2025-10-06 00:23:08 +02:00 · 2025-04-05 16:54:53 +02:00
parent c412ee608e
commit 52b784aa22
2 changed files with 126 additions and 0 deletions
							
							
								
							
							
						
@@ -12,6 +12,7 @@ feed_filenames = ["atom.xml"]
[extra]
menu = [
  "about/_index.md",
  "about/usage.md",
  "about/faq.md",
  "about/privacy.md",
]
							
							
							
						
 
							
							
							
						
@@ -0,0 +1,125 @@
---
title: Usage
---
On this page, we collect information on how to use {{ brand() }} with different OpenPGP software products.
We are still in the process of adding more. If you are missing some, please write to us and we'll try to add it.
## Web Interface {#web}
The web interface on {{ brand() }} allows you to:
*   [Search](/) for keys manually, by fingerprint or email address.
*   [Upload](/upload) keys manually, and verify them after upload.
*   [Manage](/manage) your keys, and remove published identities.
## ![](/img/enigmail.svg) Enigmail {#enigmail}
[Enigmail](https://enigmail.net) for Thunderbird uses {{ brand() }} by default since version 2.0.12.
Full support is available since Enigmail 2.1 (for [Thunderbird 68](https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/) or newer):
*   Keys will be kept up to date automatically.
*   During key creation, you can upload and verify your key.
*   Keys can be discovered by email address.
## ![](/img/gpgtools.png) GPG Suite {#gpg-suite}
[GPG Suite](https://gpgtools.org/) for macOS uses {{ brand() }} by default since August 2019.
## ![](/img/openkeychain.svg) OpenKeychain {#openkeychain}
[OpenKeychain](https://www.openkeychain.org/) for Android uses {{ brand() }} by default since July 2019.
*   Keys will be kept up to date automatically.
*   Keys can be discovered by email address.
Note that there is no built-in support for upload and email address verification so far.
## ![](/img/pignus.png) Pignus {#pignus}
[Pignus](https://www.frobese.de/pignus/) for iOS uses {{ brand() }} by default since November 2019.
*   Your keys can be uploaded at any time.
*   Keys can be discovered by email address.
## ![](/img/gnupg.svg) GnuPG {#gnupg}
To configure [GnuPG](https://gnupg.org) to use {{ brand() }} as keyserver, add this line to your gpg.conf file:
> keyserver hkps://keys.openpgp.org
#### Retrieving keys {#gnupg-retrieve}
*   To locate the key of a user, by email address:
    > gpg --auto-key-locate keyserver --locate-keys user@example.net
*   To refresh all your keys (e.g. new revocation certificates and subkeys):
    > gpg --refresh-keys
#### Uploading your key {#gnupg-upload}
Keys can be uploaded with GnuPG's --send-keys command, but identity information can't be verified that way to make the key searchable by email address ([what does this mean?](@/about/_index.md)).
*   You can try this shortcut for uploading your key, which outputs a direct link to the verification page:
    > gpg --export your\_address@example.net | curl -T - http://localhost:8080
*   Alternatively, you can export them to a file and select that file in the [upload](/upload) page:
    > gpg --export your\_address@example.net > my\_key.pub
#### Troubleshooting {#gnupg-troubleshooting}
*   Some old \~/gnupg/dirmngr.conf files contain a line like this:
    > hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem
    This configuration is no longer necessary, but prevents regular certificates from working. It is recommended to simply remove this line from the configuration.
*   While refreshing keys, you may see errors like the following:
    > gpg: key A2604867523C7ED8: no user ID
    This is a [known problem in GnuPG](https://dev.gnupg.org/T4393). We are working with the GnuPG team to resolve this issue.
#### Usage via Tor {#gnupg-tor}
For users who want to be extra careful, {{ brand() }} can be reached anonymously as an [onion service](https://support.torproject.org/onionservices/#onionservices-2). If you have [Tor](https://www.torproject.org/) installed, use the following configuration:
> keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion
## WKD as a Service {#wkd-as-a-service}
The Web Key Directory (WKD) is a standard for discovery of OpenPGP keys by email address, via the domain of its email provider. It is used to discover unknown keys in some email clients, such as [GpgOL](https://www.gpg4win.de/about.html).
{{ brand() }} can be used as a managed WKD service for any domain. To do so, the domain simply needs a CNAME record that delegates its openpgpkey subdomain to wkd.keys.openpgp.org. It should be possible to do this in the web interface of any DNS hoster.
Once enabled for a domain, its verified addresses will automatically be available for lookup via WKD.
The CNAME record should look like this:
> $ drill openpgpkey.example.org
> ...
> openpgpkey.example.org. 300 IN CNAME wkd.keys.openpgp.org.
There is a simple status checker for testing the service:
> $ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'
> CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org
For testing key retrieval:
> $ gpg --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org
## API
We offer an API for integrated support in OpenPGP applications. Check out our [API documentation](/about/api).
## Others
Missing a guide for your favorite implementation? This site is a work-in-progress, and we are looking to improve it. Drop us a line at support at keys dot openpgp dot org if you want to help out!