The state of OpenPGP key servers (or "server maintance is crucial"):

If you want to use OpenPGP and publish your public OpenPGP key, use

@infosechandbook Or even better, skip the middleman and just use wkd

@reto @infosechandbook WKD ist great, but has the issue that your domain admin and web admin have to deploy and maintain some infrastructure. For organisations (collectives, companies, families), this is greatly simplified by OpenPGP CA (

@reto @infosechandbook Using a key server circumvents the admin; you can publish your key without asking them for permission. Isn't that a core value of decentralization? Also having multiple repositories for keys is good. It means even if one repository withholds key updates, they can still be found elsewhere.

@nwalfield @infosechandbook >circumvents the admin... it doesn't, it just changes the admin you are asking.

@reto @infosechandbook "The admin" was me to to be the admins referenced in the previous tweet, not all admins.

@infosechandbook while seems nice, the centralization here is a bit weird.
Wouldn't something like the "Web key directory" be a much better approach to publish our public keys.


For WKD, you need a domain name and files on a server. So, this isn't likely a viable solution for a non-technical user who just wants to publish their OpenPGP key.

Besides, WKD is still a draft, not an official standard. Therefore, some mail clients may not support it, or the implementation differs:

There are also nice options to export a key:

gpg --export --export-options export-minimal --export-filter 'keep-uid=uid =~ xmpp:local@domain.tld' MY_FINGERPRINT > /tmp/test.gpg

@infosechandbook i can’t get to work in gpg/enig/seahorse. even after removing the conf line in dirmngr suggested in their troubleshooting section.

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community