setting up gpg web key directory
so we know that were badly done. however, sharing gpg keys seems like a big hassle if we stop using keyservers.
but if you have your own web domain, then it becomes almost too easy, with gpg wkd.
web key directory protocol basically means, gpg looks at the email address of a given key id, and retrieves the key directly from the domain given in the email.
so setting up a web key directory require you have your own domain and an email address with that domain. tough luck to *@gmail.com users (unless you can hack into the gmail.com server root! ;) )
so anyway, here's how to do it:
get the WKD hash of your gpg key:
$ gpg --fingerprint --with-wkd-hash 0xDEADCODEBAADCODE
which outputs
pub rsa2048 2020-02-20 [SC]
A52A 51D0 8ECD D98D 0D72 559D DEAD CODE BAAD CODE
uid [ultimate] YOURNAME <main@YOURDOMAIN.tld>
rzufz5uv2a9bq7youre9cool1pal6yqh@YOURDOMAIN.tld
sub rsa2048 2020-02-20 [E]
the meaningless string upto @
at line 4 is your hash.
you have to export your public key into a file with that hash as its name:
$ gpg --output rzufz5uv2a9bq7youre9cool1pal6yqh --export -a 0xDEADCODEBAADCODE
great! now create a .well-known/openpgpkey/hu
folder in your web server's
public_htmli aka webroot. make sure indexing is disabled for this location in you web server.
then paste the exported publickey file as is into that hu
folder.
also, you have to create an empty file called policy
beside that hu
folder.
so these URLs should point to those two files:
https://YOURDOMAIN.tld/.well-known/openpgpkey/hu/rzufz5uv2a9bq7youre9cool1pal6yqh
https://YOURDOMAIN.tld/.well-known/openpgpkey/policy
and that's done!
now anyone can do:
$ gpg --locate-key mail@YOURDOMAIN.tld
and they're going to get your public key straight from the horse's mouth, so to say.
isn't this cool?