Configuring Web Key Directory for GPG

Web Key Directory (WKD) is a proposal for a new way to discover other users keys, using HTTP and TLS. In short it looks up the UID on the users host. This works since all UIDs are email address, and all email addresses are built up of two parts, the username and host part.

When we need to look up a new key, we can just query the server, establish a secure connection using TLS, and ask it to provide the users public key. Boom! Now you don’t need to rely on flakey key servers that are abused by people for nefarious purposes, given their immutable nature.

Technical details

The documentation for WKD leaves much to be desired, and seems mostly focused on setting up more advanced systems for larger organizations to let users manage their WKD identity. For personal use it’s pretty straight forward to generate and publish.

Show me, show me!

If you’re too lazy, just export the UID hash directly, like so:

vegardx@yondu:~ $ gpg --list-keys --with-wkd-hash
pub   rsa4096/0xBBF808963354ED16 2019-08-06 [SC]
      Key fingerprint = 4770 5635 6BEF A6F0 FBE7  BB21 BBF8 0896 3354 ED16
uid                   [ultimate] Vegard Hansen <>
sub   rsa4096/0xCE7C14C99AB0CF0C 2019-08-06 [E]
sub   rsa4096/0xC2CADE62F7C2714B 2019-10-08 [A]

So when you’ve put the file in the correct place with the correct content you should be able to look yourself up, without using a key server, like so:

vegardx@bork:~ $ gpg --locate-keys
gpg: key BBF808963354ED16: public key "Vegard Hansen <>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no ultimately trusted keys found
pub   rsa4096 2019-08-06 [SC]
uid           [ unknown] Vegard Hansen <>
sub   rsa4096 2019-08-06 [E]
sub   rsa4096 2019-10-08 [A]

Published: 07 August, 2019