/5a14cc82/attachment-0001.sig>

More information about the Gnupg-users mailing list