Publish Your Public OpenPGP Key with Confidence.
There are two ways to implement Web Key Directory. We've tested both approaches, and as long as either method is correctly implemented, you're good to go!
This method retrieves the OpenPGP keys by directly querying a user's email domain, offering a quick and easy setup.
The direct method is not configured.
The direct method is configured correctly.
The direct method setup has issues.
Please review the errors below.
| Location | ||
|
The policy must be placed at:
...
|
||
| HTTP code | ||
|
The server must respond with
HTTP 200 (OK).
|
||
| Access-Control-Allow-Origin: * | ||
|
The
Access-Control-Allow-Origin: * header is needed to allow OpenPGP clients to fetch the policy from a different domain, bypassing CORS restrictions.
|
||
| Policy Syntax Valid | ||
|
...
|
||
| Location | ||
|
The location of the key:
...
|
||
| HTTP code | ||
|
The server must respond with
HTTP 200 (OK).
|
||
| Content-type | ||
|
The
Content-Type header defines the response's media type. For a WKD public key, it should be application/octet-stream.
|
||
| Access-Control-Allow-Origin: * | ||
|
The
Access-Control-Allow-Origin: * header is needed to allow OpenPGP clients to fetch keys from a different domain, bypassing CORS restrictions.
|
||
| Valid OpenPGP Key | ||
|
The
HTTP GET method MUST return a binary representation of a OpenPGP key.
|
||
| Not Expired | ||
|
The key must not be expired; otherwise, senders cannot encrypt emails.
|
||
| Not Revoked | ||
|
If the key is revoked, senders cannot encrypt emails.
|
||
| User ID | ||
|
The key must include a
User ID packet with email address ....The User IDs found in the key: ... |
||
| Sub-domain "openpgpkey" excluded from wildcard | ||
|
If a wildcard (
*.example.com) is set, exclude openpgpkey.example.com by adding an empty TXT record for it.
|
||
| Directory Index Disabled | ||
|
The
openpgpkey/hu directory must not be accessible. Ensure no index file is present and directory listing is disabled at: ...
|
||
| Server must support HEAD method | ||
|
The server must accept the
HTTP HEAD method to allow a client to check for the existence of a key.
|
||
This method allows fetching OpenPGP keys from a dedicated sub-domain (openpgpkey.example.com), offering more hosting flexibility.
The advanced method is not configured.
The advanced method is configured correctly.
The advanced method setup has issues.
Please review the errors below.
| Location | ||
|
The policy must be placed at:
...
|
||
| HTTP code | ||
|
The server must respond with
HTTP 200 (OK).
|
||
| Access-Control-Allow-Origin: * | ||
|
The
Access-Control-Allow-Origin: * header is needed to allow OpenPGP clients to fetch the policy from a different domain, bypassing CORS restrictions.
|
||
| Policy Syntax Valid | ||
|
...
|
||
| Location | ||
|
The location of the key:
...
|
||
| HTTP code | ||
|
The server must respond with
HTTP 200 (OK).
|
||
| Content-type | ||
|
The
Content-Type header defines the response's media type. For a WKD public key, it should be application/octet-stream.
|
||
| Access-Control-Allow-Origin: * | ||
|
The
Access-Control-Allow-Origin: * header is needed to allow OpenPGP clients to fetch keys from a different domain, bypassing CORS restrictions.
|
||
| Valid OpenPGP Key | ||
|
The
HTTP GET method MUST return a binary representation of a OpenPGP key.
|
||
| Not Expired | ||
|
The key must not be expired; otherwise, senders cannot encrypt emails.
|
||
| Not Revoked | ||
|
If the key is revoked, senders cannot encrypt emails.
|
||
| User ID | ||
|
The key must include a
User ID packet with email address ....The User IDs found in the key: ... |
||
| Directory Index Disabled | ||
|
The
openpgpkey/hu directory must not be accessible. Ensure no index file is present and directory listing is disabled at: ...
|
||
| Server must support HEAD method | ||
|
The server must accept the
HTTP HEAD method to allow a client to check for the existence of a key.
|
||