We fetch any GPG public key from the keyservers using the GPG fingerprint (or parts of it). This step is still a problematic one for most of us. As the servers may not be responding, or the key is missing (not pushed) to the server. Also, if we only have the email address, there is no easy way to download the corresponding GPG key.
Web Key Directory to rescue
The Web Key Directory comes to the picture. We use WKD to enable others to get our GPG keys for email addresses very easily. In simple terms:
The Web Key Directory is the HTTPS directory from which keys can be fetched.
Let us first see this in action:
gpg --auto-key-locate clear,wkd --locate-key email@example.com
The above will fetch you the key for the email address, and you can also assume the person who owns the key also has access to the https://kushaldas.in server.
There are many available email clients, which will do this for you. For example Thunderbird/Enigmail 2.0 or Kmail version 5.6 onwards.
Setting up WKD for your domain
all: update install update: rm -rfv openpgpkey mkdir -v openpgpkey echo 'A85FF376759C994A8A1168D8D8219C8C43F6C5E1 firstname.lastname@example.org' | /usr/lib/gnupg/gpg-wks-client -v --install-key chmod -v 0711 openpgpkey/kushaldas.in chmod -v 0711 openpgpkey/kushaldas.in/hu chmod -v 0644 openpgpkey/kushaldas.in/hu/* touch openpgpkey/kushaldas.in/policy ln -s kushaldas.in/hu openpgpkey/ ln -s kushaldas.in/policy openpgpkey/ install: update rsync -Pravz --delete ./openpgpkey email@example.com:/usr/local/www/kushaldas.in/.well-known/ .PHONY: all update install
Makefile is using
gpg-wks-client executable and also pushing the
changes to the right directory on the server.
Email providers like
protonmail already allow users to publish similar
information. I hope this small
Makefile will help you to set up your domain.