💾 Archived View for idiomdrottning.org › finding-gpg-keys captured on 2023-12-28 at 15:59:04. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-09-28)

-=-=-=-=-=-=-

Finding GPG keys

OK! This is gonna get pretty GPG specific, not that that’s the only or even the best way to use PGP, I just wanted to write this down so I remember it.

And if you’re looking for my own GPG key, it’s here.

I’m also on Autocrypt and WKD. And don’t worry if you can’t be arsed with this stuff and you just wanna send email normally, it’s automatically gonna be at least TLS.

So a few days ago on my tinylog I linked to a blogpost of someone talking about how to get keys from the Proton API for custom domains who don’t use WKD. But they actually also have a hkps server up, and so do Mailvelope. I was piping the export of the curl API call directly to GPG anyway and that doesn’t make any sense since it’s something GPG can do already.

Add this to .gnupg/gpg.conf first:

keyserver hkps://keys.openpgp.org
keyserver hkps://mail-api.proton.me
keyserver hkps://keys.mailvelope.com

I’m gonna add in more keyservers later, these are just some common ones among people I know.

And then to find their keys, just

gpg --auto-key-locate local,wkd,keyserver --locate-keys their@email-address

This searches WKD first like God intended and only uses hkps as a fallback.

It also checks local first so you’re not sending unnecessary requests, but when you do wanna refresh your old stale keys for them, instead do this:

gpg --auto-key-locate wkd,keyserver,nodefault --locate-external-keys their@email-address

Why it’s OK that PGP sucks

GPG WKD