Orbifx's Logarion 🌙
Title:
Web key directory
Authors:
orbifx
Date:
Topics:
Software
Id:
014e361e-0544-4bf0-95bd-87b9c7e21b54

The idea of publishing my information on the key server raises concerns of information leak.

Instead, upload public keys to the "well known directory" (`.well-known/openpgpkey/hu`). Each key is a file, named using a hash of the user-name part of the email. Find out how to name the file by running:

gpg --with-wkd-hash --fingerprint foo@example.com

Where `foo@example.com` should be your email. The command outputs several lines, one of which will contain your id:

sc8wrug2g3mz8m8jz4tjrlgweilkgcba@example.com

Copy the part before the `@` and export your key with:

gpg --no-armor --export foo@example.com > sc8wrug2g3mz8m8jz4tjrlgweilkgcba

Then upload to your `.well-known/openpgpkey/hu` directory. Finally there must a `.well-known/openpgpkey/policy` for various flags <https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-07#section-4.5>.

This is actually a simpler form of trusting keys, as they have to match the domain they have come from. With public key servers, keys have to be signed by people you already trust to verify them (web of trust).

Web Key Directory: <https://wiki.gnupg.org/WKD#Hosting%20a%20Web%20Key%20Directory>