The OpenPGP Web Key Directory is a key discovery scheme that allows you to locate OpenPGP keys using an e-mail address.
OpenPGP defines User IDs (which include e-mail addresses) as UTF-8 strings. To simplify storing these in a file system, implementations first convert all uppercase ASCII characters in the local-part of the address to lowercase (non-ASCII characters remain unchanged). This normalized local-part is then hashed using SHA-1, and the resulting 160-bit digest is encoded with the Z-Base-32 method, producing a fixed-length 32-character string.
Two methods are defined to form the lookup URI:
openpgpkey sub-domain. The
URI is
built by
concatenating:
https://openpgpkey.<domain>/.well-known/openpgpkey/<domain>/hu/<32-character-hash>?l=<local-part>
Joe.Doe@Example.ORG:
https://openpgpkey.example.org/.well-known/openpgpkey/example.org/hu/iy9q119eutrkn8s1mk4r39qejnbu3n5q?l=Joe.Doe
https://<domain>/.well-known/openpgpkey/hu/<32-character-hash>?l=<local-part>
Joe.Doe@Example.ORG:
https://example.org/.well-known/openpgpkey/hu/iy9q119eutrkn8s1mk4r39qejnbu3n5q?l=Joe.Doe
According to the standard, implementations must first try the Advanced Method. Only if the required sub-domain does not exist should the Direct Method be used. Note that a non-responding server does not automatically trigger a fallback.
For testing purposes, you can use the following form to look up keys or generate the locations you need to store your binary formatted key:
There is also an API that returns the same results in JSON format, its endpoint is: /api/lookup?email=Joe.Doe@example.org
You can find the OpenAPI specification and Swagger UI at /api-docs/ui/