WKD for GitHub pages

Stefan Claas spam.trap.mailing.lists at gmail.com
Mon Jan 11 16:36:47 CET 2021

On Sun, Jan 10, 2021 at 11:22 PM Ángel <angel at pgp.16bits.net> wrote:
> On 2021-01-10 at 18:47 +0100, Stefan Claas via Gnupg-users wrote:
> > Can you tell me/us in laymen terms how this works with gnupg.org?
> >
> > openpgpkey.gnupg.org has address
> > openpgpkey.gnupg.org has IPv6 address 2001:aa8:fff1:100::22
> >
> > Regards
> > Stefan
> Sure. Let's suppose you wanted to fetch Werner's key. You want the key
> for wk at gnupg.org Using --with-wkd-hash parameter, we can see that this
> would generate nq6t9teux7edsnwdksswydu4o9i5es3f at gnupg.org
> Then, the key of Werner lives at
> https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
> If openpgpkey.gnupg.org didn't exist, then it would use the direct schema, in which the key would be at
> https://gnupg.org/.well-known/openpgpkey/hu/nq6t9teux7edsnwdksswydu4o9i5es3f

Thanks, so I think the culprit could be that maybe the specs were
changed, when I
look at your links, including the gnupg.org domain as a folder, which
I never set-up
when doing this for my 300baud.de domain. I checked also older WKD tutorials
on the Internet and they do not mention a domain folder either.

I tried to include this domain folder, this morning, named sac001 but it did not
work either, whether with GnuPG or sequioa-pgp.

So my guess is that GnuPG gives this cert error because it does not support
wildcard subdomains, included in an SSL cert, like the GitHub one.

Not sure if Let's Encrypt issues such certs. If, I could set-up two droplets at
Digital Ocean, a bob.300baud.de one and an alice.300baud.de one and see
what happens.


More information about the Gnupg-users mailing list