A little while ago, a friend on IRC asked me how I set up a PGP webkey
directory on my website. For those that don’t know, a webkey directory is a
method to find keys through
--locate-key command. This allows people
to find my key using this command:
This is a very user-friendly way for people to get your key, as compared to using long IDs.
This post will walk you through setting it up on your site, so you can make your key more easily accessible to other people.
Set up the infrastructure
For a webkey directory to work, you simply need to have your key available at a
certain path on your website. The base path for this is
The webkey protocol will check for a
policy file to exist, so you must create
this too. The file can be completely empty, and that’s exactly how I have it.
The key(s) will be placed in the
hu directory, so create this one too.
Adding your PGP key
The key itself is just a standard export of your key, without ASCII armouring.
However, the key does need to have its file name in a specific format.
Luckily, you can just show this format with
This will yield output that may look something like this:
What we’re interested in is the
uid line with the hash in the local-part of
the email address, which would be
For the filename, we only care about the local-part itself, meaning the export
of the key must be saved in a file called
Configuring your webserver
Lastly, your webserver may require some configuration to serve the files
correctly. For my blog, I’m using
which the configuration block I’m using is as follows.
It may be worthwhile to note that if you do any redirection on your domain,
such as adding
www. in front of it, the key lookup may fail. The error
message given by
gpg on WKD lookup failures is… poor to say the least, so
if anything goes wrong, try some verbose
curl commands and ensure that the
key is accessible at the right path in a single HTTP request.
That’s all there’s to it! Adding this to your site should be relatively straightforward, but it may be a huge convenience to anyone looking for your key. If you have any questions or feedback, feel free to reach out to me!