Hacker News new | comments | show | ask | jobs | submit login

GnuPG can use /.well-known/openpgpkey since 2.1.12, and it is used by default since 2.1.23, when you do --lookup-key.

E.g.,

  $ gpg --lookup-key foo@example.org
will include among the places searched /.well-known/openpgpkey/hu/<some-sort-of-hash-looking-thing>?l=foo at example.org It also looks at /.well-known/openpgpkey/policy.

Toss in "-auto-key-locate=clear,wkd,nodefault" to force it to look there for the key even if it already has a key for that email address.






<some-sort-of-hash-looking-thing> is ZBase32(SHA1(localPart)) and the standard is described here: https://wiki.gnupg.org/WKD

If one controls a domain, has HTTPS set up and uses PGP this is the easiest and most secure way to host a key (`gpg --list-keys --with-wkd $KEY` shows the hash value).

Enigmail, Mailpile, Mailvelope will automatically discover the key when composing an e-mail. ProtonMail is also working on integration of WKD with their web mail.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: