CNAME aliases for and X.509 certificates [was: Re: WKD for GitHub pages]

Stefan Claas spam.trap.mailing.lists at
Sat Jan 16 12:52:08 CET 2021

On Sat, Jan 16, 2021 at 10:32 AM Juergen Bruckner via Gnupg-users
<gnupg-users at> wrote:
> Hello Group!

> BTW ... do any of you know a tutorial to set up WKD for 'Dummies'?

Hi Juergen,

me as a Windows DAU (Dümmster Anzunehmnder User) used the direct-method:

Create in your web server's root directory the following:

a folder named 'openpgpkey' put in that folder another folder named: 'hu'.

in the openpgpkey folder put a policy file, named 'policy' it can be empty.

in the hu folder put the binary blob of your pub key(s)

to create the proper pub key do the following:

gpg --list-keys --with-wkd-hash

it will show you your pub keys data with an additional hash

in order to export your pub key do the following:

gpg --export your_pubkey >hash_as_filename

put that binary blob of your pub key in your hu folder so that the
filename shows the hash,
without the @email part.

then use Wiktor's WKD checker to check your result.

If everything went well you can try to fetch your pub key with

gpg --locate-keys juergen at email.address

Hope this helps and please report back your results.

Best regards

More information about the Gnupg-users mailing list