Setup WKD Server

Requirements we need to get WKD working:

• your own webserver
• your own domain
• your own TLS certificate

Get the WKD Hash for your E-Mail alias:

gpg --with-wkd-hash --fingerprint oliver.graute@redbrain.me

WKD will ask the following URL to get your public key:

https://<your domain>/.well-known/openpgpkey/hu/<your WKD hash>

For my uid oliver.graute@redbrain.me this would look like this:

gpg --no-armor --export oliver.graute@redbrain.me > mruks69p7pexx7xkj83inxfcba7yrich

cd /home/pi/www/production/
mkdir -p .well-known/openpgpkey/hu/

Place a empty policy file in your openpgpkey directory to enable WKD:

touch /home/pi/www/.well-known/openpgpkey/policy

make lighttpd deliver the correct MIME type and HTTP headers:

$HTTP["url"] =~ "^/.well-known/openpgpkey/hu/" {
    mimetype.assign = ( "" => "application/octet-stream" )
    setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
}

Links:

• How to setup your own WKD Server
• Web Key Directory
• What is a Web Key Directory?
• Setting up WKD with lighttpd