On this page, we collect information on how to usekeys.openpgp.org with different OpenPGP software products.
We are still in the process of adding more. If you are missing some, please write to us and we'll try to add it.

Web Interface

The web interface onkeys.openpgp.org allows you to:

• Search for keys manually, by fingerprint or email address.
• Upload keys manually, and verify them after upload.
• Manage your keys, and remove published identities.

Enigmail

Enigmail for Thunderbird useskeys.openpgp.org by default since version 2.0.12.

Full support is available since Enigmail 2.1 (forThunderbird 68 or newer):

• Keys will be kept up to date automatically.
• During key creation, you can upload and verify your key.
• Keys can be discovered by email address.

GPG Suite

GPG Suite for macOS useskeys.openpgp.org by default since August 2019.

OpenKeychain

OpenKeychain for Android useskeys.openpgp.org by default since July 2019.

• Keys will be kept up to date automatically.
• Keys can be discovered by email address.

Note that there is no built-in support for upload and email address verification so far.

Pignus

Pignus for iOS useskeys.openpgp.org by default since November 2019.

• Your keys can be uploaded at any time.
• Keys can be discovered by email address.

GnuPG

To configureGnuPG to usekeys.openpgp.org as keyserver, add this line to yourgpg.conf file:

keyserver hkps://keys.openpgp.org

Retrieving keys

• To locate the key of a user, by email address:

  gpg --auto-key-locate keyserver --locate-keys user@example.net

• To refresh all your keys (e.g. new revocation certificates and subkeys):

  gpg --refresh-keys

Uploading your key

Keys can be uploaded with GnuPG's--send-keys command, but identity information can't be verified that way to make the key searchable by email address (what does this mean?).

• You can try this shortcut for uploading your key, which outputs a direct link to the verification page:

  gpg --export your_address@example.net | curl -T - https://keys.openpgp.org

• Alternatively, you can export them to a file and select that file in theupload page:

  gpg --export your_address@example.net > my_key.pub

Troubleshooting

• Some old~/gnupg/dirmngr.conf files contain a line like this:

  hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem

  This configuration is no longer necessary, but prevents regular certificates from working. It is recommended to simply remove this line from the configuration.

• While refreshing keys, you may see errors like the following:

  gpg: key A2604867523C7ED8: no user ID

  This is aknown problem in GnuPG. We are working with the GnuPG team to resolve this issue.

Usage via Tor

For users who want to be extra careful,keys.openpgp.org can be reached anonymously as anonion service. If you haveTor installed, use the following configuration:

keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion

WKD as a Service

The Web Key Directory (WKD) is a standard for discovery of OpenPGP keys by email address, via the domain of its email provider. It is used to discover unknown keys in some email clients, such asGpgOL.

keys.openpgp.org can be used as a managed WKD service for any domain. To do so, the domain simply needs aCNAME record that delegates itsopenpgpkey subdomain towkd.keys.openpgp.org. It should be possible to do this in the web interface of any DNS hoster.

Once enabled for a domain, its verified addresses will automatically be available for lookup via WKD.

TheCNAME record should look like this:

$ drill openpgpkey.example.org
...
openpgpkey.example.org. 300 IN CNAME wkd.keys.openpgp.org.

There is a simple status checker for testing the service:

$ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'
CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org

For testing key retrieval:

$ gpg --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org

API

We offer an API for integrated support in OpenPGP applications. Check out ourAPI documentation.

Others

Missing a guide for your favorite implementation? This site is a work-in-progress, and we are looking to improve it. Drop us a line atsupport at keys dot openpgp dot org if you want to help out!