From 94d40b6e72e8209e118521bd44ef478ba866cb40 Mon Sep 17 00:00:00 2001 From: Yarmo Mackenbach Date: Mon, 29 Jun 2020 21:14:25 +0200 Subject: [PATCH] Add guide --- pages/guides.html | 2 +- pages/guides/web-key-directory.content.html | 35 +++++++++++++++++++++ pages/guides/web-key-directory.title.html | 1 + 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 pages/guides/web-key-directory.content.html create mode 100644 pages/guides/web-key-directory.title.html diff --git a/pages/guides.html b/pages/guides.html index e72600d..aab2294 100644 --- a/pages/guides.html +++ b/pages/guides.html @@ -33,7 +33,7 @@

Beyond Keyoxide.org

How OpenPGP identity proofs work
- + Uploading keys using web key directory
Selfhosting Keyoxide
diff --git a/pages/guides/web-key-directory.content.html b/pages/guides/web-key-directory.content.html new file mode 100644 index 0000000..92c6003 --- /dev/null +++ b/pages/guides/web-key-directory.content.html @@ -0,0 +1,35 @@ +

Web key directory

+ +

Web key directory or WKD refers to the method of uploading one's public key to their website in a specific location to make it easily accessible by other services supporting WKD. The key will be discoverable using an identifier similar to an email address: username@domain.org.

+ +

The benefit of WKD is having full control over the key while still having it widely available. It does however require a domain and some form of file hosting. Luckily, openpgp.org have made a WKD-as-a-service. Read more at the end of the guide.

+ +

It exists in two variants: the Direct setup and the Advanced setup. Despite their names, both require roughly the same steps.

+ +

The Direct setup

+ +

To make your keys available via WKD using the Direct setup, you'll need two paths on your server:

+ +

https://domain.org/.well-known/openpgpkey/policy: this is an empty file

+

https://domain.org/.well-known/openpgpkey/hu/LOCALPART: this is the binary public key (so NOT ASCII armored)

+ +

The LOCALPART above is actually the username hashed using the SHA-1 algorithm and encoded using the Z-Base-32 method. As it's not humanly possible to compute this by ourselves, Keyoxide provides a small utility to do this for you.

+ +

So if you wish to make your key available as jimothy@dm.com, according to the small utility, the URL would become:

+https://dm.com/.well-known/openpgpkey/hu/n9utc41qty791upt63rm5xtiudabmw6m + +

The Advanced setup

+ +

While not necessary if the Direct setup works, there is a second setup to make WKD work: the Advanced setup. The paths needed are:

+ +

https://openpgpkey.domain.org/.well-known/openpgpkey/policy: this is an empty file

+

https://openpgpkey.domain.org/.well-known/openpgpkey/domain.org/hu/LOCALPART: this is the binary public key (so NOT ASCII armored)

+ +

Indeed, quite similar to the Direct setup, except for the openpgpkey subdomain and the additional domain.org in the path of the public key.

+ +

The public key for jimothy@dm.com would be available at:

+https://openpgpkey.dm.com/.well-known/openpgpkey/hu/dm.com/n9utc41qty791upt63rm5xtiudabmw6m + +

WKD-as-a-service

+ +

In case hosting is problem, Openpgp.org has a handy WKD-as-a-service.

diff --git a/pages/guides/web-key-directory.title.html b/pages/guides/web-key-directory.title.html new file mode 100644 index 0000000..4fb4a59 --- /dev/null +++ b/pages/guides/web-key-directory.title.html @@ -0,0 +1 @@ +Uploading keys using web key directory