Web Key Directory is a method of public key discovery through HTTPS. Web Key Service is a protocol to allow users to publish their public key to a WKD server.
Excision Mail comes with a setup of Web Key Directory (WKD) and GnuPG Web Key Service (WKS) which work out of the box for all providers and consumers, allowing publication of PGP keys on the mail hosting server, as opposed to centralized keyservers. One of the key advantages of PGP is to decentralize information to build a web of trust, hence hosting a WKD plays a vital part in ensuring a rich ecosystem. The WKD/WKS RFC details the technical specifications to host a WKD server. This documentaion only goes over the user side setup, showing how a user can publish their PGP key to the Excision Mail system.
To publish a key using WKS, a mail client is required. Many mail clients support the GnuPG-WKS protocol, such as KMail, mutt, neomutt, Claws Mail (through the enigmail plugin).
This configuration setup uses mutt-wizard a very handy setup to configure NeoMutt, which should work for most users. The OpenBSD package also supports WKD/WKS out of the box.
The general outline of the process:
Alt + g.
o(small-oh) to sync mail.
Alt + h.
o(small-oh) to sync mail.
$ mw -a email@example.com -S 587 Give your email server's IMAP address (excluding the port number): imap.bsd.ac Give your email server's SMTP address (excluding the port number): smtp.bsd.ac Enter password for firstname.lastname@example.org: Retype password for email@example.com: test-user (account #1) added successfully. $ mw -l 1 firstname.lastname@example.org $ gpg --quick-generate-key email@example.com About to create a key for: "firstname.lastname@example.org" Continue? (Y/n) We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ... ... ... $ neomutt <Alt + g> # begin a WKS publication request ... ... ... Enter email ID of user to publish: email@example.com Enter fingerprint of GPG key to publish: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx gpg-wks-client: submitting request to 'firstname.lastname@example.org' <o> # small-oh (sync mail) 1 Ns+ 21/10/31 06:58PM wks@bsd Confirm your key publication (2.4K) <Alt + h> # the confirmation request must be highlighted ... ... ... gpg-wks-client: wkd data found gpg-wks-client: draft version 2 requested <o> # small-oh (sync mail) 1 NP+ 21/10/31 07:02PM wks@bsd Your key has been published (1.5K) <q> # quit neomutt $ gpg -v --auto-key-locate=clear,wkd,nodefault --locate-key email@example.com ... ... ... gpg: automatically retrieved 'firstname.lastname@example.org' via WKD ... ... ...