OpenPGP · WKD

Web Key Directory for psy-q.ch

Automatic PGP key discovery via HTTPS

What is this?

This site hosts a Web Key Directory (WKD), a standardised mechanism for discovering OpenPGP public keys over HTTPS. Mail clients and key-management tools that support WKD can automatically fetch the PGP key for any @psy-q.ch address without relying on third-party key servers.

How it works

When a WKD-compatible client wants to encrypt a message to user@psy-q.ch, it performs an HTTPS lookup:

GET https://openpgpkey.psy-q.ch/.well-known/openpgpkey/hu/zangled?l=user
; where "zangled" is the Z-base-32 encoded SHA-1 of the local-part

No keyserver registration required
Keys are served directly from the domain's own infrastructure
HTTPS ensures authenticity and transport security
Users get the key the domain operator intends to publish

Specification

This directory follows draft-koch-openpgp-webkey-service, the IETF Internet-Draft defining the Web Key Directory and Web Key Service protocols. Both the direct and advanced WKD methods are supported.

Fetching a key manually

You can retrieve a key with GnuPG directly:

$ gpg --locate-key user@psy-q.ch
; or explicitly via WKD:
$ gpg --auto-key-locate clear,wkd --locate-key user@psy-q.ch