Idiomdrottning’s homepage

Finding GPG keys

So a few days ago on Fedi I linked to a blogpost of someone talking about how to get keys from the Proton API for custom domains who don’t use WKD. But they actually also have a hkps server up, and so do Mailvelope. I was piping the export of the curl API call directly to GPG anyway and that doesn’t make any sense since it’s something GPG can do already.

Add this to .gnupg/gpg.conf first:

keyserver hkps://
keyserver hkps://
keyserver hkps://

I’m gonna add in more keyservers later, these are just some common ones among people I know.

And then to find their keys, just

gpg --auto-key-locate local,wkd,keyserver --locate-keys their@email-address

This searches WKD first like God intended and only uses hkps as a fallback.

It also checks local first so you’re not sending unnecessary requests, but when you do wanna refresh your old stale keys for them, instead do this:

gpg --auto-key-locate wkd,keyserver,nodefault --locate-external-keys their@email-address