Webkey Directory is a public service for discovery of OpenPGP-compatible keys
- Support parts of Web Key Directory (WKD)
- Support parts of HTTP Keyserver Protocol (HKP)
- Support parts of Verifying Keyserver (VKS)
The Web Key Directory is a standard for discovery of OpenPGP keys by email address, via the domain of its email provider. It is used to discover unknown keys in some email clients.
GET /.well-known/openpgpkey/<domain-part>/hu/<hashed-local-part>
Returns an ASCII Armored key matching the domain-part
and the hashed-local-part
.
The hashed-local-part
is hashed using the SHA-1 algorithm.
The resulting 160 bit digest is encoded using the Z-Base-32 method as described in [RFC6189], section 5.1.6.
The resulting string has a fixed length of 32 octets.
Webkey Directory implements a subset of the HTTP Keyserver protocol so that OpenPGP tools can discover keys
GET /pks/lookup?op=get&search=<query>
Returns an ASCII Armored key matching the query
. Query may be:
- An exact email address query of the form
localpart@example.org
. - A hexadecimal representation of a long KeyID (e.g.,
5A28D96A75CB054F
, optionally prefixed by0x
). - A hexadecimal representation of a Fingerprint (e.g.,
6FFAD46F1A77B1C37D3B4AFC5E088B143FDA2105
, optionally prefixed by0x
).
Webkey Directory implements a subset of the VKS.
Keys can be discovered by Fingerprint
, KeyID
, Email Address
GET /vks/v1/by-fingerprint/<fingerprint>
Retrieves the key with the given Fingerprint
.
The Fingerprint
may refer to the primary key and MUST NOT be prefixed with 0x
.
The returned key is ASCII Armored, and has a content-type of application/pgp-keys
.
GET /vks/v1/by-keyid/<keyid>
Retrieves the key with the given long KeyID
.
The KeyID
may refer to the primary key and MUST NOT be prefixed with 0x
.
The returned key is ASCII Armored, and has a content-type of application/pgp-keys
.
GET /vks/v1/by-email/<uri-encoded-email-address>
Retrieves the key with the given Email Address
. Only exact matches are accepted.
Lookup by email address requires opt-in by the owner of the email address.
The returned key is ASCII Armored, and has a content-type of application/pgp-keys
.
- Web server with URL rewriting
- PHP 8.1 or newer
Don’t have Composer? It’s easy to install by following the instructions on their download page.
composer install --optimize-autoloader --no-dev --prefer-dist
Slim PSR-7
composer require slim/psr7
Nyholm PSR-7 and Nyholm PSR-7 Server
composer require nyholm/psr7 nyholm/psr7-server
Guzzle PSR-7
composer require guzzlehttp/psr7
Laminas Diactoros
composer require laminas/laminas-diactoros
Copy over env.
cp env .env
Environment variables:
Name | Description |
---|---|
APP_NAME | Application name |
APP_PATH | Application path |
APP_VERSION | Application version |
ERROR_DISPLAY_DETAILS | Whether or not to display the error details |
ERROR_LOG | Whether or not to log errors |
ERROR_LOG_DETAILS | Whether or not to log error details |
Disable error display in production. You should also ensure that your PHP installation is configured to not display errors with the php.ini setting:
display_errors = 0
This is an example Nginx virtual host configuration for the domain example.org. It listens for inbound HTTP connections on port 80. It assumes a PHP-FPM server is running on port 9123. You should update the server_name, error_log, access_log, and root directives with your own values. The root directive is the path to your application’s public document root directory.
upstream php-handler {
server 127.0.0.1:9123;
}
server {
listen 80;
server_name wkd.example.org;
index index.php;
error_log /path/to/example.error.log;
access_log /path/to/example.access.log;
root /path/to/public;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ \.php {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_index index.php;
fastcgi_pass php-handler;
}
}
For other Web Servers see Slim 4 Documentation
Webkey Directory allow to synchronize OpenPGP Keys from webkey directory service which provided by (Webkey Privacy)[https://github.com/web-of-trust/webkey-privacy]
This function using PSR-17: HTTP Factories, PSR-18: HTTP Client for requesting to webkey service. Make sure to install package(s) providing "http client implementation" & "http factory implementation". The recommended package is Guzzle which provide both PSR-17 & PSR-18.
composer require guzzlehttp/guzzle
Run bin/console webkey:sync
command with parameter --wks-url
to synchronize keys.
Example: To synchronize keys which is host at https://wkp.example.org
bin/console webkey:sync --wks-url=https://wkp.example.org/api/openpgp/directory
GNU Affero General Public License v3.0
For the full copyright and license information, please view the LICENSE
file that was distributed with this source code.