2025-10-05 16:12:44 +02:00 · 2025-09-28 23:58:59 +02:00
parent f272c7147e
commit de2ab333a5
74 changed files with 0 additions and 7516 deletions
							
							
								
							
							
						
@@ -6,7 +6,6 @@ build, test and lint:
        - apt install -qy build-essential pkg-config clang libclang-dev libssl-dev gettext zsh
        - rustup component add clippy
        - rustup component add rustfmt
        - ./make-translated-templates
        - cargo build
        - cargo clippy --tests --no-deps --workspace
        - cargo fmt --all -- --check
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -8,52 +8,3 @@ source_lang = en
file_filter = po/hagrid/<lang>.po
trans.zh-Hans = po/hagrid/zh_Hans.po
type = PO
[hagrid.about-about]
minimum_perc = 100
source_file = templates-untranslated/about/about.html.hbs
file_filter = templates-translated/<lang>/about/about.html.hbs
trans.zh-Hans = templates-translated/zh_Hans/about/about.html.hbs
source_lang = en
type = HTML
[hagrid.about-faq]
minimum_perc = 100
source_file = templates-untranslated/about/faq.html.hbs
file_filter = templates-translated/<lang>/about/faq.html.hbs
trans.zh-Hans = templates-translated/zh_Hans/about/faq.html.hbs
source_lang = en
type = HTML
[hagrid.about-news]
minimum_perc = 100
source_file = templates-untranslated/about/news.html.hbs
file_filter = templates-translated/<lang>/about/news.html.hbs
trans.zh-Hans = templates-translated/zh_Hans/about/news.html.hbs
source_lang = en
type = HTML
[hagrid.about-privacy]
minimum_perc = 100
source_file = templates-untranslated/about/privacy.html.hbs
file_filter = templates-translated/<lang>/about/privacy.html.hbs
trans.zh-Hans = templates-translated/zh_Hans/about/privacy.html.hbs
source_lang = en
type = HTML
[hagrid.about-stats]
minimum_perc = 100
source_file = templates-untranslated/about/stats.html.hbs
file_filter = templates-translated/<lang>/about/stats.html.hbs
trans.zh-Hans = templates-translated/zh_Hans/about/stats.html.hbs
source_lang = en
type = HTML
[hagrid.about-usage]
minimum_perc = 100
source_file = templates-untranslated/about/usage.html.hbs
file_filter = templates-translated/<lang>/about/usage.html.hbs
trans.zh-Hans = templates-translated/zh_Hans/about/usage.html.hbs
source_lang = en
type = HTML
							
							
							
						
 
							
							
							
						
@@ -1,85 +0,0 @@
{{#> layout }}
<div class="about">
    <center><h2>About | <a href="/about/news">News</a> | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | <a href="/about/privacy">Privacy</a></h2></center>
    <p>
        The <span class="brand">keys.openpgp.org</span> server is a public service for the
        distribution and discovery of OpenPGP-compatible keys, commonly
        referred to as a "keyserver".
    </p>
    <p>
        <strong>For instructions, see our <a href="/about/usage">usage guide</a>.</strong>
    </p>
    <h3>How it works</h3>
    <p>
        An OpenPGP key contains two types of information:
    </p>
    <ul>
        <li><strong>Identity information</strong> describes the parts of
            a key that identify its owner, also known as "User IDs".
            A User ID typically includes a name and an email address.
        </li>
        <li><strong>Non-identity information</strong> is all the technical
            information about the key itself. This includes the large numbers
            used for verifying signatures and encrypting messages.
            It also includes metadata like date of creation, some expiration
            dates, and revocation status.
        </li>
    </ul>
    <p>
        Traditionally, these pieces of information have always been distributed
        together. On <span class="brand">keys.openpgp.org</span>, they are
        treated differently.  While anyone can upload all parts of any OpenPGP key
        to <span class="brand">keys.openpgp.org</span>, our keyserver
        will only retain and publish certain parts under certain
        conditions:
    </p>
    <p>
        Any <strong>non-identity information</strong> will be stored and freely
        redistributed, if it passes a cryptographic integrity check.
        Anyone can download these parts at any time as they contain only
        technical data that can't be used to directly identify a person.
        Good OpenPGP software can use <span class="brand">keys.openpgp.org</span>
        to keep this information up to date for any key that it knows about.
        This helps OpenPGP users maintain secure and reliable communication.
    </p>
    <p>
        The <strong>identity information</strong> in an OpenPGP key
        is only distributed with consent.
        It contains personal data, and is not strictly necessary for
        a key to be used for encryption or signature verification.
        Once the owner gives consent by verifying their email address,
        the key can be found via search by address.
    </p>
    <h3 id="community">Community and platform</h3>
    <p>
        This service is run as a community effort.
        You can talk to us in
        #hagrid on OFTC IRC,
        also reachable as #hagrid:stratum0.org on Matrix.
        Of course you can also reach us via email,
        at <tt>support at keys dot openpgp dot org</tt>.
        The folks who are running this come
        from various projects in the OpenPGP ecosystem,
        including Sequoia-PGP, OpenKeychain, and Enigmail.
    </p>
    <p>
        Technically,
        <span class="brand">keys.openpgp.org</span> runs on the <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a> keyserver software,
        which is based on <a href="https://sequoia-pgp.org">Sequoia-PGP</a>.
        We are running on <a href="https://eclips.is" target="_blank">eclips.is</a>,
        a hosting platform focused on Internet Freedom projects,
        which is managed by <a href="https://greenhost.net/" target="_blank">Greenhost</a>.
    </p>
</div>
{{/layout}}
							
							
							
						
@@ -1,284 +0,0 @@
{{#> layout }}
<div class="about">
    <center><h2><a href="/about">About</a> | <a href="/about/news">News</a> | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | <a href="/about/privacy">Privacy</a></h2></center>
  <p>
    Hagrid implements both the legacy HKP interface, as well as our
    native interface, VKS.
  </p>
  <h2>Verifying Keyserver (VKS) Interface</h2>
  <p>Hagrid has its own URL scheme to fetch, submit, and verify keys.</p>
  <ul>
    <li>
      <tt>GET /vks/v1/by-fingerprint/&lt;FINGERPRINT&gt;</tt>
      <p>
        Retrieves the key with the given <tt>Fingerprint</tt>.
        The <tt>Fingerprint</tt> may refer to the primary key, or any subkey.
        Hexadecimal digits MUST be uppercase,
        and MUST NOT be prefixed with <code>0x</code>.
        The returned key is ASCII Armored, and has a content-type of <code>application/pgp-keys</code>.
      </p>
    </li>
    <li>
      <tt>GET /vks/v1/by-keyid/&lt;KEY-ID&gt;</tt>
      <p>
        Retrieves the key with the given long <tt>KeyID</tt>.
        The <tt>KeyID</tt> may refer to the primary key, or any subkey.
        Hexadecimal digits MUST be uppercase,
        and MUST NOT be prefixed with <code>0x</code>.
        The returned key is ASCII Armored, and has a content-type of <code>application/pgp-keys</code>.
      </p>
    </li>
    <li>
      <tt>GET /vks/v1/by-email/&lt;URI-ENCODED EMAIL-ADDRESS&gt;</tt>
      <p>
        Retrieves the key with the given <tt>Email Address</tt>.
        Only exact matches are accepted.
        Lookup by email address requires opt-in by the owner of the email address.
        The returned key is ASCII Armored, and has a content-type of <code>application/pgp-keys</code>.
      </p>
    </li>
    <li>
      <tt>POST /vks/v1/upload</tt>
      <p>
        A single key may be submitted using a POST request to <tt>/vks/v1/upload</tt>.
        The body of the request must be <code>application/json</code>.
        The JSON data must contain a single field <code>keytext</code>,
        which must contain the keys to submit.
        The value of <code>keytext</code> can be formatted in standard OpenPGP ASCII Armor, or base64.
      </p>
      <p>
        The returned JSON data
        contains the fields <code>token</code>, <code>key_fpr</code>,
        and <code>status</code>.
        The <code>token</code> field contains an opaque value,
        which can be used to perform <tt>request-verify</tt> requests
        (see below).
        The <code>key_fpr</code> field contains the fingerprint of the uploaded primary key.
        The <code>status</code> token contains a map of email addresses
        contained in the key, with one of the values
        <code>unpublished</code>,
        <code>published</code>,
        <code>revoked</code>, or
        <code>pending</code>,
        indicating the status of this email address.
      </p>
      <div class="example">
        <div>
          Example request:
          <pre>
{
  "keytext": "&lt;ASCII ARMORED KEY&gt;"
}
          </pre>
        </div>
        <div>
          Example response:
          <pre>
{
  "key_fpr": "&lt;FINGERPRINT&gt;",
  "status": {
    "address@example.org": "unpublished"
  },
  "token": "..."
}
          </pre>
        </div>
      </div>
    </li>
    <li>
      <tt>POST /vks/v1/request-verify</tt>
      <p>
        A key that has been uploaded
        can be made discoverable by one or more of its email addresses
        by proving ownership of the address
        via a verification email.
        This endpoint requests verification
        for one or more email addresses.
      </p>
      <p>
        The body of the request must be <code>application/json</code>.
        The JSON data must include the opaque <code>token</code> value
        (obtained via <tt>/vks/v1/upload</tt>)
        and an <code>addresses</code> field,
        which is a list of email addresses (not full User IDs)
        to request verification mails for.
        It can optionally include a <code>locale</code> field,
        which is list of locales,
        ordered by preference,
        which to use for the verification email.
        The reply will be the same as for the <tt>/vks/v1/upload</tt> endpoint,
        with addresses marked as <code>pending</code> where a verification email
        has been sent.
      </p>
      <div class="example">
        <div>
          Example request:
          <pre>
{
  "token": "...",
  "addresses": [
    "address@example.org"
  ],
  "locale": [ "de_CH", "de_DE" ]
}
          </pre>
        </div>
        <div>
          Example response:
          <pre>
{
  "key_fpr": "&lt;FINGERPRINT&gt;",
  "status": {
    "address@example.org": "pending"
  },
  "token": "..."
}
          </pre>
        </div>
      </div>
    </li>
  </ul>
  <h3>Error handling</h3>
  <p>
    If a GET request fails for any reason,
    a suitable HTTP status code will be returned.
    The response will be a plaintext error message.
    If a key is not found,
    the HTTP status code will be <tt>404</tt>.
  </p>
  <p>
    If a POST request fails for any reason,
    a suitable HTTP status code will be returned.
    The response body will be
    a JSON object
    with a single <code>error</code> attribute.
    A POST request may fail
    with a HTTP 503 error
    at any time
    if the server is undergoing
    database maintenance.
    <strong>Clients should handle errors gracefully for POST requests.</strong>
  </p>
  <div class="example">
    <div>
      Example response:
      <pre>
{
  "error": "We are currently undergoing scheduled database maintenance!"
}
      </pre>
    </div>
  </div>
  <h3 id="rate-limiting"><a href="#rate-limiting">Rate Limiting</a></h3>
  <p>
    Requests to the <span class="brand">keys.openpgp.org</span> API are rate
    limited:
  </p>
  <ul>
    <li>
      Requests by fingerprint or key id are limited to five requests per second.
      Excessive requests will fail with <tt>error 429</tt>.
      There is a burst window of 1000.
    </li>
    <li>
      Requests by email address are limited to one request per minute.
      Excessive requests will fail with <tt>error 429</tt>.
      There is a burst window of 50.
    </li>
  </ul>
  <h2>HTTP Keyserver Protocol (HKP) Interface</h2>
  <p>
    Hagrid implements a subset of
    the <a href="https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00">HKP</a>
    protocol so that tools like GnuPG and OpenKeychain can use it
    without modification.
  </p>
  <ul>
    <li>
      <tt>GET /pks/lookup?op=get&amp;options=mr&amp;search=&lt;QUERY&gt;</tt>
      <p>Returns an ASCII Armored key matching the query.  Query may be:</p>
      <ul>
        <li>An exact email address query of the form <code>localpart@example.org</code>.</li>
        <li>
          A hexadecimal representation of a long <tt>KeyID</tt>
          (e.g., <code>069C0C348DD82C19</code>, optionally prefixed by <code>0x</code>).
          This may be a <tt>KeyID</tt> of either a primary key or a subkey.
        </li>
        <li>
          A hexadecimal representation of a <tt>Fingerprint</tt>
          (e.g., <code>8E8C33FA4626337976D97978069C0C348DD82C19</code>, optionally prefixed by <code>0x</code>).
          This may be a <tt>Fingerprint</tt> of either a primary key or a subkey.
        </li>
      </ul>
    </li>
    <li>
      <tt>GET /pks/lookup?op=index&amp;options=mr&amp;search=&lt;QUERY&gt;</tt>
      <p>
        Returns
        a <a href="https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-5.2">machine-readable
        list</a> of keys matching the query.  Query may have the forms
        detailed above.  Hagrid always returns either one or no keys at
        all.
      </p>
    </li>
    <li>
      <tt>POST /pks/add</tt>
      <p>
        Keys may be submitted using a POST request to <tt>/pks/add</tt>,
        the body of the request being
        a <code>application/x-www-form-urlencoded</code> query.
        <code>keytext</code> must be the keys to submit,
        which must be ASCII Armored.
        More than one key may be submitted in one request.
        For verification of email addresses,
        the <tt>/vks/v1/upload</tt> endpoint
        must be used instead.
      </p>
    </li>
  </ul>
  <a href="#rate-limiting">Rate limiting</a> applies as for the VKS interface
  above.
  <h4>Limitations</h4>
  <p>
    By design, Hagrid does not implement the full HKP protocol.  The specific
    limitations are:
  </p>
  <ul>
    <li>No support for <code>op=vindex</code>.</li>
    <li>Only exact matches by email address, fingerprint or long key id are returned.</li>
    <li>All requests return either one or no keys.</li>
    <li>The expiration date field in <code>op=index</code> is left blank (discussion <a target="_blank" href="https://gitlab.com/keys.openpgp.org/hagrid/issues/134">here</a>).</li>
    <li>All parameters and options other than <code>op</code> and <code>search</code> are ignored.</li>
    <li>Output is always machine readable (i.e. <code>options=mr</code> is always assumed).</li>
    <li>Uploads are restricted to 1 MiB.</li>
    <li>All packets that aren't public keys, user IDs or signatures are filtered out.</li>
  </ul>
</div>
{{/layout}}
							
							
							
						
@@ -1,276 +0,0 @@
{{#> layout }}
<div class="about">
    <center><h2><a href="/about">About</a> | <a href="/about/news">News</a> | <a href="/about/usage">Usage</a> | FAQ | <a href="/about/stats">Stats</a> | <a href="/about/privacy">Privacy</a></h2></center>
    <p>
        <strong>For instructions, see our <a href="/about/usage">usage guide</a>.</strong>
    </p>
    <h3 id="sks-pool"><a href="#sks-pool">Is this server part of the "SKS" pool?</a></h3>
    <p>
        No. The federation model of the SKS pool has various problems in terms
        of reliability, abuse-resistance, privacy, and usability. We might do
        something similar to it, but <span class="brand">keys.openpgp.org</span>
        will never be part of the SKS pool itself.
    </p>
    <h3 id="federation"><a href="#federation">Is keys.openpgp.org federated? Can I help by running an instance?</a></h3>
    <p>
        For the moment, no.
        We do plan to decentralize <span class="brand">keys.openpgp.org</span>
        at some point.
        With multiple servers
        run by independent operators,
        we can hopefully improve the reliability
        of this service even further.
    </p>
    <p>
        Several folks offered to help out
        by "running a Hagrid server instance".
        We very much appreciate the offer,
        but we will probably never have an "open" federation model like SKS,
        where everyone can run an instance and become part of a "pool".
        This is for two reasons:
    </p>
    <ol>
        <li>
            Federation with open participation requires all data to be public.
            This significantly impacts the privacy of our users, because it
            allows anyone to scrape a list of all email addresses.
        </li>
        <li>
            Servers run as a hobby by casual administrators do not meet our
            standards for reliability and performance.
        </li>
    </ol>
    <h3 id="non-email-uids"><a href="#non-email-uids">Why is there no support
            for identities that aren't email addresses?</a></h3>
    <p>
        We require explicit consent to distribute identity information.
        Identities that aren't email addresses, such as pictures or website
        URLs, offer no simple way for us to acquire this consent.
    </p>
    <p>
        Note: Some OpenPGP software creates keys with incorrectly formatted
        email addresses.  These addresses might not be recognized correctly on
        <span class="brand">keys.openpgp.org</span>.
    </p>
    <h3 id="verify-multiple"><a href="#verify-multiple">Can I verify more than
            one key for some email address?</a></h3>
    <p>
        An email address can only be associated with a single key.
        When an address is verified for a new key,
        it will no longer appear in any key
        for which it was previously verified.
        <a href="/about">Non-identity information</a> will still be distributed
        for all keys.
    </p>
    <p>
        This means a search by email address
        will only return a single key,
        not multiple candidates.
        This eliminates an impossible choice for the user
        ("Which key is the right one?"),
        and makes key discovery by email much more convenient.
    </p>
    <h3 id="email-protection"><a href="#email-protection">What do you do to
            protect outgoing verification emails?</a></h3>
    <p>
        We use a modern standard called
        <a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a>,
        combined with
        <a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a>
        by the EFF,
        to make sure verification emails are sent out securely.
        This protects against eavesdropping and interception during delivery.
    </p>
    <p>
        The MTA-STS mechanism only works if supported by the recipient's email
        provider. Otherwise, emails will be delivered as usual.
        You can <a href="https://www.hardenize.com/">run this test</a>
        to see if your email provider supports it.
        If the "MTA-STS" entry on the left isn't a green checkmark,
        please ask your provider to update their configuration.
    </p>
    <h3 id="third-party-signatures"><a href="#third-party-signatures">
            Do you distribute "third party signatures"?</a></h3>
    <p>
        Short answer: No.
    </p>
    <p>
        A "third party signature" is a signature on a key
        that was made by some other key.
        Most commonly,
        those are the signatures produced when "signing someone's key",
        which are the basis for
        the "<a href="https://en.wikipedia.org/wiki/Web_of_trust" target="_blank">Web of Trust</a>".
        For a number of reasons,
        those signatures are not currently distributed
        via <span class="brand">keys.openpgp.org</span>.
    </p>
    <p>
        The killer reason is <strong>spam</strong>.
        Third party signatures allow attaching arbitrary data to anyone's key,
        and nothing stops a malicious user from
        attaching so many megabytes of bloat to a key
        that it becomes practically unusable.
        Even worse,
        they could attach offensive or illegal content.
    </p>
    <p>
        There are ideas to resolve this issue.
        For example, signatures could be distributed with the signer,
        rather than the signee.
        Alternatively, we could require
        cross-signing by the signee before distribution
        to support a
        <a href="https://wiki.debian.org/caff" target="_blank">caff-style</a>
        workflow.
        If there is enough interest,
        we are open to working with other OpenPGP projects
        on a solution.
    </p>
    <h3 id="no-sign-verified"><a href="#no-sign-verified">Why not sign keys
            after verification?</a></h3>
    <p>
        The <span class="brand">keys.openpgp.org</span> service is meant for key
        distribution and discovery, not as a de facto certification authority.
        Client implementations that want to offer verified communication should
        rely on their own trust model.
    </p>
    <h3 id="revoked-uids"><a href="#revoked-uids">Why are revoked identities not
            distributed as such?</a></h3>
    <p>
        When an OpenPGP key marks one of its identities as revoked, this
        identity should no longer be considered valid for the key, and this
        information should ideally be distributed to all OpenPGP clients that
        already know about the newly revoked identity.
    </p>
    <p>
        Unfortunately, there is currently no good way to distribute revocations,
        that doesn't also reveal the revoked identity itself.  We don't want to
        distribute revoked identities, so we can't distribute the identity at
        all.
    </p>
    <p>
        There are proposed solutions to this issue, that allow the distribution
        of revocations without also revealing the identity itself.  But so far
        there is no final specification, or support in any OpenPGP software.  We
        hope that a solution will be established in the near future, and will
        add support on <span class="brand">keys.openpgp.org</span> as soon as
        we can.
    </p>
    <h3 id="search-substring"><a href="#search-substring">Why isn't it possible to search by part of an email address, like just the domain?</a></h3>
    <p>
        Some keyservers support search for keys by part of an email address.
        This allows discovery not only of keys, but also of addresses, with a query like "keys for addresses at gmail dot com".
        This effectively puts the addresses of all keys on those keyservers into a public listing.
    </p>
    <p>
        A search by email address on <span class="brand">keys.openpgp.org</span> returns a key only if it exactly matches the email address.
        That way, a normal user can discover the key associated with any address they already know, but they cannot discover any new email addresses.
        This prevents a malicious user or spammer from easily obtaining a list of all email addresses on the server.
    </p>
    <p>
        We made this restriction a part of our <a href="/about/privacy">privacy policy</a>,
        which means we can't change it without asking for user consent.
    </p>
    <h3 id="tor"><a href="#tor">Do you support Tor?</a></h3>
    <p>
        Of course!
        If you have Tor installed,
        you can reach <span class="brand">keys.openpgp.org</span> anonymously
        as an
        <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion service</a>:
        <br />
        <a href="http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion">zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</a>
    </p>
    <h3 id="encrypt-verification-emails"><a href="#encrypt-verification-emails">
            Why not encrypt verification emails?</a></h3>
    Various reasons:
    <ol>
        <li>It is more complicated, both for our users and for us.</li>
        <li>It doesn't prevent attacks - an attacker gains nothing from
            uploading a key they don't have access to.</li>
        <li>Deletion would still have to be possible even when a key is
            lost.</li>
        <li>It would require a different (and more complicated) mechanism to
            upload keys that can only sign.</li>
    </ol>
    <h3 id="older-gnupg"><a href="#older-gnupg">
      I have trouble updating some keys with GnuPG.  Is there a bug?
    </a></h3>
    <p>
      GnuPG considers keys that contain no identity information to be invalid, and refuses to import them.
      However, a key that has no <a href="/about">verified email addresses</a> may still contain useful information.
      In particular, it's still possible to check whether the key is revoked or not.
    </p>
    <p>
      In June 2019, the <span class="brand">keys.openpgp.org</span> team created a patch that allows GnuPG to process updates from keys without identity information.
      This patch was quickly included in several downstream distributions of GnuPG, including Debian, Fedora, NixOS, and GPG Suite for macOS.
    </p>
    <p>
      In March 2020 the GnuPG team rejected the patch, and updated the issue status to "Wontfix".
      This means that <strong>unpatched versions of GnuPG cannot receive updates from <span class="brand">keys.openpgp.org</span> for keys that don't have any verified email address</strong>.
      You can read about this decision in issue <a href="https://dev.gnupg.org/T4393#133689">T4393</a> on the GnuPG bug tracker.
    </p>
    <p>
      You can check if your version of GnuPG is affected with the following instructions.
    </p>
    <blockquote>
      <span style="font-size: larger;">Import test key:</span><br>
      <br>
      $ curl https://keys.openpgp.org/assets/uid-test.pub.asc | gpg --import<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" imported<br>
      gpg: Total number processed: 1<br>
      gpg:               imported: 1<br>
      <br>
    </blockquote>
    <blockquote>
      <span style="font-size: larger;">With patch, key will be updated if locally known:</span><br>
      <br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" not changed<br>
      gpg: Total number processed: 1<br>
      gpg:              unchanged: 1<br>
      <br>
    </blockquote>
    <blockquote>
      <span style="font-size: larger;">Without patch, a key without identity is always rejected:</span><br>
      <br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key EB85BB5FA33A75E15E944E63F231550C4F47E38E: no user ID<br>
    </blockquote>
</div>
{{/layout}}
							
							
							
						
@@ -1,410 +0,0 @@
{{#> layout }}
<div class="about">
    <center><h2><a href="/about">About</a> | News | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | <a href="/about/privacy">Privacy</a></h2></center>
    <h2 id="2023-04-28-governance">
      <div style="float: right; font-size: small; line-height: 2em;">2023-04-28 📅</div>
      <a style="color: black;" href="/about/news#2023-04-28-governance">keys.openpgp.org governance 📜</a>
    </h2>
    <p>
        It's been quite a while since the last update.
        Not a lot happened around <span class="brand">keys.openpgp.org</span> during this time, operationally. 😴
    <p>
        But no news is good news in this case:
        A few bugs were fixed, some software maintenance was perfomed to keep up with the ecosystem.
        There were no significant outages, we've had some steady growth of users, things are generally working as expected.
        Hurray!
    <p>
        There is, however, an important bit of news:
        <span class="brand">keys.openpgp.org</span> has a governance process now.
        In particular, there is now a written constitution for the service,
        which you can find <a href="https://gitlab.com/keys.openpgp.org/governance/-/blob/main/constitution.md">here</a>.
    <p>
        Most importantly, there is now a board, who were elected by a community of contributors to the OpenPGP ecosystem.
        This board currently consists of:
    <ul>
        <li>Daniel Huigens, from Proton</li>
        <li>Lukas Pitschl, from GPGTools</li>
        <li>Neal Walfield, from Sequoia-PGP</li>
        <li>Ola Bini</li>
        <li>Vincent Breitmoser</li>
    </ul>
    <p>
        The primary responsibility of the board is to make decisions on the future of <span class="brand">keys.openpgp.org</span>.
        Which features should go in, which not?
        We are having regular meetings at the moment, and progress is slow but steady.
        We'll be sure to let you know (via this news blog) when anything exciting happens!
    <p>
        You can find more info about governance in the <a href="https://gitlab.com/keys.openpgp.org/governance/">repository</a>.
        You can also reach the board via email at <tt>board</tt> <tt>at</tt> <tt>keys.openpgp.org</tt>.
    <p>
        That's all for now!
        <span style="font-size: x-large;">🙇</span>
    <hr style="margin-top: 2em; margin-bottom: 2em;" />
    <h2 id="2019-11-12-celebrating-100k">
      <div style="float: right; font-size: small; line-height: 2em;">2019-11-12 📅</div>
      <a style="color: black;" href="/about/news#2019-11-12-celebrating-100k">Celebrating 100.000 verified addresses! 📈</a>
    </h2>
    <p>
        Five months ago, we launched this service.
        And just today, we have reached a remarkable milestone:
    <center style="margin-top: 2em; margin-bottom: 2em;">
        <img src="/assets/img/stats-addresses-2019-11-12.png" style="padding: 1px; border: 1px solid gray;" /><br />
        <strong>One hundred thousand verified email addresses!</strong>
    </center>
    <p>
        Thanks to everyone using this service!
        And thanks especially to those who have provided us with feedback,
        translations, or even code contributions!
    <p>
        A few updates on things we've been working on:
    <ul>
        <li>
            This news page is now available as an <strong><a target="_blank" href="/atom.xml">atom feed <img src="/assets/img/atom.svg" style="height: 0.8em;" /></a></strong>.
        </li>
        <li>
            We have been working on
            a <strong><a target="_blank" href="https://gitlab.com/keys.openpgp.org/hagrid/issues/131">new mechanism to refresh keys</a></strong>
            that better protects the user's privacy.
        </li>
        <li>
            Work on <strong>localization</strong> is in full swing!
            we hope to have some languages ready for deployment soon.
        </li>
    </ul>
    <p>
        If you would like to see <span class="brand">keys.openpgp.org</span>
        translated into your native language,
        please <a target="_blank" href="https://www.transifex.com/otf/hagrid/">join the translation team</a>
        over on Transifex.
        We would appreciate help especially for <strong>Russian</strong>, <strong>Italian</strong>, <strong>Polish</strong> and <strong>Dutch</strong>.
    <p>
        That's all, keeping this one short!
        <span style="font-size: x-large;">👍️</span>
    <hr style="margin-top: 2em; margin-bottom: 2em;" />
    <h2 id="2019-09-12-three-months-later">
      <div style="float: right; font-size: small; line-height: 2em;">2019-09-12 📅</div>
      <a style="color: black;" href="/about/news#2019-09-12-three-months-later">Three months after launch ✨</a>
    </h2>
    <p>
        It has been three months now
        <a href="/about/news#2019-06-12-launch">since we launched</a>
        <span class="brand">keys.openpgp.org</span>.
        We are happy to report:
        It has been a resounding success!
        🥳
    <h4>Adoption in clients</h4>
    <p>
        The
        <span class="brand">keys.openpgp.org</span>
        keyserver has been received very well by users,
        and clients are adopting it rapidly.
        It is now used by default in
        <a href="https://gpgtools.org/" target="_blank">GPGTools</a>,
        <a href="https://enigmail.net/" target="_blank">Enigmail</a>,
        <a href="https://www.openkeychain.org/" target="_blank">OpenKeychain</a>,
        <a href="https://github.com/firstlookmedia/gpgsync" target="_blank">GPGSync</a>,
        Debian,
        NixOS,
        and others.
        Many tutorials have also been updated,
        pointing users our way.
    <p>
        At the time of writing,
        more than 70.000 email addresses
        have been verified.
    <center style="margin-top: 2em; margin-bottom: 2em;">
        <img src="/assets/img/stats-addresses-2019-09-12.png" style="padding: 1px; border: 1px solid gray;" /><br />
        <span style="font-size: smaller;">If that isn't a promising curve, I don't know what is :)</span>
    </center>
    <p>
        A special shout-out here goes to GPGTools for macOS.
        They implemented the update process so smoothly,
        the number of verified addresses completely exploded
        when they released their update.
    <h4>All's good in operations</h4>
    <p>
        There is not a lot to report operationally,
        and no news is good news in this case!
        Since launch,
        there was nearly zero downtime,
        only a single bug came up
        that briefly caused issues during upload,
        and support volume has been comfortably low.
    <p>
        Our traffic is currently
        at about ten requests per second
        (more during the day, less on the weekend),
        and we delivered roughly 100.000 emails
        in the last month.
        No sweat.
    <p>
        We made several small operational improvements
        including deployment of
        <a href="http://dnsviz.net/d/keys.openpgp.org/dnssec/" target="_blank">DNSSEC</a>,
        implementing some
        <a href="/about/api#rate-limiting" target="_blank">rate-limiting</a>,
        nailing down our
        <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP">content security policy</a>
        headers,
        and enabling
        <a href="https://blog.torproject.org/whats-new-tor-0298" target="_blank">single-hop</a>
        mode on our Tor Onion Service.
        You can find a more complete list
        <a href="https://gitlab.com/keys.openpgp.org/hagrid/merge_requests?scope=all&utf8=%E2%9C%93&state=merged" target="_blank">here</a>.
    <h4>Secure email delivery with MTA-STS</h4>
    <p>
        One improvement that deserves special mention is
        <a href="https://www.hardenize.com/blog/mta-sts">MTA-STS</a>,
        which improves the security of outgoing emails.
    <p>
        While HTTPS is deployed fairly universally these days,
        that sadly isn't the case for email.
        Many servers don't do encryption at all,
        or use a self-signed certificate
        instead of a proper one (e.g. from Let's Encrypt).
        But delivery failures upset customers more
        than reduced security,
        and many emails are still delivered without encryption.
    <p>
        With MTA-STS, domain operators can indicate
        (via HTTPS)
        that their email server <em>does</em> support encryption.
        When a secure connection can't be established
        to such a server,
        message delivery will be postponed
        or eventually bounce,
        instead of proceeding insecurely.
    <p>
        This is extremely useful for service like
        <span class="brand">keys.openpgp.org</span>.
        If encryption isn't reliable,
        attackers can intercept verification emails relatively easily.
        But for providers who have MTA-STS deployed,
        we can be sure that
        every message is delivered securely,
        and to the right server.
    <p>
        You can <a href="https://aykevl.nl/apps/mta-sts/" target="_blank">run a check</a>
        to find out whether your email provider
        supports MTA-STS.
        If they don't,
        please drop them a message and tell them
        to step up their security game!
    <h4>Work in progress</h4>
    <p>
        We are working on two features:
    <p>
        The first is <strong>localization</strong>.
        Most people do not speak English,
        but so far that is the only language we support.
        To make this service more accessible,
        we are working with the OTF's
        <a href="https://www.opentech.fund/labs/localization-lab/" target="_blank">Localization Lab</a>
        to make the website and outgoing emails
        available in several more languages.
    <p>
        The second is to bring back
        <strong>third-party signatures</strong>.
        As <a href="/about/faq#third-party-signatures">mentioned in our FAQ</a>,
        we currently don't support these due to spam and potential for abuse.
        The idea is to require
        <a href="https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/20/diffs" target="_blank">cross-signatures</a>,
        which allow each key to choose for itself
        which signatures from other people it wants to distribute.
        Despite this extra step,
        this is fairly compatible with existing software.
        It also nicely stays out of the way of users
        who don't care about signatures.
    <p>
        Although work is in progress for both of those features,
        neither have a planned time of release yet.
    <p>
        Regarding the "<tt>no user ID</tt>" issue with GnuPG
        (mentioned in our
        <a href="/about/news#2019-06-12-launch-challenges">last news post</a>
        and our
        <a href="/about/faq#older-gnupg" target="_blank">FAQ</a>),
        a patch that fixes this problem is now carried by Debian,
        as well as GPGTools for macOS.
        GnuPG upstream has not merged the patch so far.
    <p>
        That's it!
        Thanks for your interest!
        <span style="font-size: x-large;">👋</span>
    <hr style="margin-top: 2em; margin-bottom: 2em;" />
    <h2 id="2019-06-12-launch">
      <div style="float: right; font-size: small; line-height: 2em;">2019-06-12 📅</div>
      <a href="/about/news#2019-06-12-launch" style="color: black;">Launching a new keyserver! 🚀</a>
    </h2>
    <p>
    From a community effort by
    <a href="https://enigmail.net" target="_blank">Enigmail</a>,
    <a href="https://openkeychain.org" target="_blank">OpenKeychain</a>,
    and <a href="https://sequoia-pgp.org">Sequoia PGP</a>,
    we are pleased to announce
    the launch of the new public OpenPGP keyserver
    <span class="brand">keys.openpgp.org</span>!
    Hurray! 🎉
    <h4>Give me the short story!</h4>
    <ul>
      <li>Fast and reliable. No wait times, no downtimes, no inconsistencies.</li>
      <li>Precise. Searches return only a single key, which allows for easy key discovery.</li>
      <li>Validating. Identities are only published with consent,
        while non-identity information is freely distributed.</li>
      <li>Deletable. Users can delete personal information with a simple email confirmation.</li>
      <li>Built on Rust, powered by <a href="https://sequoia-pgp.org" target="_blank">Sequoia PGP</a> - free and open source, running AGPLv3.</li>
    </ul>
    Get started right now by <a href="/upload">uploading your key</a>!
    <h4>Why a new keyserver?</h4>
    <p>
      We created <span class="brand">keys.openpgp.org</span>
      to provide an alternative to the SKS Keyserver pool,
      which is the default in many applications today.
      This distributed network of keyservers has been struggling with
      <a target="_blank" href="https://medium.com/@mdrahony/are-sks-keyservers-safe-do-we-need-them-7056b495101c">abuse</a>,
      <a target="_blank" href="https://en.wikipedia.org/wiki/Key_server_(cryptographic)#Problems_with_keyservers">performance</a>,
      as well as <a href="http://www.openwall.com/lists/oss-security/2017/12/10/1">privacy issues</a>,
      and more recently also
      <a target="_blank" href="http://nongnu.13855.n7.nabble.com/SKS-apocalypse-mitigation-td228252.html">GDPR</a>
      compliance questions.
      Kristian Fiskerstrand has done a stellar job maintaining the pool for
      <a target="_blank" href="https://blog.sumptuouscapital.com/2016/12/10-year-anniversary-for-sks-keyservers-net/">more than ten years</a>,
      but at this point development activity seems to have
      <a target="_blank" href="https://bitbucket.org/skskeyserver/sks-keyserver/pull-requests/60/clean-build-with-405">mostly ceased</a>.
    <p>
    We thought it time to consider a fresh approach to solve these problems.
    <h4>Identity and non-identity information</h4>
    <p>
    The <span class="brand">keys.openpgp.org</span> keyserver splits up
    identity and non-identity information in keys.
    You can find more details on our <a href="/about" target="_blank">about page</a>:
    The gist is that non-identity information (keys, revocations, and so on)
    is freely distributed,
    while identity information
    is only distributed with consent
    that can also be revoked at any time.
    <p>
    If a new key is verified for some email address,
    it will replace the previous one.
    This way,
    every email address is only associated with a single key at most.
    It can also be removed from the listing
    at any time by the owner of the address.
    This is very useful for key discovery:
    if a search by email address returns a key,
    it means this is the single key
    that is currently valid for the searched email address.
    <h4>Support in Enigmail and OpenKeychain</h4>
    <p>
    The <span class="brand">keys.openpgp.org</span> keysever
    will receive first-party support in upcoming releases of
    <a href="https://enigmail.net" target="_blank">Enigmail</a> for Thunderbird,
    as well as
    <a href="https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain&hl=en">OpenKeychain</a> on Android.
    This means users of those implementations will
    benefit from the faster response times,
    and improved key discovery by email address.
    We hope that this will also give us some momentum
    to build this project into a bigger community effort.
    <h4 id="2019-06-12-launch-challenges">Current challenges</h4>
    <p>
    Privacy-preserving techniques in keyservers are still new,
    and sadly there are still a few compatibility issues
    caused by splitting out identity information.
    <p>
    In particular, when GnuPG (as of this writing, version 2.2.16) encounters
    an OpenPGP key without identities,
    it throws an error "no user ID"
    and does not process new non-identity information
    (like revocation certificates)
    even if it is cryptographically valid.
    We are actively engaged in
    providing fixes for these issues.
    <h4>The future</h4>
    <p>
    Privacy-preserving techniques in keyservers are still new,
    and we have more ideas for reducing the metadata.
    But for now, our plan is only to
    keep <span class="brand">keys.openpgp.org</span> reliable and fast 🐇,
    fix any upcoming bugs 🐞,
    and <a href="/about#community">listen to feedback</a> from the community. 👂
    <p>
    For more info, head on over to
    our <a target="_blank" href="/about">about page</a>
    and <a target="_blank" href="/about/faq">FAQ</a> pages.
    You can get started right away
    by <a href="/upload" target="_blank">uploading your your key</a>!
    Beyond that there is more cool stuff to discover,
    like our <a target="_blank" href="/about/api">API</a>,
    and an <a target="_blank" href="/about/faq#tor">Onion Service</a>!
    <p>
    Cheers!
    <span style="font-size: x-large;">🍻</span>
</div>
{{/layout}}
							
							
							
						
@@ -1,104 +0,0 @@
{{#> layout }}
<div class="about">
    <center><h2><a href="/about">About</a> | <a href="/about/news">News</a> | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | Privacy</h2></center>
    <h3>Name and contact details</h3>
    <p>
        <span class="brand">keys.openpgp.org</span> is a community effort.
        You can find more information about us, and our contact, details <a href="https://keys.openpgp.org/about">here</a>.
    </p>
    <h3>How we process data</h3>
    <p>
        The public keyserver running on <span class="brand">keys.openpgp.org</span> processes, stores, and distributes OpenPGP certificate data.
        The specific way in which data is processed differs by type as follows:
    </p>
    <ul>
        <li>
            <h4>Email Addresses</h4>
            <p>
                Email addresses of individuals contained in <abbr title="Packet Tag 13">User IDs</abbr> are personal data.
                Special care is taken to make sure they are used only with consent, which you can withdraw at any time:
            </p>
            <ul>
                <li>Publishing requires double opt-in validation, to prove ownership of the email address in question.</li>
                <li>Addresses are searchable by exact email address, but not by associated name.</li>
                <li>Enumeration of addresses is not possible.</li>
                <li>Deletion of addresses is possible via simple proof of ownership in an automated fashion, similar to publication, using the <a href="https://keys.openpgp.org/manage">“manage“ tool</a>. To unlist an address where this isn't possible, write to support at keys dot openpgp dot org.</li>
            </ul>
            <p>
                This data is never handed collectively (“as a dump“) to third parties.
            </p>
        </li>
        <li>
            <h4>Public Key Data</h4>
            <p>
                We process the cryptographic content of OpenPGP certificates - such as public key material, self-signatures, and revocation signatures – for the legitimate interest of providing the service.
            </p>
            <p>
                This data is not usually collectively available (“as a dump“), but may be handed upon request to third parties for purposes of development or research.
            </p>
            <p>
                If you upload your OpenPGP certificates to the service, you are the source of this data.
                It is also possible for anyone who has your public OpenPGP certificate to upload them to this service – for example, if you have published them somewhere else, or sent them to someone. This does not include publication of Email Addresses, which are only used with explicit consent as described above.
            </p>
        </li>
        <li>
            <h4>Other User ID data</h4>
            <p>
                An OpenPGP certificate may contain personal data other than email addresses, such as User IDs that do not contain email addresses, or image attributes.
                This data is stripped during upload and never stored, processed, or distributed in any way.
            </p>
            <p>
                OpenPGP packet types that were not specifically mentioned above are stripped during upload and never stored, processed or distributed in any way.
            </p>
        </li>
    </ul>
    <p>
        Data is never relayed to third parties outside of what is available from the public API interfaces, and what is described in this policy and on our <a href="https://keys.openpgp.org/about">about page</a>.
    </p>
    <p>
        This service is available on the Internet, so anyone, anywhere in the world, can access it and retrieve data from it.
    </p>
    <h3>Retention periods</h3>
    <p>
        We will retain your email address linked with your OpenPGP certificates until you remove it.
        We will remove your Public Key Data if you wish, but note that anyone can re-upload it to the service, in keeping with the “public” nature of this key material.
    </p>
    <p>
        All incoming requests are logged for a period of 30 days, and only used as necessary for operation of the service.
        IP addresses are anonymized for storage.
    </p>
    <h3>Your rights</h3>
    <p>
        You can withdraw consent to the processing of your email address at any time, or erase your email addresses, using the <a href="https://keys.openpgp.org/manage">“manage“ tool</a>.
    </p>
    <p>
        You can obtain access to the personal data we process about you by viewing your OpenPGP certificates, or searching for your certificates using your email addresses, using this service.
    </p>
    <p>
        You can delete your OpenPGP certificates by emailing support at keys dot openpgp dot org, but note that anyone can upload them again. If you object to having your certificate re-uploaded, email support at keys dot openpgp dot org and we will banlist your keys.
    </p>
    <p>
        To exercise the right of portability, you can download your OpenPGP certificate using this service.
    </p>
    <p>
        If you are in the EEA or UK, you also have the right to lodge a complaint with a supervisory authority, such as your local data protection authority.
    </p>
</div>
{{/layout}}
							
							
							
						
@@ -1,33 +0,0 @@
{{#> layout }}
<div class="about">
    <center><h2><a href="/about">About</a> | <a href="/about/news">News</a> | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | Stats | <a href="/about/privacy">Privacy</a></h2></center>
    <h3>Verified email addresses</h3>
    <p>
      A simple statistic of the total number of email addresses that are currently verified. 📈
    </p>
    <p>
      <center><img src="/about/stats/month.png" /></center>
    </p>
    <p>
      <center><img src="/about/stats/year.png" /></center>
    </p>
    <h3>Load Average</h3>
    <p>
      The "load average" of a server is a statistic of how busy it is. Simply put:
      <ul>
        <li>0.0 means the <span class="brand">keys.openpgp.org</span> host is completely idle</li>
        <li>1.0 is fairly busy</li>
        <li>4.0 and above means it's on fire 🔥</li>
      </ul>
    </p>
    <p>
      <center><img src="/about/stats/load_week.png" /></center>
    </p>
</div>
{{/layout}}
							
							
							
						
@@ -1,223 +0,0 @@
{{#> layout }}
<div class="about usage">
    <center><h2><a href="/about">About</a> | <a href="/about/news">News</a> | Usage | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | <a href="/about/privacy">Privacy</a></h2></center>
    <p>
        On this page, we collect information on how to use
        <span class="brand">keys.openpgp.org</span> with different OpenPGP
        software products.<br />
        We are still in the process of adding more. If you are missing some, please
        write to us and we'll try to add it.
    </p>
    <h2 id="web" style="padding-left: 3%;">
        <a href="#web">Web Interface</a>
    </h2>
    <p>
        The web interface on <span class="brand">keys.openpgp.org</span> allows you to:
    </p>
    <p>
        <ul>
            <li><a href="/">Search</a> for keys manually, by fingerprint or email address.</li>
            <li><a href="/upload">Upload</a> keys manually, and verify them after upload.</li>
            <li><a href="/manage">Manage</a> your keys, and remove published identities.</li>
        </ul>
    </p>
    <h2 id="enigmail">
        <div><img src="/assets/img/enigmail.svg"></div>
        <a href="#enigmail">Enigmail</a>
    </h2>
    <p>
        <a href="https://enigmail.net" target="_blank">Enigmail</a> for Thunderbird
        uses <span class="brand">keys.openpgp.org</span> by default since
        version 2.0.12.
    </p>
    <p>Full support is available since Enigmail 2.1
        (for <a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> or newer):
        <ul>
            <li>Keys will be kept up to date automatically.</li>
            <li>During key creation, you can upload and verify your key.</li>
            <li>Keys can be discovered by email address.</li>
        </ul>
    </p>
    <h2 id="gpg-suite">
        <div><img src="/assets/img/gpgtools.png"></div>
        <a href="#gpg-suite">GPG Suite</a>
    </h2>
    <p>
        <a href="https://gpgtools.org/">GPG Suite</a> for macOS
        uses <span class="brand">keys.openpgp.org</span> by default
        since August 2019.
    </p>
    <h2 id="openkeychain">
        <div><img src="/assets/img/openkeychain.svg"></div>
        <a href="#openkeychain">OpenKeychain</a>
    </h2>
    <p>
        <a href="https://www.openkeychain.org/">OpenKeychain</a> for Android
        uses <span class="brand">keys.openpgp.org</span> by default
        since July 2019.
        <ul>
            <li>Keys will be kept up to date automatically.</li>
            <li>Keys can be discovered by email address.</li>
        </ul>
    </p>
    <p>
        Note that there is no built-in support for upload and email address verification so far.
    </p>
    <h2 id="pignus">
        <div><img src="/assets/img/pignus.png"></div>
        <a href="#pignus">Pignus</a>
    </h2>
    <p>
        <a href="https://www.frobese.de/pignus/">Pignus</a> for iOS
        uses <span class="brand">keys.openpgp.org</span> by default
        since November 2019.
        <ul>
            <li>Your keys can be uploaded at any time.</li>
            <li>Keys can be discovered by email address.</li>
        </ul>
    </p>
    <h2 id="gnupg">
        <div><img src="/assets/img/gnupg.svg" /></div>
        <a href="#gnupg">GnuPG</a>
    </h2>
    <p>
        To configure <a href="https://gnupg.org">GnuPG</a>
        to use <span class="brand">keys.openpgp.org</span> as keyserver,
        add this line to your <tt>gpg.conf</tt> file:
        <blockquote>
            keyserver hkps://keys.openpgp.org
        </blockquote>
    </p>
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">Retrieving keys</a></h4>
    <ul>
        <li>
            To locate the key of a user, by email address:
            <blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>To refresh all your keys (e.g. new revocation certificates and subkeys):
            <blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
    <h4 id="gnupg-upload"><a href="#gnupg-upload">Uploading your key</a></h4>
    <p>
        Keys can be uploaded with GnuPG's <tt>--send-keys</tt> command, but
        identity information can't be verified that way to make the key
        searchable by email address (<a href="/about">what does this mean?</a>).
    </p>
    <ul>
        <li>
            You can try this shortcut for uploading your key, which outputs
            a direct link to the verification page:
            <blockquote>
                gpg --export your_address@example.net | curl -T - {{ base_uri }}
            </blockquote>
        </li>
        <li>
            Alternatively, you can export them to a file
            and select that file in the <a href="/upload" target="_blank">upload</a> page:
            <blockquote>
                gpg --export your_address@example.net &gt; my_key.pub
            </blockquote>
        </li>
    </ul>
    <h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">Troubleshooting</a></h4>
    <ul>
        <li>
            Some old <tt>~/gnupg/dirmngr.conf</tt> files contain a line like this:
            <blockquote>
                hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem
            </blockquote>
            <p>
                This configuration is no longer necessary,
                but prevents regular certificates from working.
                It is recommended to simply remove this line from the configuration.
            </p>
        </li>
        <li>
            While refreshing keys, you may see errors like the following:
            <blockquote>gpg: key A2604867523C7ED8: no user ID</blockquote>
            This is a <a href="https://dev.gnupg.org/T4393" target="_blank">known problem in GnuPG</a>.
            We are working with the GnuPG team to resolve this issue.
        </li>
    </ul>
    <h4 id="gnupg-tor"><a href="#gnupg-tor">Usage via Tor</a></h4>
    <p>
        For users who want to be extra careful,
        <span class="brand">keys.openpgp.org</span> can be reached anonymously as an
        <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion service</a>.
        If you have
        <a href="https://www.torproject.org/" target="_blank">Tor</a>
        installed, use the following configuration:
        <blockquote>
            keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion
        </blockquote>
    </p>
    <h2 style="padding-left: 3%;" id="wkd-as-a-service">
        <a href="#wkd-as-a-service">WKD as a Service</a>
    </h2>
    <p> The Web Key Directory (WKD) is a standard for discovery of OpenPGP keys by email address, via the domain of its email provider.
        It is used to discover unknown keys in some email clients, such as <a href="https://www.gpg4win.de/about.html" target="_blank">GpgOL</a>.
    <p> <span class="brand">keys.openpgp.org</span> can be used as a managed WKD service for any domain.
        To do so, the domain simply needs a <tt>CNAME</tt> record that delegates its <tt>openpgpkey</tt> subdomain to <tt>wkd.keys.openpgp.org</tt>.
        It should be possible to do this in the web interface of any DNS hoster.
    <p> Once enabled for a domain, its verified addresses will automatically be available for lookup via WKD.
    <p> The <tt>CNAME</tt> record should look like this:
    <blockquote>
        $ drill openpgpkey.example.org<br>
        ...<br>
        openpgpkey.example.org.       300     IN      CNAME   wkd.keys.openpgp.org.
    </blockquote>
    <p> There is a simple status checker for testing the service:
    <blockquote>
        $ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>
        CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>
    </blockquote>
    <p> For testing key retrieval:
    <blockquote>
        $ gpg  --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org<br>
    </blockquote>
    <h2 style="padding-left: 3%;">API</h2>
    <p>
        We offer an API for integrated support in OpenPGP applications. Check
        out our <a href="/about/api">API documentation</a>.
    </p>
    <h2 style="padding-left: 3%;">Others</h2>
    <p>
        Missing a guide for your favorite implementation?  This site is
        a work-in-progress, and we are looking to improve it. Drop us a line at
        <span class="email">support at keys dot openpgp dot org</span> if you
        want to help out!
    </p>
</div>
{{/layout}}
							
							
							
						
@@ -1,31 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
  <title>keys.openpgp.org</title>
  <link href="{{ base_uri }}/atom.xml" rel="self"/>
  <id>urn:uuid:8e783366-73b1-460e-83d3-42f01046646d</id>
  <updated>2023-04-28T12:00:00Z</updated>
  <entry>
    <title>k.o.o governance 📜</title>
    <link href="{{ base_uri }}/about/news#2023-04-28-governance" />
    <updated>2023-04-28T12:00:00Z</updated>
    <id>urn:uuid:75dfcd1e-ac6a-4d1b-9d0f-0e1821322f87</id>
  </entry>
  <entry>
    <title>Celebrating 100.000 verified addresses! 📈</title>
    <link href="{{ base_uri }}/about/news#2019-11-12-celebrating-100k" />
    <updated>2019-11-12T12:00:00Z</updated>
    <id>urn:uuid:5b69781f-5aa4-4276-8d9e-6a71c896cb65</id>
  </entry>
  <entry>
    <title>Launching a new keyserver! 🚀</title>
    <link href="{{ base_uri }}/about/news#2019-06-12-launch" />
    <updated>2019-06-12T12:00:00Z</updated>
    <id>urn:uuid:a071a6dc-f8ea-43de-b853-bd6d8bbe063f</id>
  </entry>
  <entry>
    <title>Three months after launch ✨</title>
    <link href="{{ base_uri }}/about/news#2019-09-12-three-months-later" />
    <updated>2019-09-12T12:00:00Z</updated>
    <id>urn:uuid:1bd5412a-f480-4c3f-a72d-c9b7a849f544</id>
  </entry>
</feed>
							
							
							
						
@@ -1,26 +0,0 @@
#!/usr/bin/env -S zsh -euo pipefail
for i in templates-untranslated/**/*.hbs; do
	local template=${${i#templates-untranslated/}}
	local prefix_file=${i:h}/template-prefix
	local suffix_file=${i:h}/template-suffix
	echo -n "$template: "
	echo -n "en "
	local dist_path=dist/templates/$template
	cat $prefix_file $i $suffix_file >! $dist_path
	for translated in templates-translated/*/$template(N); do
		local locale=${${translated#templates-translated/}%%/*}
		local dist_path=dist/templates/localized/$locale/$template
		if [[ ! -d ${dist_path:h} ]]; then
			mkdir -p ${dist_path:h}
		fi
		echo -n "$locale "
		# echo "cat $prefix_file $translated $suffix_file >! $dist_path"
		cat $prefix_file $translated $suffix_file >! $dist_path
	done
	echo
done
							
							
							
						
@@ -1,111 +0,0 @@
use crate::web::{MyResponse, RequestOrigin};
use rocket_codegen::get;
use rocket_i18n::I18n;
#[get("/about")]
pub fn about(origin: RequestOrigin, i18n: I18n) -> MyResponse {
    MyResponse::ok_bare("about/about", i18n, origin)
}
#[get("/about/news")]
pub fn news(origin: RequestOrigin, i18n: I18n) -> MyResponse {
    MyResponse::ok_bare("about/news", i18n, origin)
}
#[get("/about/faq")]
pub fn faq(origin: RequestOrigin, i18n: I18n) -> MyResponse {
    MyResponse::ok_bare("about/faq", i18n, origin)
}
#[get("/about/usage")]
pub fn usage(origin: RequestOrigin, i18n: I18n) -> MyResponse {
    MyResponse::ok_bare("about/usage", i18n, origin)
}
#[get("/about/privacy")]
pub fn privacy(origin: RequestOrigin, i18n: I18n) -> MyResponse {
    MyResponse::ok_bare("about/privacy", i18n, origin)
}
#[get("/about/api")]
pub fn apidoc(origin: RequestOrigin, i18n: I18n) -> MyResponse {
    MyResponse::ok_bare("about/api", i18n, origin)
}
#[get("/about/stats")]
pub fn stats(origin: RequestOrigin, i18n: I18n) -> MyResponse {
    MyResponse::ok_bare("about/stats", i18n, origin)
}
#[cfg(test)]
mod tests {
    use crate::routes::tests::common::*;
    use ::rocket::http::{ContentType, Header, Status};
    use ::rocket::local::blocking::Client;
    use rstest::rstest;
    use tempfile::TempDir;
    mod get_about {
        use super::*;
        const URI: &str = "/about";
        #[rstest]
        fn landing_page_is_visible_with_translations(
            #[from(client)] (_tmpdir, client): (TempDir, Client),
        ) {
            assert::response(
                client
                    .get(URI)
                    .header(Header::new("Accept-Language", "de"))
                    .dispatch(),
                Status::Ok,
                ContentType::HTML,
                "Hagrid",
            );
            // TODO check translation
        }
        #[rstest]
        fn privacy_policy_is_visible(#[from(client)] (_tmpdir, client): (TempDir, Client)) {
            assert::response(
                client.get(URI).dispatch(),
                Status::Ok,
                ContentType::HTML,
                "distribution and discovery",
            );
        }
    }
    mod get_about_privacy {
        use super::*;
        const URI: &str = "/about/privacy";
        #[rstest]
        fn privacy_policy_is_visible(#[from(client)] (_tmpdir, client): (TempDir, Client)) {
            assert::response(
                client.get(URI).dispatch(),
                Status::Ok,
                ContentType::HTML,
                "Public Key Data",
            );
        }
    }
    mod get_about_api {
        use super::*;
        const URI: &str = "/about/api";
        #[rstest]
        fn api_docs_are_visible(#[from(client)] (_tmpdir, client): (TempDir, Client)) {
            assert::response(
                client.get(URI).dispatch(),
                Status::Ok,
                ContentType::HTML,
                "/vks/v1/by-keyid",
            );
        }
    }
}
							
							
							
						
@@ -1,8 +0,0 @@
use crate::web::{MyResponse, RequestOrigin};
use rocket_codegen::get;
use rocket_i18n::I18n;
#[get("/atom.xml")]
pub fn news_atom(origin: RequestOrigin, i18n: I18n) -> MyResponse {
    MyResponse::xml("atom", i18n, origin)
}
							
							
							
						
@@ -1,7 +1,5 @@
mod about;
mod api;
mod assets;
mod atom;
mod debug;
mod errors;
mod index;
							
							
							
								
							
						
@@ -17,15 +15,7 @@ pub fn routes() -> Vec<Route> {
    routes![
        // infra
        index::root,
        about::about,
        about::news,
        atom::news_atom,
        about::privacy,
        about::apidoc,
        about::faq,
        about::usage,
        assets::files,
        about::stats,
        errors::errors,
        // VKSv1
        api::rest::vks::vks_v1_by_email,
							
								
							
							
							
						
 
							
							
							
						
@@ -1,28 +0,0 @@
<div class="about">
    <center><h2>‫حول | <a href="/about/news">اﻷخبار</a> | <a href="/about/usage">الاستخدام</a> | <a href="/about/faq">اﻷسئلة الشائعة</a> | <a href="/about/stats">اﻹحصاءات</a> | <a href="/about/privacy">حماية البيانات‬</a>
</h2></center>
    <p>‫إن الخادم <span class="brand">keys.openpgp.org</span> هو خدمة عمومية لتوزيع المفاتيح المتوافقة مع معيار OpenPGP، وكذا العثور عليها. و يُصطلَح عليه بـ « خادم المفاتيح ».‬</p>
    <p><strong>يمكنك الاطلاع على تعليمات الاستخدام موجودة في <a href="/about/usage">دليلنا</a>.‏</strong></p>
    <h3>كيفية الاشتغال</h3>
    <p>‫يتكون مفتاح OpenPGP من صنفين من المعلومات :‬</p>
    <ul>
<li>‫<strong>معلومات الهوية</strong> هي أجزاء المفتاح التي توضح هوية المالك، والتي يُصطلَح عليها بـ « مُعرِّف المستخدم ». يحتوي مُعرِّف المستخدم في الغالب على اسم وعنوان للبريد الإلكتروني.‬</li>
        <li>‫<strong>معلومات لا تُحدد الهوية</strong>، وهي ذات طبيعة تقنية، متعلقة بالمفتاح نفسه. تتضمن اﻷعداد الهائلة المُستخدَمة في التحقق من التوقيعات وتعمية الرسائل. كما تتضمن أيضا بيانات وصفية، مثل تاريخ إنشاء المفتاح وتواريخ انتهاء الصلاحية، وحالة بطلانه من عدمها.‬</li>
    </ul>
<p>‫جرت العادة دائما أن تُوزَّع المعلومات كلها معا. لكن في <span class="brand">keys.openpgp.org</span> اﻷمر مختلف، ومعالجتها كذلك. على الرغم أنه من الممكن رفع كل أجزاء مفتاح OpenPGP إلى <span class="brand">keys.openpgp.org</span>، إلا أن خادم مفاتيحنا يحتفظ فقط ببعض اﻷجزاء ولا ينشر إلا بعضها وفق شروط محددة :‬</p>
    <p>‫ستُخزَّن وتُوزَّع كل <strong>المعلومات التي لا تحدد الهوية</strong> بحرية، شرط استيفاء التحقق من سلامة محتواها. يمكن لأي كان تنزيل هذه الأجزاء في أي وقت، لأنها تحتوي فقط على بيانات تقنية، كما لن يكون بالإمكان استخدامها لتحديد هوية شخص ما. إن برامج OpenPGP الجيدة تستخدم <span class="brand">keys.openpgp.org</span> لتحديث هذه المعلومات دائما لكل المفاتيح التي تعرفها. هذا يسمح لمستخدمي OpenPGP بالحفاظ على أمان ومصداقية اتصالاتهم.‬</p>
    <p>‫تُوزَّع <strong>معلومات الهوية</strong> لمفتاح OpenPGP فقط عند الموافقة على ذلك، لأنها تحتوي على بيانات شخصية، إذ لا يلزم بالضرورة تماما استخدامها مع المفتاح للتعمية وللتوقيع. حالما يوافق المستخدم، سوف يصبح العثور على مفتاحه ممكنا عند البحث عنه عبر عنوان بريده اﻹلكتروني.‬</p>
    <h3 id="community">المجتمع والمنصة</h3>
    <p>‫هذه الخدمة تشتغل بفضل مجهودات مجتمعية. يمكنك التواصل معنا في قناة ‎#hagrid على خادم المحادثات Freenode، وكذا ‎#hagrid:stratum0.org المُشغَّل بواسطة Matrix. كما يمكنك أيضا الاتصال بنا بالبريد اﻹلكتروني عبر العنوان <tt>support في keys نقطة openpgp نقطة org</tt>. إن كل من يساهم في تشغيل هذه الخدمة أتوا من مشاريع مختلفة بما في ذلك OpenPGP وبالذات Sequoia-PGP، و OpenKeychain و Enigmail.‬</p>
    <p>‫من الناحية التقنية، يعمل <span class="brand">keys.openpgp.org</span> اعتمادا على برنامج خادم المفاتيح <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a>، المبني على <a href="https://sequoia-pgp.org">Sequoia-PGP</a>. كما أننا نستخدم منصة الاستضافة <a href="https://eclips.is" target="_blank">eclips.js</a> الداعمة للحرية عبر الانترنت، والتي يُديرها موقع <a href="https://greenhost.net/" target="_blank">Greenhost</a>.</p>
</div>
							
							
							
						
@@ -1,110 +0,0 @@
<div class="about">
    <center><h2>‫<a href="/about">حول</a> | <a href="/about/news">اﻷخبار</a> | <a href="/about/usage">الاستخدام</a> | اﻷسئلة الشائعة | <a href="/about/stats">اﻹحصاءات</a> | <a href="/about/privacy">حماية البيانات‬</a>
</h2></center>
    <p><strong>يمكنك الاطلاع على تعليمات الاستخدام موجودة في <a href="/about/usage">دليلنا</a>.‏</strong></p>
    <h3 id="sks-pool"><a href="#sks-pool">هل هذا الخادم ضمن تجمُّع خوادم المفاتيح المُتزامِنة ؟</a></h3>
    <p>‫كلا. النموذج الاتحادي لتجمُّع خوادم المفاتيح المُتزامِنة لها عدة مشاكل متعلقة بالمصداقية ومقاومة إساءة الاستخدام والخصوصية وسهولة الاستخدام. قد ننجز شيئا مشابها، لكن لن يكون <span class="brand">keys.openpgp.org</span> أبدا ضمن تجمُّع لخوادم المفاتيح المُتزامِنة.</p>
    <h3 id="federation"><a href="#federation">‫هل keys.openpgp.org خادم اتحادي ؟ أيمكنني المساعدة عبر تشغيل خادمي أيضا ؟</a></h3>
    <p>‫ليس في الوقت الحالي. نحن نخطط لجعل <span class="brand">keys.openpgp.org</span> لا مركزيا في المستقبل. نأمل أن نطور إمكانية الاعتماد على هذه الخدمة عبر العديد من الخوادم التي يتكلف بها أفراد المستقلون.</p>
    <p>لقد اقترح علينا عدة أشخاص مد يد العون لنا، عبر « تشغيل البرنامج الخادم Hagrid في أجهزتهم ». بالرغم من تقديرنا لهم على قبول مساعدتنا، إلا أنه من المحتمل أننا لن نستخدم أبدا نموذجا اتحاديا مثل خادم المفاتيح المُتزامِن، الذي من خلاله يمكن لأي فرد أن يشغِّل خادما يصبح ضمن « تجمُّع ». هذا لسببين :</p>
    <ol>
<li>يتطلب الاتحاد عبر المشاركة إتاحة كل البيانات عموميا. ولهذا الأمر تأثير بالغ على الحياة الخاصة للمستخدمين، لأنه يسمح لأي كان بجلب لائحة لجميع عناوين البريد الإلكتروني.</li>
        <li>لا توافق الخوادم معاييرنا حول الأداء والمصداقية، ونقصد بذلك الخوادم التي يُشغِّلها المسؤولون العاديون كهواية لهم.</li>
    </ol>
<h3 id="non-email-uids"><a href="#non-email-uids">لماذا لا يوجد دعم لهويات أخرى غير العناوين الإلكترونية ؟</a></h3>
    <p>إننا نطلب الموافقة الصريحة لتوزيع معلومات الهوية. إن الهويات التي ليست عناوين إلكترونية، كالصور وعناوين المواقع لا توفر لنا طريقة بسيطة للحصول على تلك الموافقة.</p>
    <p>‫ملاحظة : بعض برامج OpenPGP تنشيء المفاتيح بنسق غير صحيح للعناوين الإلكترونية. لذلك، يُحتمَل ألا يتعرف عليها <span class="brand">keys.openpgp.org</span>.</p>
    <h3 id="verify-multiple"><a href="#verify-multiple">أيمكنني التحقُّق من أكثر من مفتاح لبعض عناوين البريد الإلكتروني ؟</a></h3>
    <p>‫يمكنك ربط عنوان البريد الإلكتروني بمفتاح منفرد فقط. عندما يتم التحقُّق من عنوان ما مع مفتاح جديد، لن يظهر بعد ذلك في أي مفتاح سبق التحقق منه. سوف تُوزَّع مع ذلك <a href="/about">المعلومات غير الكاشفة للهوية</a> لجميع المفاتيح.</p>
    <p>‫هذا يعني أن البحث بواسطة عنوان البريد الإلكتروني لن تعرض إلا مفتاحا منفردا، وليس عدة نتائج موافقة لذلك العنوان. هذا الأمر يزيل كل اختيار غير ممكن من طرف المستخدم (مثلا « ماهو المفتاح الصحيح ؟ »)، كما أنه يجعل العثور على المفتاح بواسطة العنوان الإلكتروني أكثر ملائمة.</p>
    <h3 id="email-protection"><a href="#email-protection">ماذا تفعلون لحماية رسائل التحقُّق الصادرة ؟</a></h3>
    <p>‫إننا نستخدم معيارا عصريا يُطلَق عليه <a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a> مع <a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a>، من طرف EFF، وذلك للتأكد من إرسال رسائل التحقُّق بأمان. هذا الأمر يقي ضد التنصت واعتراض الرسائل أثناء تسليمها.</p>
    <p>‫تعمل آلية MTA-STS فقط إذا كان مزود خدمة بريد مُستلِم الرسالة يدعم ذلك. وإلا، ستُسلَّم الرسائل على النحو المعتاد. يمكنك <a href="https://www.hardenize.com/">تشغيل هذا الفحص</a> للتحقُّق من دعم مزود البريد الإلكتروني لتلك الآلية. إذا يظهر رمز تحقُّق أخضر عن يسار المُدخَلة « MTA-STS »، يُرجى الطلب من مزود خدمة بريدك الإلكتروني تحديث تهيئته.</p>
    <h3 id="third-party-signatures"><a href="#third-party-signatures">هل توزعون « توقيعات الأطراف الأخرى » ؟</a></h3>
    <p>باختصار، كلا.</p>
    <p>‫إن « التوقيع من طرف آخر » هو توقيع على مفتاح بواسطة مفتاح آخر. على العموم، يتم إنشاء ذلك التوقيع عبر ختم مفتاح لشخص ما، والذي يعد حجر أساس « <a href="https://en.wikipedia.org/wiki/Web_of_trust" target="_blank">شبكة الثقة</a> ». ولعدة أسباب، لا تُوزَّع تلك التوقيعات حاليا في <span class="brand">keys.openpgp.org</span>.</p>
    <p>السبب الرئيس لذلك هي <strong>الرسائل المزعجة</strong>. إذ تسمح توقيعات الأطراف الأخرى إرفاق بيانات عشوائية مع المفتاح من أي كان، وهذا الأمر سيفتح الباب لمن له نوايا سيئة من إرفاق العديد من البيانات غير النافعة دون أي قيود، مما يُضخِّم من حجم المفتاح بشكل هائل، إلى درجة تجعل استخدامه غير ممكن. بل الأنكى من ذلك، أنه يمكن أن تتضمن محتوىً قبيحا أو غير قانوني.‏</p>
    <p>‫هناك بعض الأفكار لتجاوز هذا المشكل. وهي مثلا، توزيع تلك التوقيعات مع المُوقِّع بنفسه بدل المُوقَّع له. بالمقابل، يمكننا أن نلزم المُوقَّع له بأن يوقع هو الآخر قبل أي توزيع، وذلك لدعم سير العمل <a href="https://wiki.debian.org/caff" target="_blank">على طريقة الأداة caff</a>. إذا رأينا اهتماما كافيا من المستخدمين بذلك، فنحن على أتم الاستعداد للتعاون مع مشاريع OpenPGP الأخرى لإيجاد حل مناسب.</p>
    <h3 id="no-sign-verified">‫<a href="#no-sign-verified">لماذا لا تُوقَّع المفاتيح بعد التحقُّق منها ؟</a>
</h3>
    <p>‫صُممَت خدمة <span class="brand">keys.openpgp.org</span> لتقوم بتوزيع المفاتيح والعثور عليها، لذلك فهي ليست فعليا هيئة للشهادات. يجب على البرامج التي تود توفير اتصالات مُتحقَّق منها أن تعتمد على نموذجها الخاص للثقة.</p>
    <h3 id="revoked-uids"><a href="#revoked-uids">لماذا لا تُوزَّع الهويات الباطلة كذلك ؟</a></h3>
    <p>إذا وسم مفتاح OpenPGP أحد الهويات بأنها باطلة، فذلك يعني أنه لم تعد تلك الهوية صالحة مع ذلك المفتاح. إذ من الأفضل أيضا توزيع هذه المعلومة على كل برامج OpenPGP التي لها علم سابق بالهوية الجديدة الباطلة.‏</p>
    <p>للأسف، لا توجد طريقة أفضل لتوزيع شهادات إبطال الهوية، بحيث لا تكشف عن الهوية التي قامت بإبطالها.‏</p>
    <p>‫لقد اقُترحَت عدة حلول لتلك المشكلة، تسمح بتوزيع شهادات إبطال الهوية دون الكشف عن الهوية المعنية بذلك. رغم هذا، لم تتم لحد الآن، الصياغة النهائية لأي مواصفات تدعمها برامج OpenPGP. نأمل في المستقبل القريب بوضع حل ملائم لكي يدعمه <span class="brand">keys.openpgp.org</span> في أقرب وقت، قدر الإمكان.</p>
    <h3 id="search-substring"><a href="#search-substring">لماذا لا يمكن البحث بواسطة جزء من العنوان الإلكتروني، مثلا باسم النطاق ؟</a></h3>
    <p>‫بعض خوادم المفاتيح تدعم البحث عنها بواسطة جزء من عنوان البريد الإلكتروني. لا يقتصر الأمر على العثور على المفاتيح، بل يتعداه إلى العناوين أيضا، باستخدام طلب يشبه « مفاتيح بعناوين في gmail نقطة com ». إذ بذلك، ستُعرَض بالفعل كل العناوين المقترنة بتلك المفاتيح في خوادم المفاتيح تلك بشكل عمومي.</p>
    <p>‫لذلك، فإن البحث بعنوان البريد الإلكتروني في <span class="brand">keys.openpgp.org</span> يعرض فقط المفتاح الذي يوافق بالضبط العنوان المبحوث به. بهذه الوسيلة، يمكن للمستخدم المعتاد العثور فقط على المفتاح المرتبط بالعنوان الذي يعرفه، لكنه من جهة أخرى لن يتمكن من إيجاد أي عناوين أخرى جديدة. هكذا، تتم الوقاية من ذوي النوايا السيئة والمحتالين، الذين يسعون للحصول بسهولة على كل عناوين البريد الإلكتروني الموجودة في الخادم.</p>
    <p>‫لقد وضعنا تلك القيود كجزء من <a href="/about/privacy">سياسة خصوصيتنا</a>، مما يعني أنه لن نقوم بتعديلها إلا بعد طلب الموافقة على ذلك من طرف المستخدمين.</p>
    <h3 id="tor"><a href="#tor">هل تدعمون تُورْ ؟</a></h3>
    <p>‫بالطبع ! إذا قمت بتثبيت تُورْ، سيمكنك الوصول بهوية مجهولة إلى <span class="brand">keys.openpgp.org</span> عبر موقع <a href="https://support.torproject.org/fr/onionservices/#onionservices-2" target="_blank">خدمة البصلة</a> التالي : <br><a href="http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion">zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</a></p>
    <h3 id="encrypt-verification-emails"><a href="#encrypt-verification-emails">لماذا لا تُعمَّى رسائل التحقُّق الإلكترونية ؟</a></h3>
    هناك عدة أسباب لذلك :‏
    <ol>
<li>الأمر أكثر تعقيدا، لنا وللمستخدمين.‏</li>
        <li>ذلك لا يقي من الهجمات. إذ أن الذي ينوي الاختراق لن يُجديَه نفعا رفع مفتاح لا يمكنه الوصول إليه.‏</li>
        <li>يجب توفر إمكانية الحذف، على الرغم من ضياع المفتاح.‏</li>
        <li>ذلك يتطلب آلية مختلفة (وأكثر تعقيدا) لرفع المفاتيح التي تمكِّن من التوقيع.‏</li>
    </ol>
<h3 id="older-gnupg"><a href="#older-gnupg">
‫لدي مشاكل في تحديث بعض المفاتيح مع GnuPG. هل هناك علة ؟
</a></h3>
    <p>‫يَعُد GnuPG المفاتيح التي لا تحتوي على معلومات الهوية غير صالحة، لذلك يرفض استيرادها.
‫مع ذلك، فإن المفتاح الذي لا يتوفر على <a href="/about">عناوين إلكترونية غير مُتحقَّق منها</a> قد تحتوي على معلومات مهمة.
‫بالذات، هناك إمكانية للتحقق من بطلان المفتاح من عدمه.</p>
    <p>‫في يونيو من عام 2019، أنشأ فريق <span class="brand">keys.openpgp.org</span> تصحيحا يسمح لأداة GnuPG معالجة التحديث من المفاتيح دون الحاجة للمعلومات الشخصية. لقد أُدمِج هذا التصحيح فورا في توزيعات كثيرة لتلك الأداة، بما في ذلك Debian و Fedora و NixOS و GPG Suite لنظام اشتغال مَاكْ.</p>
    <p>‫في مارس من عام 2020، رفض فريق GnuPG ذلك التصحيح، ولن يقبل به لاحقا. ‫هذا الأمر يعني أن <strong>إصدارات GnuPG غير المُصحَّحة لن تتلقى التحديثات من <span class="brand">keys.openpgp.org</span> بالنسبة للمفاتيح التي لم يُتحقَّق من عناوينها الإلكترونية</strong>. يمكنك قراءة هذا القرار حول المشكلة <a href="https://dev.gnupg.org/T4393#133689">T4393</a> في مُتتبِّع علل GnuPG.</p>
    <p>يمكنك التحقق من اﻹصدار المتأثر بذلك باتباع التعليمات التالية.</p>
    <blockquote>
<span style="font-size: larger;">استيراد مفتاح التجربة :‏</span><br><br>
‪$ curl https://keys.openpgp.org/assets/uid-test.pub.asc | gpg --import<br>
‪ gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" imported<br>
‪gpg: Total number processed: 1<br>
‪gpg: imported: 1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">بعد تطبيق التصحيح، سوف يُحدَّث المفتاح إذا عُرف محليا :‏</span><br><br>
‪$ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
‪gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" not changed<br>
‪gpg: Total number processed: 1<br>
‪gpg: unchanged: 1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">من دون تطبيق أي تصحيح، سوف يُرفَض كل مفتاح لا يتوفر على هوية :‏</span><br><br>
‪$ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
‪gpg: key EB85BB5FA33A75E15E944E63F231550C4F47E38E: no user ID<br>
</blockquote>
</div>
							
							
							
						
@@ -1,100 +0,0 @@
<div class="about">
    <center><h2>‫<a href="/about">حول</a> | اﻷخبار | <a href="/about/usage">الاستخدام</a> | اﻷسئلة الشائعة | <a href="/about/stats">اﻹحصاءات</a> | حماية البيانات<a href="/about/privacy">‬</a>
</h2></center>
    <h2 id="2019-11-12-celebrating-100k">
      <div style="float: right; font-size: small; line-height: 2em;">2019-11-12 📅</div>
      ‫<a style="color: black;" href="/about/news#2019-11-12-celebrating-100k">نحتفل بتحقُّقنا من ‪100‎ 000‬ عنوان ! 📈</a>‬
    </h2>
    <p>منذ خمسة أشهر، قمنا بتشغيل هذه الخدمة. لقد وصلنا اليوم إلى مرحلة متقدمة :‏</p>
<center style="margin-top: 2em; margin-bottom: 2em;">
<img src="/assets/img/stats-addresses-2019-11-12.png" style="padding: 1px; border: 1px solid gray;"><br><strong>تحققنا من مائة ألف عنوان للبريد اﻹلكتروني !‏</strong>
</center>
    <p>إننا نتقدم بالشكر لكل من يستعمل هذه الخدمة ! ونخص بالثناء جميع من زودونا بملاحظاتهم، وترجماتهم، وأيضا الذين ساهموا في برمجة التطبيق !‏</p>
<p>إليك بعض التحديثات التي نعمل عليها :‏</p>
<ul>
<li>‫لقد أصبحت هذه الصفحة متاحة بصيغة <strong><a target="_blank" href="/atom.xml">تلقيمات Atom<img src="/assets/img/atom.svg" style="height: 0.8em;"></a></strong>.‬</li>
        <li>كنا نعمل على إنشاء <strong><a target="_blank" href="https://gitlab.com/keys.openpgp.org/hagrid/issues/131">تقنية جديدة لإنعاش المفاتيح</a></strong> تكون أفضل حماية لخصوصية المستخدم.‏</li>
        <li>إن مواصلة <strong>التوطين</strong> تتم بأقصى جهدنا ! نرجو أن تتوفر لغات أخرى في القريب العاجل.‏</li>
    </ul>
<p>‫إذا رغبت في رؤية <span class="brand">keys.openpgp.org</span> مترجما إلى لغتك اﻷم. يُرجى <a target="_blank" href="https://www.transifex.com/otf/hagrid/">الانضمام إلى فريق الترجمة</a> في موقع Transifex. نقدر بالأساس مساعدتك لنا على الترجمة، وخاصة إلى <strong>الروسية</strong> و<strong>اﻹيطالية</strong> و<strong>البولونية</strong> و<strong>الهولندية</strong>.‬</p>
<p>‫هذا ما لدينا من اﻷخبار المُوجَزة. <span style="font-size: x-large;">👍️</span></p>
<hr style="margin-top: 2em; margin-bottom: 2em;">
<h2 id="2019-09-12-three-months-later">
      <div style="float: right; font-size: small; line-height: 2em;">2019-09-12 📅</div>
      <a style="color: black;" href="/about/news#2019-09-12-three-months-later">‫بعد ثلاثة أشهر من الخدمة ✨</a>
    </h2>
    <p>‫لقد مضت ثلاثة أشهر الآن منذ <a href="/about/news#2019-06-12-launch">تشغيل</a> موقع <span class="brand">keys.openpgp.org</span>. لذلك، فنحن سعداء بإخبارك أن خدمتنا لاقت نجاحا واسعا ! 🥳</p>
<h4>تبنِّيه في البرامج العميلة</h4>
    <p>‫‫لقد لاقى خادم مفاتيح <span class="brand">keys.openpgp.org</span> إقبالا واسعا من طرف المستخدمين، لذلك تبنَّته عدة برامج عميلة بسرعة. وهو يُستخدَم حاليا بشكل افتراضي في عملاء، مثل <a href="https://gpgtools.org/" target="_blank">GPGTools</a> و<a href="https://enigmail.net/" target="_blank">Enigmail</a> و<a href="https://www.openkeychain.org/" target="_blank">OpenKeychain</a> و<a href="https://github.com/firstlookmedia/gpgsync" target="_blank">GPGSync</a> وأنظمة Debian وNixOS وغيرها.</p>
<p>‫إلى حدود كتابة هذه السطور، تحققنا من أكثر من ‪70 000‬ عنوان للبريد اﻹلكتروني.</p>
<center style="margin-top: 2em; margin-bottom: 2em;">
<img src="/assets/img/stats-addresses-2019-09-12.png" style="padding: 1px; border: 1px solid gray;"><br><span style="font-size: smaller;">إذا لم يكن منحنى واعدا، فلا أدري كيف أقنعك بالعكس :)‏</span>
</center>
    <p>‫كما لا ننسى أن نقدم التهاني الحارة لفريق برنامج GPGTools لنظام تشغيل مَاكْ. لقد نظموا عملية التحديث بطريقة سلسة، مكَّنت التحقق من كم هائل من العناوين اﻹلكترونية، بعد نشرهم التحديث لبرنامجهم.</p>
<h4>كل شيء يسير بخير</h4>
    <p>لا يوجد الكثير مما يتم اﻹبلاغ عنه حول عمليات اشتغال، وما ذاك إلا بالخبر الجيد في هذه الحالة ! فمنذ انطلاق الموقع، لم يحدث أي توقف واحد عن العمل، فقط علة طفيفة حدثت لوقت وجيز أدت إلى بعض التعثرات خلال الرفع. كما أن سعة الاستيعاب بقيت منخفضة.‏</p>
<p>‫إن حجم المواصلات مع خادمنا تُقدَّر حاليا بعشرة طلبات في الثانية (تزيد خلال النهار، وتنقص خلال عطل نهاية اﻷسبوع)، كما أننا أوصلنا ما يقارب‪100 000 ‬ رسالة إلكترونية خلال الشهر الماضي، دون أي مشاكل. </p>
<p>‫لقد أدخلنا بعض التحسينات الطفيفة ذات البعد العملياتي، بما في ذلك تعيين العمل بـ <a href="http://dnsviz.net/d/keys.openpgp.org/dnssec/" target="_blank">DNSSEC</a> وتطبيق <a href="/about/api#rate-limiting" target="_blank">الحد من الصبيب</a>، وإضافة لمسات نهائية على ترويسات <a href="https://developer.mozilla.org/fr/docs/Web/HTTP/CSP">سياسات أمان المحتوى</a>. كما أننا قمنا بتفعيل وضع <a href="https://blog.torproject.org/whats-new-tor-0298" target="_blank">القفزة الوحيدة</a> لأجل خدمة البصلة في تُورْ. هناك لائحة كاملة لكل ذلك <a href="https://gitlab.com/keys.openpgp.org/hagrid/merge_requests?scope=all&amp;utf8=%E2%9C%93&amp;state=merged" target="_blank">هنا</a>.</p>
<h4>‫توصيل الرسائل اﻹلكترونية بأمان عبر MTA-STS‏</h4>
    <p>‫من أهم التحسينات التي يجدر لفت الانتباه إليها هو <a href="https://www.hardenize.com/blog/mta-sts">MTA-STS</a>، الذي يُجوِّد من أمان الرسائل اﻹلكترونية الصادرة.</p>
<p>‫على الرغم من سعة انتشار HTTPS عالميا في عصرنا هذا، إلا أن اﻷمر مع اﻷسف لا ينطبق على الرسائل اﻹلكترونية، وذلك لأن عدة خوادم لا تدعم التعمية بالمرة، أو أنها تستخدم شهادات ذاتية التوقيع بدل شهادة مُعترَف بها (كشهادات Let's Encrypt). وبما أن توصيل الرسائل هو ما يهم المستخدمين أكثر من قلة أمانها، فإن العديد من الرسائل ما تزال تُسلَّم دون أي تعمية.</p>
<p>‫بفضل MTA-STS، يمكن أن يحدد المكلفون بالنطاقات (عبر HTTPS) أن خادمهم لعلب الرسائل اﻹلكترونية <em>يدعم</em> التعمية. فعند تعذُّر ربط اتصال آمن مع هذا الصنف من الخوادم، سوف يُؤجَّل إيصال الرسائل، أو قد يُرفَض ذلك، بدل معالجتها بطريقة غير آمنة.</p>
<p>‫هذا اﻷمر في غاية اﻷهمية بالنسبة لخدمة مثل <span class="brand">keys.openpgp.org</span>. إذ لو كانت التعمية غير متينة، فيمكن للأعداء اعتراض رسائل التحقق بكل سهولة. لكن إذا كانت ميزة MTA-STS مُشغَّلة عند مزودي الخدمة، ستكون لديك الثقة بأن توصيل كل رسالة يتم بأمان، نحو الخادم الصحيح لعلب الرسائل اﻹلكترونية.</p>
<p>‫يمكنك <a href="https://aykevl.nl/apps/mta-sts/" target="_blank">القيام بعملية المراقبة</a> للكشف عن دعم خدمة بريدك اﻹلكتروني لميزة MTA-STS. إذا لم يكن اﻷمر كذلك، يُرجى إرسال طلب لرفع مستوى الأمان إلى مزود الخدمة الخاص بك !</p>
<h4>أشغال في طور اﻹنجاز</h4>
    <p>نعمل حاليا على ميزتين :‏</p>
<p>‫أولاها هي <strong>التوطين</strong>. إذ أن غالبية الناس لا يتحدثون اﻹنجليزية، لكنها هي اللغة الوحيدة المدعومة حاليا. ولكي نجعل هذه الخدمة متاحة على نطاق واسع، فنحن نتعاون مع <a href="https://www.opentech.fund/labs/localization-lab/" target="_blank">مختبرات التوطين</a> لمنظمة OTF لجعل كل من الموقع والرسائل المُرسلَة متاحة بالعديد من اللغات اﻷخرى.</p>
<p>‫ثانيها هي إحضار <strong>توقيعات اﻷطراف اﻷخرى</strong>. كما هو <a href="/about/faq#third-party-signatures">مُشار إليه في صفحة اﻷسئلة الشائعة</a>، لكننا لا ندعمها حاليا بسبب الرسائل المزعجة وتفاديا لأي استغلال سيء. الفكرة هي الإجبار على <a href="https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/20/diffs" target="_blank">التوقيعات المتقاطعة</a>، والتي تسمح لكل مفتاح، الاختيار لذاته توقيعات اﻷشخاص التي يريد توزيعها. على الرغم من هذه المرحلة اﻹضافية، إلا أن هذه العملية متوافقة مع البرامج الموجودة حاليا. كما أنها تتفادى المستخدمين الذين لا يبالون بالتوقيعات.</p>
<p>على الرغم من التقدم في العمل على هاتين الميزتين، إلا أنه لم يُبرمَج تاريخ نشرهما في الوقت الحالي.‏</p>
<p>‫أما ما يتعلق بمشكلة « <tt>no user ID</tt> » (المذكورة في <a href="/about/news#2019-06-12-launch-challenges">منشور آخر الأخبار</a> وصفحتنا <a href="/about/faq#older-gnupg" target="_blank">للأسئلة الشائعة</a>)، فإن Debian تولت توفير تصحيح للمشكل، وأيضا فريق GPGTools لنظام تشغيل مَاكْ. لكن إلى حد الساعة لم يقم فريق GnuPG بدمج ذلك التصحيح في برنامجهم.</p>
<p>‫هذا كل شيء ! نشكرك على حسن اهتمامك. <span style="font-size: x-large;">👋</span></p>
<hr style="margin-top: 2em; margin-bottom: 2em;">
<h2 id="2019-06-12-launch">
      <div style="float: right; font-size: small; line-height: 2em;">2019-06-12 📅</div>
      <a href="/about/news#2019-06-12-launch" style="color: black;">لقد شغَّلنا خادما جديدا للمفاتيح ! 🚀‏</a>
    </h2>
    <p>‫بفضل مجهودات فريق عمل كل من <a href="https://enigmail.net" target="_blank">Enigmail</a> و<a href="https://openkeychain.org" target="_blank">OpenKeychain</a> و<a href="https://sequoia-pgp.org">Sequoia PGP</a>، فنحن مسرورون باﻹعلان عن تشغيل خادم OpenPGP جديد للمفاتيح العمومية <span class="brand">keys.openpgp.org</span> ! مرحى ! 🎉</p>
<h4>أخبرني باختصار !‏</h4>
    <ul>
<li>سريع وموثوق. لا انتظارات ولا أعطال ولا أي تضاربات في البيانات.‏</li>
      <li>دقيق. تُظهِر نتائج البحث مفتاحا منفردا، مما يُسهِّل عليك العثور عليه.‏</li>
      <li>القدرة على التحقق. لا ينشر الهويات إلا بعد الموافقة على ذلك، بينما يتيح الوصول بكل حرية لبقية المعلومات التي لا ترتبط بالهوية.‏</li>
      <li>قابلية الحذف. يمكن للمستخدمين حذف المعلومات الشخصية فقط بواسطة رسالة تأكيد.‏</li>
      <li>‫مُبرمَج بلغة Rust، بدعم من <a href="https://sequoia-pgp.org" target="_blank">Sequoia PGP</a> - مجاني ومفتوح المصدر، بموجب اﻹصدار الثالث من الرخصة جْنُو أَفِيرُو العمومية AGPLv3.</li>
    </ul>
    يمكنك البدء اﻵن ب<a href="/upload">رفع مفتاحك</a> !‏
    <h4>لِمَ الحاجة إلى خادم جديد للمفاتيح ؟</h4>
    <p>‫لقد أنشأنا <span class="brand">keys.openpgp.org</span> كبديل عن خوادم المفاتيح SKS، والتي تستخدمها حاليا عدة تطبيقات بشكل افتراضي. تواجه شبكة خوادم المفاتيح المُوزَّعة هذه، عدة مشاكل، من بينها <a target="_blank" href="https://medium.com/@mdrahony/are-sks-keyservers-safe-do-we-need-them-7056b495101c">إساءة الاستخدام</a> و<a target="_blank" href="https://en.wikipedia.org/wiki/Key_server_(cryptographic)#Problems_with_keyservers">اﻷداء</a> وكذلك <a href="http://www.openwall.com/lists/oss-security/2017/12/10/1">مشاكل في الخصوصية</a>، ومنذ وقت قريب، مسائل الامتثال لـ<a target="_blank" href="http://nongnu.13855.n7.nabble.com/SKS-apocalypse-mitigation-td228252.html">النظام الأوروبي العام لحماية البيانات</a>. لقد قام Kristian Fiskerstrand بعمل جبار لصيانة شبكة الخوادم لـ<a target="_blank" href="https://blog.sumptuouscapital.com/2016/12/10-year-anniversary-for-sks-keyservers-net/">ما يزيد عن عشر سنوات</a>. لكن إلى هذه اللحظة، يبدو أن أنشطة التطوير قد <a target="_blank" href="https://bitbucket.org/skskeyserver/sks-keyserver/pull-requests/60/clean-build-with-405">شهد أغلبها توقفا</a>.</p>
<p>لذلك، ارتأينا أنه أتى الوقت لكي نقدم منهجية جديدة لحل تلك المشاكل.</p>
<h4>المعلومات الكاشفة وغير الكاشفة للهوية</h4>
    <p>‫إن خادم المفاتيح <span class="brand">keys.openpgp.org</span> يقوم بفصل المعلومات الكاشفة للهوية عن المعلومات غير الكاشفة للهوية في المفاتيح. يمكنك الاطلاع على تفاصيل أكثر في <a href="/about" target="_blank">صفحة « حول »</a> : إن جوهر هذا اﻹجراء هو التوزيع بكل حرية المعلومات التي لا تكشف عن الهوية (المفاتيح، شهادات النقض، وما إلى ذلك)، بينما لا تُوزَّع البيانات الكاشفة عن الهوية إلا بعد الموافقة على ذلك. كما يمكن التراجع عن تلك الموافقة في أي وقت.</p>
<p>حالما ينتهي التحقق من مفتاح موافق لعنوان البريد الإلكتروني، سوف يعوض العنوان السابق. بهذه الطريقة، سوف يكون كل عنوان مرتبطا بمفتاح منفرد على اﻷكثر. كما يمكن أيضا لمالكه حذفه من اللائحة، في أي وقت. لذلك ينفع هذا اﻷمر في العثور على المفاتيح : فلو أن أحدا أجرى بحثا بعنوان البريد الإلكتروني، ثم عثر على مفتاح، فإن هذا يدل على أنه مفتاح منفرد وصالح في الوقت الحالي للعنوان الذي تم به البحث عنه.‏</p>
<h4>‫الدعم في Enigmail و OpenKeychain</h4>
    <p>‫إن خادم المفاتيح <span class="brand">keys.openpgp.org</span> سيتلقى دعما من أطراف أخرى خلال اﻹصدارات القادمة لـ<a href="https://enigmail.net" target="_blank">Enigmail</a> في Thunderbird، وكذا <a href="https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain&amp;hl=en">OpenKeychain</a> في أندرويد. يعني ذلك، أن مستخدمي هذين التطبيقين سيستفيدون من اكتشاف المفاتيح في أوجز اﻷوقات، بواسطة عنوان البريد الإلكتروني. نتمنى أن يُشكِّل ذلك قوة دافعة لنا لتطوير هذا المشروع، لكي يصبح مبادرة جماعية واسعة اﻵفاق.</p>
<h4 id="2019-06-12-launch-challenges">التحديات الحالية</h4>
    <p>إن تقنيات حماية الخصوصية في خوادم المفاتيح مازالت حديثة. ومع اﻷسف، بسبب فصل معلومات الهوية عن بقية البيانات، مازالت تظهر بعض المشاكل التي تخالف ما كان مُتوافَقا عليه.</p>
<p>‫بالخصوص، حينما يجد GnuPG (الإصدار 2.2.16، إلى حدود كتابة هذه السطور) مفتاح OpenPGP لا يحتوي على أي هوية. إذ يُظهِر الخطأ « no user ID » ولا يواصل معالجة المعلومات الجديدة التي لا تكشف عن الهوية (مثل شهادات النقض)، على الرغم من صلاحية بيانات التعمية. ولهذا، فنحن نعمل بكامل جهدنا لكي نصلح هذه المشاكل.</p>
<h4>في المستقبل</h4>
    <p>‫إن طرق حماية الخصوصية في خوادم المفاتيح مازالت حديثة. كما أن لدينا العديد من اﻷفكار للتقليل من البيانات الوصفية. لكن في الوقت الحالي، نخطط فقط لجعل <span class="brand">keys.openpgp.org</span> أسرع 🐇 وأكثر مصداقية، وكذا تصحيح العلل 🐞 التي نجدها، وأيضا أخذ كل <a href="/about#community">الملاحظات</a> التي تصلنا من مجتمع المستخدمين بعين الاعتبار. 👂</p>
<p>للمزيد من التوضيحات، ما عليك سوى الاطلاع على صفحات <a target="_blank" href="/about">حول</a> وصفحات <a target="_blank" href="/about/faq">اﻷسئلة الشائعة</a>. يمكنك البدء حالا عبر <a href="/upload" target="_blank">رفع مفتاحك</a> ! كما يمكنك الاطلاع على أشياء أخرى مفيدة، مثل <a target="_blank" href="/about/api">واجهة برمجتنا للتطبيقات</a> وكذا <a target="_blank" href="/about/faq#tor">خدمة البصلة</a> !‏</p>
<p>تمتع بالخدمة !‏
<span style="font-size: x-large;">☕🍵</span></p>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">‫حول</a> | <a href="/about/news">اﻷخبار</a> | <a href="/about/usage">الاستخدام</a> | <a href="/about/faq">اﻷسئلة الشائعة</a> | اﻹحصاءات | <a href="/about/privacy">حماية البيانات‬</a>
</h2></center>
    <h3>عناوين البريد الإلكتروني المُتحقَّق منها</h3>
    <p>إحصاء بسيط للعدد اﻹجمالي للعناوين اﻹلكترونية التي تم التحقق منها حاليا. 📈</p>
    <p>
      </p>
<center><img src="/about/stats/month.png"></center>
    
    <p>
      </p>
<center><img src="/about/stats/year.png"></center>
    
    <h3>متوسط الحمولة</h3>
    <p>يعبِّر « متوسط الحمولة » عن مستوى اشتغاله. بتعبير أبسط :‏</p>
<ul>
<li>‫المقدار 0.0 يعني أن مضيف <span class="brand">keys.openpgp.org</span> خامل بالكامل‬</li>
        <li>‫المقدار 1.0 يعني أنه مشغول إلى حد ما</li>
        <li>‫أما المقدار 4.0 فما فوق يدل على أنه يشتعل نارا 🔥‬</li>
      </ul>
<p>
      </p>
<center><img src="/about/stats/load_week.png"></center>
    
</div>
							
							
							
						
@@ -1,119 +0,0 @@
<div class="about usage">
    <center><h2>‫<a href="/about">حول</a> | <a href="/about/news">اﻷخبار</a> | الاستخدام | <a href="/about/faq">اﻷسئلة الشائعة</a> | <a href="/about/stats">اﻹحصاءات</a> | <a href="/about/privacy">حماية البيانات‬</a>
</h2></center>
    <p>‫نقوم في هذه الصفحة، بجمع المعلومات المتعلقة بكيفية استخدام <span class="brand">keys.openpgp.org</span> مع مختلف المنتجات البرمجية التي تعتمد على OpenPGP.<br> مازلنا في صدد إضافة المزيد. إذا لاحظت أشياء ناقصة، يُرجى مراسلتنا حول ذلك، وسنحاول جاهدين، إضافة ما ينقص.‬</p>
    <h2 id="web" style="padding-left: 3%;"><a href="#web">واجهة الموقع</a></h2>
    <p>‫تسمح لك واجهة الموقع في <span class="brand">keys.openpgp.org</span> بـ :‬</p>
    <p>
        </p>
<ul>
<li>
<a href="/">البحث</a> اليدوي عن المفاتيح، بواسطة بصمته أو عنوانه الإلكتروني.‏</li>
            <li>‫<a href="/upload">رفع</a> المفاتيح يدويا، ثم التحقق منها بعد ذلك.‬</li>
            <li>‫<a href="/manage">إدارة</a> مفاتيحك، ثم إزالة الهويات المنشورة.‬</li>
        </ul>
<h2 id="enigmail">
        <div><img src="/assets/img/enigmail.svg"></div>
        <a href="#enigmail">Enigmail</a>
    </h2>
    <p>‫يستخدم <a href="https://enigmail.net" target="_blank">Enigmail</a> في Thunderbird افتراضيا <span class="brand">keys.openpgp.org</span> منذ اﻹصدار 2.0.12.‬</p>
    <p>‫الدعم الكامل متاح منذ اﻹصدار 2.1 لـ Enigmail (في <a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> أو اﻷحدث) :‬</p>
<ul>
<li>سوف تُحدَّث المفاتيح تلقائيا.‏</li>
            <li>خلال إنشاء مفتاحك، يمكنك رفعه ثم التحقق منه.‏</li>
            <li>يمكنك العثور على المفاتيح بعنوان البريد الإلكتروني.‏</li>
        </ul>
<h2 id="gpg-suite">
        <div><img src="/assets/img/gpgtools.png"></div>
        <a href="#gpg-suite">GPG Suite</a>
    </h2>
    <p>‫يستخدم <a href="https://gpgtools.org/">GPG Suite</a> لنظام مَاكْ <span class="brand">keys.openpgp.org</span> افتراضيا، منذ غشت 2019.‬</p>
    <h2 id="openkeychain">
        <div><img src="/assets/img/openkeychain.svg"></div>
        <a href="#openkeychain">OpenKeychain</a>
    </h2>
    <p>‫يستخدم <a href="https://gpgtools.org/">OpenKeychain</a> لنظام أندرويد <span class="brand">keys.openpgp.org</span> افتراضيا، منذ غشت 2019.‬</p>
<ul>
<li>سوف تُحدَّث المفاتيح تلقائيا.‏</li>
            <li>يمكنك العثور على المفاتيح بعنوان البريد الإلكتروني.‏</li>
        </ul>
<p>تجدر اﻹشارة إلى غياب أي دعم مُدمَج لرفع عناوين البريد الإلكتروني وأيضا غياب التحقق منها.‏</p>
    <h2 id="pignus">
        <div><img src="/assets/img/pignus.png"></div>
        <a href="#pignus">Pignus</a>
    </h2>
    <p>‫يستخدم <a href="https://gpgtools.org/">Pignus</a> لنظام iOS ‏<span class="brand">keys.openpgp.org</span> افتراضيا، منذ غشت 2019.‬</p>
<ul>
<li>يمكنك رفع مفاتيحك في أي وقت.‏</li>
            <li>يمكنك العثور على المفاتيح بعنوان البريد الإلكتروني.‏</li>
        </ul>
<h2 id="gnupg">
        <div><img src="/assets/img/gnupg.svg"></div>
        <a href="#gnupg">GnuPG</a>
    </h2>
    <p>‫لتهيئة <a href="https://gnupg.org">GnuPG</a> لكي يستخدم <span class="brand">keys.openpgp.org</span> كخادم للمفاتيح، عليك بإضافة السطر التالي في الملف <tt>gpg.conf</tt> :‬</p>
<blockquote>keyserver hkps://keys.openpgp.org</blockquote>
    
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">جلب المفاتيح</a></h4>
    <ul>
<li>للعثور على مفتاح مستخدم ما، بعنوان البريد الإلكتروني :‏<blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>لإنعاش كل مفاتيحك (مثلا شهادات النقض أو المفاتيح الفرعية) :‏<blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
<h4 id="gnupg-upload"><a href="#gnupg-upload">رفع مفتاحك</a></h4>
    <p>‫يمكن رفع المفاتيح بواسطة GnuPG عبر اﻷمر <tt>‎--send-keys</tt>، لكن لن يكون ممكنا التحقق من معلومات الهوية بتلك الطريقة لكي يكون باﻹمكان العثور على المفتاح بعنوان البريد الإلكتروني (<a href="/about">ماذا يعني هذا ؟</a>)‬</p>
    <ul>
<li>يمكنك محاولة استخدام هذا الاختصار لرفع مفتاحك، والذي سيُظهِر وصلة مباشرة نحو صفحة التحقق :‏<blockquote>gpg --export your_address@example.net | curl -T - {{ base_uri }}</blockquote>
        </li>
        <li>‫بالمقابل، يمكنك تصديرها نحو ملف، ثم تحديد الملف في صفحة <a href="/upload" target="_blank">الرفع</a> :‬<blockquote>gpg --export your_address@example.net &gt; my_key.pub</blockquote>
        </li>
    </ul>
<h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">المُساعَفة</a></h4>
    <ul>
<li>‫تتضمن بعض الملفات القديمة مثل <tt>‎~/gnupg/dirmngr.conf</tt> سطرا يشبه :‬<blockquote>hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem</blockquote>
            <p>تلك التهيئة لم تعد ضرورية، لكنها تمنع الشهادات المعتادة من العمل. لذلك، يُوصَى ببساطة بإزالة ذلك السطر من ملف التهيئة.</p>
        </li>
        <li>خلال إنعاش المفاتيح، قد تظهر لك أخطاء كاﻵتي :‏<blockquote>gpg: key A2604867523C7ED8: no user ID</blockquote>
            ‫ذلك <a href="https://dev.gnupg.org/T4393" target="_blank">مشكل معروف في GnuPG</a>، ونحن نعمل مع فريق GnuPG لحل تلك المشكلة.‬
        </li>
    </ul>
<h4 id="gnupg-tor"><a href="#gnupg-tor">الاستخدام مع تُورْ</a></h4>
    <p>‫بالنسبة للمستخدمين الأكثر حذرا، يمكن الوصول إلى <span class="brand">keys.openpgp.org</span> بشكل مجهول بواسطة خدمة البصلة، إذا كان لديك <a href="https://support.torproject.org/fr/onionservices/#onionservices-2" target="_blank">تُورْ</a> مُثبَّتا، عليك باستخدام التهيئة التالية :‬</p>
<blockquote>keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</blockquote>
    
    <h2 style="padding-left: 3%;" id="wkd-as-a-service"><a href="#wkd-as-a-service">خدمة  دليل مفاتيح الوِبْ</a></h2>
    <p>‫إن دليل مفاتيح الوِبْ (اختصارا، باﻹنجليزية WKD) هي معيار البحث عن مفاتيح OpenPGP بواسطة عنوان البريد اﻹلكتروني، عبر اسم نطاق مزود خدمة البريد اﻹلكتروني. كما أنه يُستخدَم للعثور على المفاتيح المجهولة في بعض تطبيقات البريد اﻹلكتروني، مثل <a href="https://www.gpg4win.de/about.html" target="_blank">GpgOL</a>.‬</p>
<p>‫يمكن استخدام <span class="brand">keys.openpgp.org</span> كخدمة WKD مع أي نطاق. للقيام بذلك، يحتاج ذلك النطاق إلى تسجيلة <tt>CNAME</tt> تفوض لنطاقه الفرعي <tt>openpgpkey</tt> التوجيه نحو <tt>wkd.keys.openpgp.org</tt>. من المفترض أن يكون ذلك ممكنا انطلاقا من واجهة موقع أي مضيف لنظام أسماء النطاقات.‬</p>
<p>‫فور تفعيله لنطاق ما، ستصبح العناوين المُتحقَّق منها متاحة للبحث عنها تلقائيا بفضل الخدمة WKD.‬</p>
<p>‫من المفترض أن تكون تسجيلة <tt>CNAME</tt> تقريبا، على الشكل التالي :‬</p>
<blockquote>‪$ drill openpgpkey.example.org<br>‬
        ...<br>
‪        openpgpkey.example.org.       300     IN      CNAME   wkd.keys.openpgp.org.‬</blockquote>
    <p>هناك طريقة بسيطة للتحقق من عمل تلك الخدمة :‏</p>
<blockquote>‪$ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>‬
‪CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>‬</blockquote>
    <p>لفحص جلب المفاتيح :‏</p>
<blockquote>‪$ gpg --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org<br>‬</blockquote>
    <h2 style="padding-left: 3%;">واجهة برمجة التطبيقات</h2>
    <p>‫لقد وفرنا لك واجهة برمجة لدعم الاندماج مع تطبيقات OpenPGP. يمكنك الاطلاع على <a href="/about/api">وثائقنا لواجهة برمجة التطبيقات</a>.‬</p>
    <h2 style="padding-left: 3%;">أخريات</h2>
    <p>‫أ ينقصك دليل خاص ببرنامج OpenPGP المفضل لديك ؟ هذا الموقع يتطور باستمرار، ونحن نتقبَّل من يعيننا على تحسينه. ما عليك سوى إخبارنا بالبريد الإلكتروني <span class="email">support في keys نقطة openpgp نقطة org</span> إذا رغبت بمساعدتنا.‬</p>
</div>
							
							
							
						
@@ -1,30 +0,0 @@
<div class="about">
    <center><h2>Sobre | <a href="/about/news">Novetats</a> | <a href="/about/usage">Ús</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Estadístiques</a> | <a href="/about/privacy">Privacitat</a>
</h2></center>
    <p>El servidor <tt>keys.openpgp.org</tt> és un servei públic per a la distribució i descobriment de claus compatibles amb OpenPGP, normalment conegut com a servidor de claus o "keyserver".</p>
    <p><strong>Per instruccions, veieu la nostra <a href="/about/usage">guia d'ús</a>.</strong></p>
    <h3>Com funciona</h3>
    <p>Una clau OpenPGP conté dos tipus d'informació:</p>
    <ul>
<li>
<strong>Informació d'identitat</strong> descriu les parts de la clau que identifiquen el seu propietari, també coneguda com a identificadors d'usuari o "User IDs". Un User ID tipicament inclou un nom i una adreça de correu electrònic.</li>
        <li>
<strong>Informació no identitària</strong> és tota aquella informació tècnica sobre la clau mateixa. Inclou els grans nombres utilitzats per a verificar signatunes i encriptar missatges. També inclou "metadades" com la data de creació, dates d'expiració, i estat de revocació.</li>
    </ul>
<p>Tradicionalment aquestes peces d'informació s'han distribuït sempre juntes. A <span class="brand">keys.openpgp.org</span> es tracten de forma diferent. Mentre que qualsevol pot pujar totes les parts d'una clau OpenPGP a <span class="brand">keys.openpgp.org</span>, el nostre servidor de claus només guarda i publica determinades parts sota determinades condicions:</p>
    <p>Qualsevol <strong>informació no identitària</strong> serà guardada i gratuitament distribuïda, si passa un controls d'integritat criptogràfica. Qualsevol pot descarregar aquestes parts en qualsevol moment ja que contenen només dades tècniques que no poden ser utilitzades per a identificar directament una persona. Un bon programari OpenPGP pot utilitzar <span class="brand">keys.openpgp.org</span> per mantenir aquesta informació al dia per a qualsevol clau que conegui. Això ajuda als usuaris de OpenPGP a mantenir comunicacions segures i confiables.</p>
    <p>La <strong>informació identitària</strong> d'una clau OpenPGP només es distribueix amb consentiment. Conté dades personals, i no és estrictament necessaria per encriptar o verificar signatures d'una clau. Un cop el propietari dóna el seu consentiment verificant la seva adreça de correu electrònic, la clau pot trobar-se amb una cerca per adreça.</p>
    <h3 id="community">Comunitat i plataforma</h3>
    <p>Aquest servei funciona com un treball comunitari. Podeu parlar amb nosaltres al canal #hagrid de Freenode IRC, també com #hagrid:stratum0.org a Matrix. Per suposat podeu trobar-nos per correu electrònic a <tt>support at keys dot openpgp dot org</tt>. Els companys que fan funcionar aquest servei provenen de diferents projectes dins de l'ecosistema OpenPGP, incloent-hi Sequoia-PGP, OpenKeychain, i Enigmail.</p>
    <p>Tècnicament, <tt>keys.openpgp.org</tt> funciona sobre el programari servidor de claus <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a>, que està basat en <a href="https://sequoia-pgp.org">Sequoia-PGP</a>. Estem funcionant sobre <a href="https://eclips.is" target="_blank">eclips-is</a>, una plataforma de "hosting" que posa focus en projectes de la Internet Freedom, i gestionada per <a href="https://greenhost.net/" target="_blank">Greenhost</a>.</p>
</div>
							
							
							
						
@@ -1,85 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Sobre</a> | <a href="/about/news">Novetats</a> | <a href="/about/usage">Ús</a> | FAQ | <a href="/about/stats">Estadístiques</a> | <a href="/about/privacy">Privacitat</a>
</h2></center>
    <h3 id="sks-pool"><a href="#sks-pool">Aquest servidor forma part del pool "SKS" ?</a></h3>
    <p>No. El model federat del pool SKS té diversos problemes en termes de fiabilitat, possibilitat d'abús, privacitat i usabilitat. Podem realitzar alguna cosa semblant, però <span class="brand">keys.openpgp.org</span> mai no formarà part del pool SKS.</p>
    <h3 id="federation"><a href="#federation">Està keys.openpgp.org federat? Puc ajudar aportant una instància ?</a></h3>
    <p>De moment no. Tenim previst descentralitzar <span class="brand">keys.openpgp.org</span> en algún moment. Amb diferents servidors d'operadors independents esperem millorar la fiabilitat d'aquest servei encara més.</p>
    <p>Diverses persones s'han ofert a ajudar fent córrer una instància de servidor Hagrid. Apreciem realment aquestes ofertes, però probablement mai hi haurà una federació 'oberta' com SKS, on tothom pot fer córrer una instància i formar part del pool. Això és per dues raons:</p>
    <ol>
<li>Una federació amb participació oberta requereix que totes les dades siguin públiques. Això afecta significativament la privacitat dels usuaris perquè permet a qualsevol obtenir una llista de totes les adreces de correu electrònic.</li>
        <li>Els servidors gestionats com a passatemps per administradors casuals no encaixen amb els nostres estàndards de fiabilitat i rendiment. </li>
    </ol>
<h3 id="non-email-uids"><a href="#non-email-uids">Per què no hi ha suport per identitats que no són adreces de correu electrònic ?</a></h3>
    <p>Requerim consentiment explícit per a distribuir informació sobre identitats. Les identitats que no són correus electrònics, com imatges o adreces de correu, no tenen una forma fàcil d'obtenir aquests consentiments.</p>
    <p>Nota: algun programari OpenPGP crea claus amb adreces de correu electrònic formatejades incorrectament. Aquestes adreces podrien no ser reconegudes a <span class="brand">keys.openpgp.org</span>.</p>
    <h3 id="verify-multiple"><a href="#verify-multiple">Puc verificar més d'una clau per alguna adreça de correu electrònic ?</a></h3>
    <p>Una adreça de correu electrònic pot estar associada només a una sola clau. Quan una adreça és verifica per a una nova clau, no torna a apareixer a les altres claus per a les estava associada previament. <a href="/about">La informació impersonal</a> sí que es manté distribuida per a totes les claus.</p>
    <p>Això significa que la cerca per adreça de correu electrònic només torna una única clau, no múltiples candidates. Això elimina l'elecció impossible per a l'usuari ("Quina és la clau correcta ?"), i fa la cerca per adreça de correu electrònic molt més convenient.</p>
    <h3 id="email-protection"><a href="#email-protection">Què feu per a protegir els correus de verificació ?</a></h3>
    <p>Utilitzem un estàndard actual anomenat <a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a>, combinat amb <a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a> de la EFF, per estar segurs que els correus de validació són enviats de forma segura. Això protegeig contra l'espionatge i la interceptació durant l'enviament.</p>
    <p>El mecanisme MTA-STS depén de la correcta configuració dels servidors de correu electrònic. Podeu <a href="https://www.hardenize.com/">provar aquest test</a> per a veure si el vostre proveïdor d'internet el suporta. Si el símbol "MTA-STS" a l'esquerra no és una marca verda, si us plau demaneu al vostre proveïdor que actualitzi la seva configuració.</p>
    <h3 id="third-party-signatures"><a href="#third-party-signatures">Distribuiu signatures de terceres parts ?</a></h3>
    <p>Resposta curta: No.</p>
    <p>Una signatura de tercera part és una signatura d'una clau feta per una altra clau. El més habitual és que aquestes signatures siguin fetes quan se signa la clau d'una altra persona, el que és la base de la <a href="https://en.wikipedia.org/wiki/Web_of_trust" target="_blank">xarxa de confiança</a>. Per unes quantes raon aquestes signatures no són distribuides actualment per <span class="brand">keys.openpgp.org</span>.</p>
    <p>La raó principal és <strong>spam</strong>. Les signatures de terceres parts permeten adjuntar qualsevol mena d'información a la clau de qualsevol, i res atura a un usuari maliciós d'adjuntar tanta informació a una clau que la converteix en pràcticament inusable. Encara pitjor, l'usuari maliciós pot adjuntar contingut ofensiu o il·legal.</p>
    <p>Hi ha idees per a resoldre aquest problema. Per exemple, les signatures podrien ser distribuides amb el signador, enlloc del signat. Alternativament, podriem requerir signatures creuades 'cross-signin' amb el signat abans de la distribució i així suportar el procediment <a href="https://wiki.debian.org/caff" target="_blank">caff-style</a>. Si hi ha prou interès, estem oberts a treballar amb altres projectes OpenPGP en una solució.</p>
    <h3 id="no-sign-verified"><a href="#no-sign-verified">Per què no signar les claus després de verificar-les ?</a></h3>
    <p>El servei de <span class="brand">keys.openpgp.org</span> està dirigit a la distribució i descobriment de claus, no com una autoritat de certificació. Les implementacions de clients que volen oferir comunicacions verificades han de suportar-se en els seus propis models de confiança.</p>
    <h3 id="revoked-uids"><a href="#revoked-uids">Per què les identitats revocades no es distribueixen com a tals ?</a></h3>
    <p>Cuan una clau OpenPGP marca una de les seves identitats com a revocada, aquesta identitat no hauria de considerar-se mai més vàlida per a la clau, i idealment, aquesta informació hauria de distribuir-se a tots els clients OpenPGP que encara coneixen la identitat ara revocada.</p>
    <p>Per desgràcia no hi ha una manera de distribuir revocacions que alhora no revelin la pròpia identitat revocada. No volem distribuir identitats revocades, de manera que no podem distribuir identitats.</p>
    <p>Hi ha proposades solucions a aquest problema, que permeten la distribució de revocacions sense revelar les identitats. Però encara no hi ha una especificació final, o el suport de cap programari OpenPGP. Esperem que s'estabeixi una solució en un futur, y aleshores afegirem el suport a <span class="brand">keys.openpgp.org</span> tan ràpid com puguem.</p>
    <h3 id="search-substring"><a href="#search-substring">Per què no és possible cercar per parts d'adreces de correu electròric, com per exemple el domini ?</a></h3>
    <p>Alguns servidors de claus donen suport a la cerca de claus per parts d'adreces de correu elctrònic. Això permet el descobriment no només de claus, sino també d'adreces, amb una cerca per exemple com "claus d'adreces a gmail punt com". Això exposa efectivament les adreces d'aquests servidors a llistats publics.</p>
    <p>Una cerca per adreça de correu electrònic a <span class="brand">keys.openpgp.org</span> retorna una clau només si coindixeix exactament amb aquesta adreça. D'aquesta manera un usuari normal pot trobar la clau associada a qualsevol adreça que coneix, però no pot descobrir cap nova adreça de correu electrònic. Això evita que un usuari maliciós o spammer pugui obtenir fàcilment la llista de totes les adreces del servidor.</p>
    <p>Hem fet aquesta restricció part de la nostra <a href="/about/privacy">política de privacitat</a>, el que significa que no podem canviar-la sense demanar el consentiment dels usuaris.</p>
    <h3 id="tor"><a href="#tor">Suporteu Tor ?</a></h3>
    <p>Per suposat ! Si teniu Tor instal·lat podreu arribar a <span class="brand">keys.openpgp.org</span> de forma anònima com un <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">servei onion</a>: 
<a href="http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion">zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</a></p>
    <h3 id="encrypt-verification-emails"><a href="#encrypt-verification-emails">Per què no encripteu els correus de verificació ?</a></h3>
    Hi ha diverses raons:
    <ol>
<li>És més complicat, tant pels nostres usuaris com per a nosaltres.</li>
        <li>No evita els atacs - un atacant no guanya res de pujar una clau a la que no té accés.</li>
        <li>L'esborrat hauria de ser possible encara que la clau s'hagués perdut.</li>
        <li>Requeriria un mecanisme diferent (i encara més complicat) per pujar claus només de signatura.</li>
    </ol>
<h3 id="older-gnupg"><a href="#older-gnupg">Tinc algún problema pujant algunes claus amb GnuPG. Hi ha algun error ?</a></h3>
    <p>Hi ha un problema amb la versió actual de GnuPG. Si intenteu pujar una clau des de <span class="brand">keys.openpgp.org</span> que no conté <a href="/about">informació d'identitat</a>, GnuPG rebutjarà processar aquesta clau.</p>
    <blockquote>$ gpg --receive-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key EB85BB5FA33A75E15E944E63F231550C4F47E38E: no user ID</blockquote>
    <p>Estem treballant amb l'equip de GnuPG per resoldre aquest problema.</p>
</div>
							
							
							
						
@@ -1,64 +0,0 @@
<div class="about">
    <center><h2>Info | <a href="/about/news">Novinky</a> | Použití  | <a href="/about/faq">Časté dotazy</a> | <a href="/about/stats">Statistiky</a> | <a href="/about/privacy">Soukromí</a>
</h2></center>
    <p>Server <span class="brand">keys.openpgp.org</span> je veřejnou službou pro
distribuci a vyhledávání klíčů kompatibilních s protokolem OpenPGP, běžně
se označuje jako "keyserver".</p>
    <p><strong>Pokyny naleznete v našem <a href="/about/usage">průvodci používáním</a>.</strong></p>
    <h3>Jak to funguje</h3>
    <p>OpenPGP klíč obsahuje dva typy informací:</p>
    <ul>
<li>
<strong>Informace o identitě</strong> popisují části
klíče, které identifikují jeho vlastníka, známé také jako "ID uživatele".
ID uživatele obvykle obsahuje jméno a e-mailovou adresu.</li>
        <li>
<strong>Ne-identitní informace</strong> jsou všechny technické
informace o samotném klíči. Patří sem velká čísla
používané pro ověřování podpisů a šifrování zpráv.
Zahrnuje také metadata, jako je datum vytvoření, údaje o datumech platnosti
a stav odvolání.</li>
    </ul>
<p>Tyto informace byly vždy tradičně distribuovány.
společně. Na <span class="brand">keys.openpgp.org</span> se s nimi
zachází jinak. Zatímco kdokoli může nahrát všechny části libovolného klíče OpenPGP.
na <span class="brand">keys.openpgp.org</span>, náš keyserver
bude uchovávat a zveřejňovat pouze určité části za určitých
podmínek:</p>
    <p>Veškeré informace <strong>ne-identitní údaje</strong> budou uloženy a volně
přístupné, pokud projdou kryptografickou kontrolou integrity.
Tyto části si může kdokoli kdykoli stáhnout, protože obsahují pouze
technické údaje, které nelze použít k přímé identifikaci osoby.
Dobrý OpenPGP software může používat <span class="brand">keys.openpgp.org</span>
k aktualizaci těchto informací pro každý klíč, o kterém ví.
To pomáhá uživatelům OpenPGP udržovat bezpečnou a spolehlivou komunikaci.</p>
    <p><strong>Informace o identitě</strong> v klíči OpenPGP
se šíří pouze se souhlasem.
Obsahují osobní údaje a nejsou nezbytně nutné pro
klíč použít pro šifrování nebo ověření podpisu.
Jakmile vlastník udělí souhlas ověřením své e-mailové adresy,
lze klíč najít pomocí vyhledávání podle adresy.</p>
    <h3 id="community">Komunita a platforma</h3>
    <p>Tato služba je provozována komunitou.
Mluvit s námi můžete v #hagrid na OFTC IRC,
nebo jsem dostupní jako #hagrid:stratum0.org na Matrix.
Samozřejmě se s námi můžete spojit také prostřednictvím e-mailu,
na adrese <tt>support zavináč keys tečka openpgp tečka org</tt>.
Lidé, kteří službu provozují, přicházejí
z různých projektů v ekosystému OpenPGP,
včetně Sequoia-PGP, OpenKeychain a Enigmail.</p>
    <p>Technicky
je <span class="brand">keys.openpgp.org</span> provozován na keyserver softwaru <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a>,
který je založen na <a href="https://sequoia-pgp.org">Sequoia-PGP</a>.
Běžíme na <a href="https://eclips.is" target="_blank">eclips.is</a>, hostingové platformě zaměřené na Internet Freedom projekty, tu spravuje <a href="https://greenhost.net/" target="_blank">Greenhost</a>.</p>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Info</a> | <a href="/about/news">Novinky</a> | <a href="/about/usage">Použití</a>  | <a href="/about/faq">Časté dotazy</a> | Statistiky | <a href="/about/privacy">Soukromí</a>
</h2></center>
    <h3>Ověřené emailové adresy</h3>
    <p>Jednoduchá statistika celkového počtu aktuálně ověřených e-mailových adres. 📈</p>
    <p>
      </p>
<center><img src="/about/stats/month.png"></center>
    
    <p>
      </p>
<center><img src="/about/stats/year.png"></center>
    
    <h3>Průměrná zátěž</h3>
    <p>"Průměrná zátěž" serveru je statistický údaj o jeho vytíženosti. Jednoduše řečeno:</p>
<ul>
<li>0.0 znamená, že server <span class="brand">keys.openpgp.org</span> je zcela nečinný</li>
        <li>1.0 znamená, že je poměrně zaneprázdněný</li>
        <li>4.0 a více znamená, že fakt maká 🔥</li>
      </ul>
<p>
      </p>
<center><img src="/about/stats/load_week.png"></center>
    
</div>
							
							
							
						
@@ -1,157 +0,0 @@
<div class="about usage">
    <center><h2>
<a href="/about">Info</a> | <a href="/about/news">Novinky</a> | Použití  | <a href="/about/faq">Časté dotazy</a> | <a href="/about/stats">Statistiky</a> | <a href="/about/privacy">Soukromí</a>
</h2></center>
    <p>Na této stránce shromažďujeme informace o tom, jak používat
<span class="brand">keys.openpgp.org</span> s různými nástroji OpenPGP
softwarovými produkty.<br>
Stále probíhá proces přidávání dalších. Pokud vám některé chybí, prosím
napište nám a my se je pokusíme doplnit.</p>
    <h2 id="web" style="padding-left: 3%;"><a href="#web">Webové rozhraní</a></h2>
    <p>Webové rozhraní na <span class="brand">keys.openpgp.org</span> vám umožňuje:</p>
    <p>
        </p>
<ul>
<li>
<a href="/">Hledat</a> klíče manuálně, podle otisku nebo emailové adresy.</li>
            <li>
<a href="/upload">Nahrát</a> klíče manuálně a po nahrání je ověřit.</li>
            <li>
<a href="/manage">Spravovat</a> vaše klíče a odstraňovat zveřejněné identity.</li>
        </ul>
<h2 id="enigmail">
        <div><img src="/assets/img/enigmail.svg"></div>
        <a href="#enigmail">Enigmail</a>
    </h2>
    <p><a href="https://enigmail.net" target="_blank">Enigmail</a> pro Thunderbird
implicitně používá <span class="brand">keys.openpgp.org</span> od
verze 2.0.12.</p>
    <p>Plná podpora je dostupná od verze Enigmail 2.1
(pro <a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> nebo novější):</p>
<ul>
<li>Klíče budou automaticky aktualizovány.</li>
            <li>Během vytváření klíče můžete nahrát a ověřit svůj klíč.</li>
            <li>Klíče lze nalézt podle e-mailové adresy.</li>
        </ul>
<h2 id="gpg-suite">
        <div><img src="/assets/img/gpgtools.png"></div>
        <a href="#gpg-suite">GPG Suite</a>
    </h2>
    <p><a href="https://gpgtools.org/">GPG Suite</a> pro macOS
implicitně používá <span class="brand">keys.openpgp.org</span>
od srpna 2019.</p>
    <h2 id="openkeychain">
        <div><img src="/assets/img/openkeychain.svg"></div>
        <a href="#openkeychain">OpenKeychain</a>
    </h2>
    <p><a href="https://www.openkeychain.org/">OpenKeychain</a> pro Android
implicitně používá <span class="brand">keys.openpgp.org</span>
od července 2019.</p>
<ul>
<li>Klíče budou automaticky aktualizovány.</li>
            <li>Klíče lze nalézt podle e-mailové adresy.</li>
        </ul>
<p>Poznámka: zatím není k dispozici vestavěná podpora pro odesílání a ověřování e-mailové adresy.</p>
    <h2 id="pignus">
        <div><img src="/assets/img/pignus.png"></div>
        <a href="#pignus">Pignus</a>
    </h2>
    <p><a href="https://www.frobese.de/pignus/">Pignus</a> pro iOS
implicitně používá <span class="brand">keys.openpgp.org</span>
od listopadu 2019.</p>
<ul>
<li>Vaše klíče mohou být nahrány kdykoli.</li>
            <li>Klíče lze nalézt podle e-mailové adresy.</li>
        </ul>
<h2 id="gnupg">
        <div><img src="/assets/img/gnupg.svg"></div>
        <a href="#gnupg">GnuPG</a>
    </h2>
    <p>Pro nastavení <a href="https://gnupg.org">GnuPG</a>
aby jako keyserver používal <span class="brand">keys.openpgp.org</span>,
přidejte tento řádek do souboru <tt>gpg.conf</tt>:</p>
<blockquote>keyserver hkps://keys.openpgp.org</blockquote>
    
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">Získání klíčů</a></h4>
    <ul>
<li>Vyhledání klíče uživatele podle e-mailové adresy:<blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>Obnovení všech vašich klíčů (např. nových certifikátů odvolání a podklíčů):<blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
<h4 id="gnupg-upload"><a href="#gnupg-upload">Nahrání vašeho klíče</a></h4>
    <p>Klíče lze nahrát pomocí příkazu <tt>--send-keys</tt> v GnuPG, ale
tímto způsobem nelze ověřit informace o identitě tak, aby byl klíč
dohledatelný podle e-mailové adresy (<a href="/about">co to znamená?</a>).</p>
    <ul>
<li>Můžete vyzkoušet tuto zkratku pro nahrání klíče, která vypisuje.
přímý odkaz na ověřovací stránku:<blockquote>gpg --export your_address@example.net | curl -T - {{ base_uri }}</blockquote>
        </li>
        <li>Můžete je také exportovat do souboru.
a vybrat tento soubor na stránce pro <a href="/upload" target="_blank">nahrání</a>:<blockquote>gpg --export your_address@example.net &gt; my_key.pub</blockquote>
        </li>
    </ul>
<h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">Řešení potíží</a></h4>
    <ul>
<li>Některé staré <tt>~/gnupg/dirmngr.conf</tt> soubory obsahují takovýto řádek:<blockquote>hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem</blockquote>
            <p>Toto nastavení již není nutné,
ale zabraňuje fungování běžných certifikátů.
Doporučujeme tento řádek z konfigurace jednoduše odstranit.</p>
        </li>
        <li>Při obnovování klíčů se mohou zobrazit následující chyby:<blockquote>gpg: key A2604867523C7ED8: no user ID</blockquote>
            Jedná se o <a href="https://dev.gnupg.org/T4393" target="_blank">známý problém v GnuPG</a>.
Na vyřešení tohoto problému spolupracujeme s týmem GnuPG.
        </li>
    </ul>
<h4 id="gnupg-tor"><a href="#gnupg-tor">Použití přes Tor</a></h4>
    <p>Pro uživatele, kteří chtějí být extra opatrní,
na stránku <span class="brand">keys.openpgp.org</span> lze vstoupit anonymně přes <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion sužbu</a>.
Pokud máte nainstalovaný 
<a href="https://www.torproject.org/" target="_blank">Tor</a>,
použijte následující konfiguraci:</p>
<blockquote>keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</blockquote>
    
    <h2 style="padding-left: 3%;" id="wkd-as-a-service"><a href="#wkd-as-a-service">WKD jako služba</a></h2>
    <p>Web Key Directory (WKD) je standard pro hledání klíčů OpenPGP podle e-mailové adresy prostřednictvím domény jejího poskytovatele.
Používá se ke zjišťování neznámých klíčů v některých e-mailových klientech, jako je například <a href="https://www.gpg4win.de/about.html" target="_blank">GpgOL</a>.</p>
<p><span class="brand">keys.openpgp.org</span> lze použít jako spravovanou službu WKD pro libovolnou doménu.
K tomu stačí, když doména vytvoří záznam <tt>CNAME</tt>, který deleguje její subdoménu <tt>openpgpkey</tt> na <tt>wkd.keys.openpgp.org</tt>.
To by mělo být možné provést ve webovém rozhraní libovolného hostitele DNS.</p>
<p>Po povolení domény budou její ověřené adresy automaticky k dispozici pro vyhledávání prostřednictvím WKD.</p>
<p><tt>CNAME</tt> záznam by měl vypadat takto:</p>
<blockquote>$ drill openpgpkey.example.org1<br>
...<br>
openpgpkey.example.org. 300 IN CNAME wkd.keys.openpgp.org.</blockquote>
    <p>K dispozici je jednoduchá kontrola stavu pro testování služby:</p>
<blockquote>$ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>
CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>
</blockquote>
    <p>Pro testování získání klíčů:</p>
<blockquote>$ gpg --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org<br>
</blockquote>
    <h2 style="padding-left: 3%;">API</h2>
    <p>Nabízíme API pro integrovanou podporu v OpenPGP aplikacích. Podívejte se na
naši <a href="/about/api">dokumentaci API</a>.</p>
    <h2 style="padding-left: 3%;">Další</h2>
    <p>Chybí vám průvodce pro vaši oblíbenou implementaci? Tuto stránku
se snažíme vylepšovat. Napište nám na adresu
<span class="email">support zavináč keys tečka openpgp tečka org</span>, pokud
chcete pomoci!</p>
</div>
							
							
							
						
@@ -1,37 +0,0 @@
<div class="about">
    <center><h2>Übersicht | <a href="/about/news">News</a> | <a href="/about/usage">Nutzung</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistik</a> | <a href="/about/privacy">Privacy Policy</a>
</h2></center>
    <p>Der <span class="brand">keys.openpgp.org</span> Server ist ein öffentlicher Service für die Verteilung von OpenPGP-Schlüsseln, üblicherweise als "Keyserver" bezeichnet.</p>
    <p><strong>Für Details zur Nutzung, siehe <a href="/about/usage">Nutzungshinweise</a></strong></p>
    <h3>Funktionsweise</h3>
    <p>Ein OpenPGP Schlüssel enthält zwei Arten Information:</p>
    <ul>
<li>
<strong>Identitäten</strong> beschreiben die Teile des Schlüssels, welche den Besitzer identifizieren. Sie sind auch bekannt als "User IDs", und enhalten typischerweise einen Namen und eine Email-Adresse.</li>
        <li>Die <strong>Nicht-Identitäts-Informationen</strong> enthalten techische Details über den Schlüssel an sich. Dies sind insbesondere die mathematischen Objekte, mit deren Hilfe Signaturen berechnet und Nachrichten verschlüsselt werden. Auch enthält dies Metadaten des Schlüssels wie den Zeitpunkt der Erstellung, ein eventuelles Ablaufdatum, und den Widerrufsstatus.</li>
    </ul>
<p>Traditionell wurden diese Bestandteile von Keyservern gemeinsam ausgeliefert. Auf <span class="brand">keys.openpgp.org</span> werden sie jedoch getrennt behandelt: Während Nicht-Identität-Informationen jedes Schlüssels frei hochgeladen werden können, werden Identitäts-Informationen nur unter bestimmten Bedingungen gespeichert und weiter veröffentlicht:</p>
    <p>Die <strong>Nicht-Identitäts-Informationen</strong> eines Schlüssels sind rein technischer Natur, und können nicht zur direkten Identifikation von Personen verwendet werden. Sie werden nach Prüfung der kryptografischen Integrität ohne weitere Bestätigung gespeichert und verteilt. Fortgeschrittene OpenPGP-Anwendungen können <span class="brand">keys.openpgp.org</span> verwenden, um diese Informationen in allen bekannten Schlüsseln auf dem neusten Stand zu halten, und eine sichere und zuverlässige Kommunikation sicherzustellen.</p>
    <p>Die <strong>Identitäts-Informationen </strong> eines OpenPGP-Schlüssels enthalten persönliche Daten ihres Besitzers. Sie werden ausschließlich mit dessen Zustimmung veröffentlicht, welche mit einer simplen Bestätigung via Email abgefragt wird. Insbesondere kann ein Schlüssel nur mit Zustimmung anhand seiner Email-Adressen in der Suche gefunden werden.</p>
    <h3 id="community">Community und Plattform</h3>
    <p>Dieser Dienst wird als Gemeinschaftsprojekt betrieben.
        Du kannst mit uns in
        #hagrid auf dem OFTC IRC sprechen,
        auch als #hagrid:stratum0.org auf Matrix erreichbar.
        Natürlich kannst du uns auch unter,
        <tt>support at keys dot openpgp punkt org</tt> per E-Mail erreichen.
        Die Leute, die den Dienst betreiben, kommen
        aus verschiedenen Projekten im OpenPGP Ökosystem,
        wie Sequoia-PGP, OpenKeychain, und Enigmail.</p>
    <p>Technisch verwendet <tt>keys.openpgp.org</tt> die <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a> Keyserver-Software, welche auf <a href="https://sequoia-pgp.org">Sequoia-PGP</a> basiert. Der Dienst wird gehostet auf der <a href="https://eclips.is" target="_blank">eclips.is</a> Plattform, die von <a href="https://greenhost.net/" target="_blank">Greenhost</a> unterhalten wird und sich auf Internet-Freedom-Projekte spezialisiert.</p>
</div>
							
							
							
						
@@ -1,120 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Übersicht</a> | <a href="/about/news">News</a> | <a href="/about/usage">Nutzung</a> | FAQ | <a href="/about/stats">Statistik</a> | <a href="/about/privacy">Privacy Policy</a>
</h2></center>
    <p><strong>Für Details zur Nutzung, siehe <a href="/about/usage">Nutzungshinweise</a>.</strong></p>
    <h3 id="sks-pool"><a href="#sks-pool">Ist dieser Server Teil des "SKS Pools"?</a></h3>
    <p>Nein. Das Föderations-Modell des SKS Pools hat mehrere Probleme bezüglich Zuverlässigkeit, Widerstandsfähigkeit gegen Vandalismus, und Nutzbarkeit. Wir werden in Zukunft möglicherweise eine ähnlich verteilte Infrastruktur einführen, aber <span class="brand">keys.openpgp.org</span> wird nie Teil des SKS Pools werden.</p>
    <h3 id="federation"><a href="#federation">Ist keys.openpgp.org föderiert? Kann ich mit einer eigenen Instanz mithelfen?</a></h3>
    <p>Aktuell nein. Wir planen, <span class="brand">keys.openpgp.org</span> zu dezentralisieren. Mit mehreren Servern, die von unabhängigen Administratoren gepflegt werden, wäre es möglich die Zuverlässigkeit des Dienstes noch weiter verbessern.</p>
    <p>Einige Leute haben bereits ihre Hilfe angeboten, eine Server-Instanz von Hagrid zu pflegen. Das wissen wir zu schätzen, allerdings würden wir voraussichtlich kein "offenes" Föderations-Modell wie SKS verwenden. Dafür gibt es zwei Gründe:</p>
    <ol>
<li>Für eine Föderation mit offener Teilnahme müssen alle Server-Daten ebenfalls öffentlich sein. Dies ist ein signifikantes Privacy-Problem, weil so auch alle Email-Adressen unserer Nutzer abrufbar würden.</li>
        <li>Server, die als Hobby betrieben werden, können unseren Anspruch an Zuverlässigkeit und Performance nicht erfüllen.</li>
    </ol>
<h3 id="non-email-uids"><a href="#non-email-uids">Warum werden Identitäten, die keine E-Mail Adressen sind, nicht unterstützt?</a></h3>
    <p>Die Veröffentlichung von Identitäts-Informationen erfordert explizite Zustimmung ihres Besitzers. Für Identitäten die keine Email-Adressen sind, beispielsweise Bilder oder Links zu Webseiten, gibt es keine einfache Möglichkeit, diese Zustimmung einzuholen.</p>
    <p>Hinweis: Manche OpenPGP-Anwendungen generieren Email-Adressen mit inkorrekter Formatierung. Diese Adressen werden möglicherweise von <span class="brand">keys.openpgp.org</span> nicht richtig erkannt.</p>
    <h3 id="verify-multiple"><a href="#verify-multiple">Ist es möglich, mehr als einen Schlüssel unter der gleichen E-Mail Adresse zu veröffentlichen?</a></h3>
    <p>Eine Email-Adresse kann zu jedem Zeitpunkt mit nur genau einem Schlüssel veröffentlicht werden. Wenn eine Adresse für einen neuen Schlüssel bestätigt wird, entfernt diese Operation automatisch auch die Assoziation mit dem vorigen Schlüssel. <a href="/about">Nicht-Identitäts Informationen</a> sind davon nicht betroffen, und werden immer für alle Schlüssel verteilt.</p>
    <p>Auf diese Weise wird sichergestellt, dass eine Suche per Email-Adresse zu jedem Zeitpunkt genau ein oder kein Ergebnis hat, niemals mehrere Kandidaten. Dies vermeidet eine unmögliche Rückfrage an den Nutzer ("Welcher Schlüssel ist der richtige?"), und macht so die Schlüssel-Suche per Email-Adresse deutlich nutzbarer.</p>
    <h3 id="email-protection"><a href="#email-protection">Wie werden ausgehende Bestätigungs-Emails geschützt?</a></h3>
    <p>Wir verwenden den modernen <a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a>-Standard in Kombination mit <a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a>, um unerlaubtem Zugriff durch Angreifer während der Zustellung vorzubeugen.</p>
    <p>Der MTA-STS-Mechanismus hängt von einer kompatiblen Konfiguration des empfangenden Email-Servers ab. Du kannst <a href="https://www.hardenize.com/">hier überprüfen</a>, ob dein Email-Provider dies unterstützt. Falls der "MTA-STS" Eintrag auf der linken Seite kein grünes Häkchen anzeigt, erkundige dich am Besten bei deinem Provider, ob sie ihre Konfiguration updaten können.</p>
    <h3 id="third-party-signatures"><a href="#third-party-signatures">Werden "Signaturen" von fremden Schlüsseln unterstützt?</a></h3>
    <p>Kurze Antwort: Nein.</p>
    <p>Eine "Drittsignatur" auf einem Schlüssel ist eine Signatur, die von einem Dritten ausgestellt wurde. Diese Signaturen kommen üblicherweise zustande, indem man "den Schlüssel von jemand anders signiert", und sie sind die Basis des sogenannten "<a href="https://en.wikipedia.org/wiki/Web_of_trust" target="_blank">Web of Trust</a>". Derartige Signaturen werden aktuell aus verschiedenen Gründen von <span class="brand">keys.openpgp.org</span> nicht verteilt.</p>
    <p>Der mit Abstand wichtigste Grund ist <strong>Spam</strong>. Drittsignaturen ermöglichen es jedem, beliebige Daten an den Schlüssel von jemand anders anzuhängen. Auf diese Weise können so große Datenmengen an einen Schlüssel angehängt werden, dass der Schlüssel effektiv unbrauchbar wird. Schlimmstenfalls kann ein Angreifer anstößige oder illegale Daten anhängen.</p>
    <p>Es gibt einige Ideen, dieses Problem zu lösen. Beispielsweise können Drittsignaturen mit dem Aussteller, statt dem Empfänger, ausgeliefert werden. Alternativ können Drittsignaturen erst nach Bestätigung durch den Empfänger ausgeliefert werden. Sollte genug Interesse an einer solchen Lösung bestehen, sind wir gerne bereit mit OpenPGP-Projekten  für eine Umsetzung zu kooperieren.</p>
    <h3 id="no-sign-verified"><a href="#no-sign-verified">Warum werden Schlüssel nicht nach Bestätigung signiert?</a></h3>
    <p>Der Dienst auf <span class="brand">keys.openpgp.org</span> ist gedacht für die Verteilung und das Auffinden von Schlüsseln, nicht als de-facto "Certificate Authority". OpenPGP-Software, die verifizierte Kommunikation ermöglichen möchte, sollte dafür ein entsprechendes Vertrauens-Modell implementieren.</p>
    <h3 id="revoked-uids"><a href="#revoked-uids">Warum werden widerrufene Identitäten nicht als solche verbreitet?</a></h3>
    <p>Wenn ein OpenPGP-Schlüssel eine seiner Identitäten als widerrufen markiert, ist diese ab diesem Zeitpunkt nicht mehr gültig. Diese Information sollte dann nach Möglichkeit an alle Clients verteilt werden, die bereits vorher Kenntnis von der Identität hatten.</p>
    <p>Leider gibt es keinen guten Weg, eine derart widerrufene Identität zu verteilen, ohne die Identität an sich zu offenbaren. Da widerrufene Identitäten nicht weiter verteilt werden sollten, können wir entsprechende Identitäten (mit oder ohne Widerruf) nicht mehr verteilen.</p>
    <p>Es gibt Lösungsansätze für dieses Problem, die eine Verteilung von Widerrufen erlauben, ohne die Identitäten an sich zu offenbaren. Bislang gibt es dafür allerdings keine fertige Spezifikation, oder Unterstützung in verwendeter OpenPGP-Software. Sobald sich hier die Situation verändert, werden wir natürlich auch auf <span class="brand">keys.openpgp.org</span> entsprechende Unterstützung einbauen.</p>
    <h3 id="search-substring">Warum ist es nicht möglich nach einem Teil einer E-Mail-Adresse zu suchen, beispielsweise nur der Domain?</h3>
    <p>Manche Schlüsselserver unterstützen die Suche nach einem Teil einer E-Mail Adresse.
Das ermöglicht nicht nur das Finden von Schlüsseln sondern auch von Adressen, wenn man Suchanfragen wie "Schlüssel für Adressen at gmail Punkt com" nutzt.
Das erzeugt im Ergebnis eine öffentlich einsehbare Auflistung der Adressen aller Schlüssel auf solchen Schlüsselservern.</p>
    <p>Die Suche mittels einer E-Mail Adresse auf <span class="brand">keys.openpgp.org</span> zeigt nur dann einen Schlüssel an, wenn sie exakt der E-Mail Adresse entspricht.
Auf diese Weise kann ein normaler Nutzer die Schlüssel von Adressen finden, die er bereits kennt, nicht jedoch die von ihm nicht nicht bekannten Adressen.
Das verhindert, dass ein böswilliger Nutzer oder Spammer einfach an eine Liste aller E-Mail Adressen auf diesem Server gelangt.</p>
    <p>Wir haben diese Einschränkung zu einem Teil unserer <a href="/about/privacy">Datenschutzrichtlinie</a> gemacht,
wir können die Einschränkung nicht ohne das Einverständnis des Nutzers abändern.</p>
    <h3 id="tor"><a href="#tor">Wird Tor untertützt?</a></h3>
    <p>Na klar!
        Wenn du Tor installiert hast,
        kannst du <span class="brand">keys.openpgp.org</span> anonym
        als 
        <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">Onion-Service</a> verwenden:
        <br><a href="http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion">zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</a></p>
    <h3 id="encrypt-verification-emails"><a href="#encrypt-verification-emails">Warum werden die ausgehenden Bestätigungs-E-Mails nicht verschlüsselt?</a></h3>
    Dafür gibt es mehrere Gründe:
    <ol>
<li>Es ist komplizierter, sowohl für den Empfänger als auch für uns.</li>
        <li>Es hilft gegen kein Angriffs-Szenario - ein Angreifer hat keinen Vorteil davon, einen Schlüssel hochzuladen, zu dem er selbst keine Zugriff hat.</li>
        <li>Das Löschen von Identitäten muss auch dann möglich sein, wenn der entsprechende Schlüssel verloren gegangen ist.</li>
        <li>Das Bestätigen von Schlüsseln, die nur für Signaturen verwendet werden, würde einen weiteren (und komplizierten) Mechanismus erfordern.</li>
    </ol>
<h3 id="older-gnupg"><a href="#older-gnupg">Ich erhalte beim Aktualisieren von Schlüsseln mittels GnuPG eine Fehlermeldung. Handelt es sich um einen Bug?</a></h3>
    <p>GnuPG sieht Schlüssel, die keine Identitätsinformationen beinhalten, als ungültig und weigert sich die Schlüssel zu importieren.
      Allerdings kann ein Schlüssel, der <a href="/about">keine überprüfte E-Mail-Adresse beinhaltet</a> trotzdem nützliche Informationen beinhalten.
      So ist es noch möglich zu prüfen, ob der Schlüssel zurückgerufen ist oder nicht.</p>
    <p>Im Juni 2019 hat die <span class="brand">keys.openpgp.org</span>-Gruppe einen Patch erstellt, der es GnuPG erlaubt Aktualisierungen von Schlüsseln ohne Identitätsinformationen zu verarbeiten.
      Dieser Patch wurde schnell in vielen Distributionen von GnuPG, wie Debian, Fedora, NixOS und GPG Suite for macOS, übernommen.</p>
    <p>Im März 2020 hat die GnuPG-Gruppe den Patch abgelehnt und hat den Problemstatus auf "Wontfix" gesetzt.
      Das bedeutet, dass <strong>GnuPG-Versionen ohne den Patch keine Aktualisierungen von <span class="brand">keys.openpgp.org</span> für Schlüssel ohne eine überprüfte E-Mail Adresse empfangen können</strong>.
      Sie können die Diskussion im Problem <a href="https://dev.gnupg.org/T4393#133689">T4393</a> auf dem GnuPG Fehler-Tracker verfolgen.</p>
    <p>Sie können mit den folgenden Anweisungen überprüfen, ob Ihre Version von GnuPG betroffen ist.</p>
    <blockquote>
<span style="font-size: larger;">Test-Schlüssel importieren:</span><br><br>
      $ curl https://keys.openpgp.org/assets/uid-test.pub.asc | gpg --import<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" imported<br>
      gpg: Total number processed: 1<br>
      gpg:               imported: 1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">Mit dem Patch wird der Schlüssel aktualisiert, wenn er lokal bekannt ist:</span><br><br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" not changed<br>
      gpg: Total number processed: 1<br>
      gpg:              unchanged: 1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">Ohne den Patch wird ein Schlüssel ohne Identitätsinformationen immer abgelehnt:</span><br><br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key EB85BB5FA33A75E15E944E63F231550C4F47E38E: no user ID<br>
</blockquote>
</div>
							
							
							
						
@@ -1,271 +0,0 @@
<div class="about">
    <center><h2><a href="/about">Übersicht</a> | News | <a href="/about/usage">Nutzung</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistik</a> | <a href="/about/privacy">Privacy Policy</a>
</h2></center>
    <h2 id="2019-11-12-celebrating-100k">
      <div style="float: right; font-size: small; line-height: 2em;">12.11.2019📅</div>
      <a style="color: black;" href="/about/news#2019-11-12-celebrating-100k">Wir feiern 100.000 verifizierte Adressen!📈</a>
    </h2>
    <p>Vor fünf Jahren haben wir diesen Dienst gestartet.
Und genau heute haben wir einen bemerkenswerten Meilenstein erreicht:</p>
<center style="margin-top: 2em; margin-bottom: 2em;">
<img src="/assets/img/stats-addresses-2019-11-12.png" style="padding: 1px; border: 1px solid gray;"><br><strong>Einhunderttausend verifizierte E-Mail Adressen!</strong>
</center>
    <p>Vielen Dank an alle, die diesen Dienst nutzen!
Und ganz besonders an die, die uns Rückmeldungen, Übersetzungen und sogar Code-Beiträge gegeben haben!</p>
<p>Ein paar Updates über Dinge an den wir gerade arbeiten:</p>
<ul>
<li>Diese Nachrichtenseite ist als <strong><a target="_blank" href="/atom.xml">Atom Feed<img src="/assets/img/atom.svg" style="height: 0.8em;"></a></strong>verfügbar.</li>
        <li>Wir haben an einem <strong><a target="_blank" href="https://gitlab.com/keys.openpgp.org/hagrid/issues/131">neuen Weg zum Aktualisieren von Schlüsseln</a></strong> gearbeitet, der die Privatsphäre der Nutzer besser schützt.</li>
        <li>Die Arbeit an der <strong>Lokalisisierung</strong> ist in vollem Gange!
Wir hoffen, dass wir bald ein paar Sprachen einsatzfähig haben!</li>
    </ul>
<p>Wenn Du <span class="brand">keys.openpgp.org</span> in Deine Sprache übersetzt haben möchtest, dann <a target="_blank" href="https://www.transifex.com/otf/hagrid/">komm bitte ins Übersetzungsteam</a> auf Transifex.
Wir suchen besonders nach Hilfe für <strong>Russich</strong>, <strong>Italienisch</strong>, <strong>Polnisch</strong> und <strong>Niederländisch</strong>.</p>
<p>Das war's, in der Kürze liegt die Würze!
<span style="font-size: x-large;">👍️</span></p>
<hr style="margin-top: 2em; margin-bottom: 2em;">
<h2 id="2019-09-12-three-months-later">
      <div style="float: right; font-size: small; line-height: 2em;">2019-09-12 📅</div>
      <a style="color: black;" href="/about/news#2019-09-12-three-months-later">Drei Monate nach dem Start ✨</a>
    </h2>
    <p>Es sind jetzt drei Monate
<a href="/about/news#2019-06-12-launch">seit dem Start von</a>
<span class="brand">keys.openpgp.org</span>.
Wir freuen uns sagen zu können:
Es ist ein überwältigender Erfolg!
</p>
<h4>Nutzerzahlen</h4>
    <p>Der Schlüsselserver
<span class="brand">keys.openpgp.org</span>
ist von den Nutzern sehr gut angenommen worden,
die Zahlen steigen schnell.
Er ist jetzt standardmäßig bei
<a href="https://gpgtools.org/" target="_blank">2GPGTools2</a>,
<a href="https://enigmail.net/" target="_blank">Enigmail</a>,
<a href="https://www.openkeychain.org/" target="_blank">OpenKeychain</a>,
<a href="https://github.com/firstlookmedia/gpgsync" target="_blank">GPGSync</a>,
Debian,
NixOS
und anderen voreingestellt.
Viele Anleitungen sind ebenfalls auf den neuesten Stand gebracht worden,
um Nutzer zu uns zu lenken.</p>
<p>Als diese Zeilen entstehen,
sind mehr als 70.000 E-Mail-Adressen
verifiziert worden.</p>
<center style="margin-top: 2em; margin-bottom: 2em;">
<img src="/assets/img/stats-addresses-2019-09-12.png" style="padding: 1px; border: 1px solid gray;"><br><span style="font-size: smaller;">Wenn das keine vielversprechende Kurve ist, was dann? :)</span>
</center>
    <p>Ein ganz besonderer Gruß geht an GPGTools für macOS.
Sie haben den Updateprozess so reibungslos umgesetzt,
dass nach dem Veröffentlichen ihres Updates
die Zahl der verifizierten Adressen förmlich explodierte.</p>
<h4>Es läuft alles prima</h4>
    <p>Von der operativen Seite gibt es nicht viel zu berichten,
und keine Nachrichten sind in diesem Fall gute Nachrichten!
Seit dem Start
gab es nahezu keine Ausfallzeiten,
nur einen einzigen Bug,
der kurzfristig für Probleme beim Upload sorgte,
und die Anzahl der Supportanfragen blieb erfreulich niedrig.</p>
<p>Unsere Auslastung liegt momentan
bei zehn Anfragen pro Sekunde
(tagsüber mehr, weniger am Wochenende)
und wir haben ungefähr 100.000 E-Mails
im vergangenen Monat verschickt.
Kein Streß!</p>
<p>Wir haben einige kleine operative Verbesserungen eingeführt,
wie dem Einsatz von
<a href="http://dnsviz.net/d/keys.openpgp.org/dnssec/" target="_blank">DNSSEC</a>,
der Implementierung von
<a href="/about/api#rate-limiting" target="_blank">Begrenzung der Datenrate</a>,
Festschreiben der Überschriften unserer
<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP">Sicherheitsrichtlinie</a>,
und dem Einrichten des
<a href="https://blog.torproject.org/whats-new-tor-0298" target="_blank">single-hop</a>
Modus in unserem Tor Onion Dienst.
Die komplette Liste findet Ihr
<a href="https://gitlab.com/keys.openpgp.org/hagrid/merge_requests?scope=all&amp;utf8=%E2%9C%93&amp;state=merged" target="_blank">hier</a>.
</p>
<h4>Sicherer E-Mail-Versand mit MTA-STS</h4>
    <p>Eine Verbesserung, die besondere Erwähnung verdient ist
<a href="https://www.hardenize.com/blog/mta-sts">MTA-STS</a>,
die die Sicherheit ausgehender E-Mails verbessert.</p>
<p>Während HTTPS heutzutage nahezu überall verbreitet ist, ist das traurigerweise für E-Mails nicht der Fall.
Viele Server machen überhaupt keine Verschlüsselung,
andere nur mit selbst-signierten Zertifikaten
anstelle von richtigen (z. B. von Let's Encrypt).
Aber Fehler bei der Zustellung stören die Nutzer mehr
als die verminderte Sicherheit,
und viele E-Mails werden immer noch ohne Verschlüsselung zugestellt.</p>
<p>Mit MTA-STS können die Betreiber von Domains
(über HTTPS)
anzeigen, dass ihr E-Mail-Server Verschlüsselung <em>unterstützt</em>.
Wenn zu solch einem Server keine sichere Verbindung aufgebaut werden kann,
wird die Zustellung dieser Nachricht aufgeschoben
oder sogar abgelehnt,
anstatt unsicher verarbeitet zu werden.</p>
<p>Das ist für Dienste wie
<span class="brand">keys.openpgp.org</span> extrem nützlich.
Wenn eine Verschüsselung nicht verlässlich ist,
dann können Angreifer relativ einfach Verifizieungs-E-Mails abfangen.
Aber bei Providern, die MTA-STS nutzen,
können wir sicher sein,
dass jede Mitteilung sicher und zum richtigen Server
übermittelt wird.</p>
<p>Du kannst <a href="https://aykevl.nl/apps/mta-sts/" target="_blank">prüfen</a>
ob ein E-Mail-Anbieter
MTA-STS anbietet.
Macht er das nicht,
schreib ihm und bitte ihn
an seiner Sicherheit zu arbeiten!</p>
<h4>Laufende Arbeiten</h4>
    <p>Wir arbeiten an zwei Features:</p>
<p>Das erste ist <strong>Lokalisierung</strong>.
Die meisten Menschen sprechen kein Englisch,
es ist aber momentan die einzige Sprache, die wir unterstützen.
Um den Zugang zu diesem Dienst zu verbessern,
arbeiten wir mit dem <a href="https://www.opentech.fund/labs/localization-lab/" target="_blank">Localization Lab</a>
des OTF zusammen,
um die Website und ausgehende E-Mails
in einigen Sprache mehr verfügbar zu machen.</p>
<p>Das zweite ist die Wiedereinführung
von <strong>Signaturen Dritter</strong>.
Wie in unseren <a href="/about/faq#third-party-signatures">F&amp;A erwähnt</a>
unterstützen wir diese aufgrund von Spam und der Mißbrauchsmögklichkeit momentan nicht.
Wir haben die Idee
<a href="https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/20/diffs" target="_blank">gegenseitige Signaturen</a> zu verlangen,
um bei jedem Schlüssel automatisch entscheiden zu können,
welche Signaturen anderer veröffentlicht werden sollen.
Trotz dieses extra Schrittes,
ist das ziemlich kompatibel mit bereits existierender Software.
Es bleibt ebenso bei Nutzern, die kein Interesse an Signaturen haben,
angenehm unauffällig.</p>
<p>Auch wenn beide Features in Arbeit sind,
gibt es für beide noch kein geplantes Veröffentlichungsdatum.</p>
<p>Hinsichtlich des „<tt>keine Benutzer ID</tt>“ Fehlers mit GnuPG
(in unserem
<a href="/about/news#2019-06-12-launch-challenges">letzten Nachrichtenbeitrag erwähnt</a>
und unseren
<a href="/about/faq#older-gnupg" target="_blank">FAQ</a>),
stellen Debian und GPGTools für macOS
nun einen Patch bereit, der dieses Problem behebt.
GnuPG hat bisher den Patch noch nicht umgesetzt.</p>
<p>Das war‘s!
Vielen Dank für Euer Interesse!
<span style="font-size: x-large;">👋</span></p>
<hr style="margin-top: 2em; margin-bottom: 2em;">
<h2 id="2019-06-12-launch">
      <div style="float: right; font-size: small; line-height: 2em;">06.12.2019 📅</div>
      <a href="/about/news#2019-06-12-launch" style="color: black;">Wir starten einen neuen Schlüsselserver!🚀</a>
    </h2>
    <p>Nach gemeinsamenAnstrengungen von
<a href="https://enigmail.net" target="_blank">Enigmail</a>,
<a href="https://openkeychain.org" target="_blank">OpenKeychain</a>,
und <a href="https://sequoia-pgp.org">Sequoia PGP</a>,
freuen wir uns nun
den Start des neuen öffentlichen OpenPGP Schlüsselservers
<span class="brand">keys.openpgp.org</span> anzukündigen!
Hurra!🎉</p>
<h4>Gib mir die Kurzversion!</h4>
    <ul>
<li>Schnell und verläßlich. Keine Wartezeiten, keine Ausfallzeiten, keine Unstimmigkeiten.</li>
      <li>Präzise. Die Suche gibt nur einen Schlüssel zurück, was das Finden von Schlüsseln einfach macht.</li>
      <li>Validierbar. Identitäten werden nur nach Einverständnis veröffentlicht,
während Informationen ohne Identitätsbezug offen zugänglich sind.</li>
      <li>Löschbar. Nutzer können persönliche Informationen mit einer einfachen Bestätigungs-E-Mail löschen.</li>
      <li>Entwickelt mit Rust, betrieben mit <a href="https://sequoia-pgp.org" target="_blank">Sequoia PGP</a> - frei und quelloffen unter AGPLv3.</li>
    </ul>
    Fange einfach damit an, <a href="/upload">Deinen Schlüssel hochzuladen</a>!
    <h4>Warum ein neuer Schlüsselserver?</h4>
    <p>Wir haben <span class="brand">key.openpgpg.org</span> entwickelt,
um eine Alternative zum SKS Schlüsselserver Pool bereitzustelle,
der in vielen Anwendungen heute Standard ist.
Dieses verteilte Netzwerk von Schlüsselservern hatte Schwierigkeiten mit
<a target="_blank" href="https://medium.com/@mdrahony/are-sks-keyservers-safe-do-we-need-them-7056b495101c">Mißbrauch</a>,
<a target="_blank" href="https://en.wikipedia.org/wiki/Key_server_(cryptographic)#Problems_with_keyservers">Leistungsfähigkeit</a>,
sowie <a href="http://www.openwall.com/lists/oss-security/2017/12/10/1">Datenschutzverletzungen</a>,
aber in jüngerer Zeit auch
der Umsetzung der
<a target="_blank" href="http://nongnu.13855.n7.nabble.com/SKS-apocalypse-mitigation-td228252.html">DSGVO</a>.
Kristian Fiskerstrand hat herausragende Arbeit geleistet, indem er den Pool für
<a target="_blank" href="https://blog.sumptuouscapital.com/2016/12/10-year-anniversary-for-sks-keyservers-net/">über zehn Jahre</a> betrieben hat,
aber zum heutigen Zeitpunkt schein die Weiterentwicklung
<a target="_blank" href="https://bitbucket.org/skskeyserver/sks-keyserver/pull-requests/60/clean-build-with-405">nahezu gestoppt zu haben</a>.</p>
<p>Wir glauben, dass es an der Zeit ist, einen neuen Weg zur Lösung dieser Probleme in Betracht zu ziehen.</p>
<h4>Informationen mit und ohne Identitätsbezug</h4>
    <p>Der Schlüsselserver <span class="brand">keys.openpgp.org</span> trennt
Informationen mit und ohne Identitätsbezug in Schlüsseln voneinander ab.
Mehr Informationen dazu findet Ihr auf unserer <a href="/about" target="_blank">Über Seite</a>:
Das Wesentliche ist, dass Informationen ohne Identitätsbezug (Schlüssel, Widerrufe usw.)
frei verfügbar sind,
während Informationen mit Identitätsbezug
nur mit einer Einwilligung weitergegeben werden,
die auch noch jederzeit widerrufen werden kann.</p>
<p>Wenn ein neuer Schlüssel für eine E-Mailadresse verifiziert wird,
dann ersetzt er den vorigen.
Auf diese Weise
wird jede E-Mail-Adresse höchstens einem Schlüssel zugeordnet.
Sie kann auch jederzeit vom Besitzer dieser E-Mail-Adresse
von der Auflistung entfernt werden.
Das ist für das Finden von Schlüsseln sehr hilfreich:
Wenn die Suche nach einer E-Mail-Adresse einen Scchlüssel findet,
dann bedeutet das, dass dieser eine Schlüssel
der aktuell gültige Schlüssel für diese E-Mail-Adresse ist.</p>
<h4>Unterstützung von Enigmail und OpenKeychain</h4>
    <p>Der Schlüsselserver <span class="brand">keys.openpgp.org</span>
wird von Beginn an in neuen Releases von
<a href="https://enigmail.net" target="_blank">Enigmail</a> für Thunderbird
sowie
<a href="https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain&amp;hl=en">OpenKeychain</a> auf Android unterstützt werden.
Das bedeutet, dass die Nutzer diese Anwendungen von
schnelleren Responsezeiten und
verbesserter Schlüsselsuche mittels E-Mail-Adressen profitieren werden.
Wir hoffen, dass das uns zusätzlich ein wenig Schwung gibt,
um das Projekt in ein größeres gemeinschaftliches Unterfangen umzuwandeln.</p>
<h4 id="2019-06-12-launch-challenges">Aktuelle Herausforderungen</h4>
    <p>Techniken, die die Privatsphäre der Nutzer schützen, sind noch neu bei Schlüsselservern,
und leider gibt es auch immer noch ein paar Kompatibilitätsprobleme durch das  Abtrennen personenbezogener Informationen.</p>
<p>Besonders, wenn GnuPG (beim Schreiben dieser Zeilen Version 2.2.16)
einen OpenPGP-Schlüssel ohne Identitäten findet,
gibt es einen Fehler „keine Benutzer ID“ aus
und stoppte die Verarbeiteung neuer, nicht nutzerbezogener Informationen
(wie Widerrufszertifikate)
auch wenn sie kryptographisch gültig sind.
Wir suchen aktiv nach
Löungen für diese Probleme.</p>
<h4>Die Zukunft</h4>
    <p>Techniken zum Schutz personenbezogener Daten auf Schüsselserver sind immer noch neu,
und wir haben noch mehr Ideen um die Metadaten zu reduzieren.
Aber für den Moment planen wir nur
<span class="brand">keys.openpgp.org</span> verlässlich und schnell 🐇 zu halten,
alle auftauchenden Bugs 🐞 zu beseitigen,
und auf <a href="/about#community">Feedback</a> aus der Community zu hören. 👂</p>
<p>Für mehr Information geht einfach auf
unsere <a target="_blank" href="/about">Über Seite</a>
und die <a target="_blank" href="/about/faq">FAQ</a>Seiten.
Ihr könnt gleich mit dem
<a href="/upload" target="_blank">Hochladen Eures Schlüssels</a> anfangen!
Aber es gibt noch mehr coole Sachen zu entdecken
wie unsere <a target="_blank" href="/about/api">API</a>
und den <a target="_blank" href="/about/faq#tor">Onion Service</a>!</p>
<p>Prost!
<span style="font-size: x-large;">🍻</span></p>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Übersicht</a> | <a href="/about/news">News</a> | <a href="/about/usage">Nutzung</a> | <a href="/about/faq">FAQ</a> | Statistik | <a href="/about/privacy">Privacy Policy</a>
</h2></center>
    <h3>Bestätigte Email-Adressen</h3>
    <p>Eine simple Statistik über die Gesamtzahl Email Adressen, die aktuell bestätigt sind. 📈</p>
    <p>
      </p>
<center><img src="/about/stats/month.png"></center>
    
    <p>
      </p>
<center><img src="/about/stats/year.png"></center>
    
    <h3>Server-Auslastung</h3>
    <p>Dies ist eine Statistik, wie ausgelastet der Server ist:</p>
<ul>
<li>0.0 bedeutet, dass der <span class="brand">keys.openpgp.org</span> Host nichts zu tun hat</li>
        <li>1.0 bedeutet einigermaßen viel Last</li>
        <li>ab 4.0 ist der Server überlastet 🔥</li>
      </ul>
<p>
      </p>
<center><img src="/about/stats/load_week.png"></center>
    
</div>
							
							
							
						
@@ -1,128 +0,0 @@
<div class="about usage">
    <center><h2>
<a href="/about">Übersicht</a> | <a href="/about/news">News</a> | Nutzung | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistik</a> | <a href="/about/privacy">Privacy Policy</a>
</h2></center>
    <p>Auf dieser Seite sammeln wir Anleitungen zur Nutzung von <span class="brand">keys.openpgp.org</span> mit unterschiedlichen OpenPGP-Anwendungen. Wir sind noch dabei, weitere Anleitungen hinzuzufügen - falls du eine bestimmte vermisst, lass es uns einfach wissen.</p>
    <h2 id="web" style="padding-left: 3%;"><a href="#web">Web-Interface</a></h2>
    <p>Das Web-Interface auf <span class="brand">keys.openpgp.org</span> erlaubt die folgenden Operationen:</p>
    <p>
        </p>
<ul>
<li>Manuelle <a href="/">Suche</a> nach Schlüsseln, anhand eines Fingerprints oder einer Email-Adresse.</li>
            <li>
<a href="/upload">Hochladen</a> von Schlüsseln, mit Bestätigung nach dem Hochladen.</li>
            <li>
<a href="/manage">Verwalten</a> von Schlüsseln, insbesondere das Entfernen veröffentlichter Identitäten.</li>
        </ul>
<h2 id="enigmail">
        <div><img src="/assets/img/enigmail.svg"></div>
        <a href="#enigmail">Enigmail</a>
    </h2>
    <p><a href="https://enigmail.net" target="_blank">Enigmail</a> für Thunderbird verwendet <span class="brand">keys.openpgp.org</span> als voreingestellten Keyserver seit Version 2.0.12.</p>
    <p>Alle Features sind verfügbar ab Enigmail 2.1 (für <a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> und neuer):</p>
<ul>
<li>Schlüssel werden automatisch aktualisiert</li>
            <li>Schlüssel können während der Generierung hochgeladen werden, inkl. Adress-Bestätigung.</li>
            <li>Schlüssel können anhand von Email-Adressen gesucht werden.</li>
        </ul>
<h2 id="gpg-suite">
        <div><img src="/assets/img/gpgtools.png"></div>
        <a href="#gpg-suite">GPG Suite</a>
    </h2>
    <p><a href="https://gpgtools.org/">GPG Suite</a> für macOS verwendet <span class="brand">keys.openpgp.org</span> voreingestellt seit August 2019.</p>
    <h2 id="openkeychain">
        <div><img src="/assets/img/openkeychain.svg"></div>
        <a href="#openkeychain">OpenKeychain</a>
    </h2>
    <p><a href="https://www.openkeychain.org/">OpenKeychain</a> für Android verwendet <span class="brand">keys.openpgp.org</span> voreingestellt seit Juli 2019.</p>
<ul>
<li>Schlüssel werden automatisch aktualisiert</li>
            <li>Schlüssel können anhand von Email-Adressen gesucht werden.</li>
        </ul>
<p>Bislang gibt es allerdings keine integrierte Unterstützung für das Bestätigen von Email-Adressen.</p>
    <h2 id="pignus">
        <div><img src="/assets/img/pignus.png"></div>
        <a href="#pignus">Pignus</a>
    </h2>
    <p><a href="https://www.frobese.de/pignus/">Pignus</a> für iOS
        verwendet  <span class="brand">keys.openpgp.org</span> voreingestellt
        seit November 2019.</p>
<ul>
<li>Schlüssel können zu jedem Zeitpunkt hochgeladen werden.</li>
            <li>Schlüssel können anhand von Email-Adressen gesucht werden.</li>
        </ul>
<h2 id="gnupg">
        <div><img src="/assets/img/gnupg.svg"></div>
        <a href="#gnupg">GnuPG</a>
    </h2>
    <p>Um <a href="https://gnupg.org">GnuPG</a> mit <span class="brand">keys.openpgp.org</span> zu konfigurieren, füge diese Zeile in der <tt>gpg.conf</tt> Datei hinzu:</p>
<blockquote>keyserver hkps://keys.openpgp.org</blockquote>
    
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">Schlüssel abrufen</a></h4>
    <ul>
<li>Um Schlüssel anhand ihrer E-Mail-Adresse zu suchen:<blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>Um alle Schlüssel zu aktualisieren (inkl. Widerrufszertifikate und neue Unterschlüssel): <blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
<h4 id="gnupg-upload"><a href="#gnupg-upload">Schlüssel hochladen</a></h4>
    <p>Schlüssel können mit GnuPG's <tt>--send-keys</tt> Befehl hochgeladen werden, allerdings können auf diese Weise keine Identitäts-Informationen (<a href="/about">was bedeutet das?</a>) bestätigt werden für die Suche per Email-Adresse.</p>
    <ul>
<li>Du kannst versuchen deinen Schlüssel mittels dieses Shortcuts hochzuladen. Du solltest in der Ausgabe einen Direktlink zur Bestätigungs-Seite erhalten:<blockquote>gpg --export deine_adresse@example.net | curl -T - {{ base_uri }}</blockquote>
        </li>
        <li>Alternativ kannst du den Schlüssel exportieren und die Datei auf der <a href="/upload" target="_blank">Upload-Seite</a> hochladen:<blockquote>gpg --export deine_adresse@example.net &gt; my_key.pub</blockquote>
        </li>
    </ul>
<h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">Bekannte Probleme</a></h4>
    <ul>
<li>Manche ältere <tt>~/.gnupg/dirmngr.conf</tt> Dateien enthalten die folgende Zeile:<blockquote>hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem</blockquote>
            <p>Diese Konfiguration ist nicht mehr notwendig, kann aber Probleme mit Keyserver-Zertifikaten verursachen. Die Zeile kann in aktuellen Versionen gefahrlos entfernt werden.</p>
        </li>
        <li>Beim Aktualisieren von Schlüsseln kann der folgende Fehler auftreten:<blockquote>gpg: key A2604867523C7ED8: no user ID</blockquote>
            Es handelt sich um ein <a href="https://dev.gnupg.org/T4393" target="_blank">bekanntes Problem in GnuPG</a>. Wir arbeiten mit dem GnuPG Team an einer Lösung.
        </li>
    </ul>
<h4 id="gnupg-tor"><a href="#gnupg-tor">Nutzung über Tor</a></h4>
    <p>Nutzer mit erhöhten Anonymitäts-Anforderungen können <span class="brand">keys.openpgp.org</span> anonym als <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">Onion Service</a> verwenden. Wenn <a href="https://www.torproject.org/" target="_blank">Tor</a> installiert und gestartet ist, verwende dafür die folgende Konfiguration:</p>
<blockquote>keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</blockquote>
    
    <h2 style="padding-left: 3%;" id="wkd-as-a-service"><a href="#wkd-as-a-service">"WKD as a Service"</a></h2>
    <p>Der "Web Key Directory"-Standard (WKD) ermöglicht das automatische Auffinden von OpenPGP-Schlüsseln für eine gegebene Email-Adresse, über die Domain des Email-Anbieters.
Dieser Standard wird von einigen Email-Apps unterstützt, unter anderem <a href="https://www.gpg4win.de/about-de.html" target="_blank">GpgOL</a>.</p>
<p><span class="brand">keys.openpgp.org</span> kann als automatischer Dienst für WKD von beliebigen Domains verwendet werden.
Dafür muss lediglich ein <tt>CNAME</tt>-DNS-Eintrag für die <tt>openpgpkey</tt>-Subdomain eingerichtet werden, der auf <tt>wkd.keys.openpgp.org</tt> zeigt.
Diese Einrichtung sollte im Web-Interface jedes DNS-Hosters möglich sein.</p>
<p>Sofort nach Einrichtung sind alle bestätigten Email-Adressen der entsprechenden Domain per WKD auffindbar.</p>
<p>Der <tt>CNAME</tt>-DNS-Eintrag sollte wie folgt aussehen:</p>
<blockquote>$ drill openpgpkey.example.org<br>
        ...<br>
        openpgpkey.example.org.       300     IN      CNAME   wkd.keys.openpgp.org.</blockquote>
    <p>Für die Fehlersuche steht ein einfacher Status-Prüfer zur Verfügung:</p>
<blockquote>$ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>
        CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>
</blockquote>
    <p>Um das Auffinden per WKD zu testen:</p>
<blockquote>$ gpg  --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org<br>
</blockquote>
    <h2 style="padding-left: 3%;">API</h2>
    <p>Es gibt eine Schnittstelle (API) für integrierte Unterstützung in OpenPGP-Anwendungen. Siehe dazu unsere <a href="/about/api">API-Dokumentation</a>.</p>
    <h2 style="padding-left: 3%;">Andere Client-Software</h2>
    <p>Fehlt eine Anleitung für die Anwendung, die du verwendest? Schick eine Email an <span class="email">support at keys punkt openpgp punkt org</span>, und wir werden versuchen eine entsprechende Anleitung hinzuzufügen.</p>
</div>
							
							
							
						
@@ -1,67 +0,0 @@
<div class="about">
    <center><h2>Acerca de | <a href="/about/news">Noticias</a> | <a href="/about/usage">Uso</a> | <a href="/about/faq">Preguntas más frecuentes</a> | <a href="/about/stats">Estadísticas</a> | <a href="/about/privacy">Privacidad</a>
</h2></center>
    <p>El servidor <span class="brand">keys.openpgp.org</span> es un servicio público para la 
distribución y descubrimiento de claves compatibles con OpenPGP, comúnmente 
llamado "servidor de claves" ("keyserver").</p>
    <p><strong>Para más instrucciones, mira nuestra <a href="/about/usage">guía de uso</a>.</strong></p>
    <h3>Cómo funciona</h3>
    <p>Una clave OpenPGP contiene dos tipos de información:</p>
    <ul>
<li>
<strong>Información de identidad</strong> describe las partes de
            una clave que identifican a su propietario, también llamada "IDs de Usuario".
            Un ID de Usuario típicamente incluye un nombre y una dirección de correo.</li>
        <li>
<strong>Información no identificadora</strong> es toda la información
            técnica acerca de la clave misma. Esto incluye los números largos
            usados para verificar firmas y cifrar mensajes.
            También incluye metadatos como la fecha de creación, algunas fechas
            de expiración, y estado de revocación.</li>
    </ul>
<p>Tradicionalmente, estos datos siempre han sido distribuidos
        juntos. En <span class="brand">keys.openpgp.org</span>, son
        tratados diferente. Mientras que cualquiera puede subir todas las partes de cualquier clave OpenPGP
        a <span class="brand">keys.openpgp.org</span>, nuestro servidor de claves
        sólo retendrá y publicará partes específicas bajo
        condiciones específicas:</p>
    <p>Cualquier <strong>información no identificadora</strong> será almacenada y libremente
        redistribuida, si pasa una verificación de integridad criptográfica.
        Cualquiera puede descargar estas partes en cualquier momento as mientras sólo contengan
        datos técnicos que no puedan ser usados para directamente identificar a una persona.
        Los buenos softwares con OpenPGP pueden usar <span class="brand">keys.openpgp.org</span>
        para mantener esta información actualizada para cualquier clave conocida.
        Esto ayuda a los usuarios de OpenPGP a mantener una comunicación segura y confiable.</p>
    <p>La <strong>información de identidad</strong> de una clave OpenPGP
        solo es distribuida con consentimiento.
        Contiene datos personales, y no es estrictamente necesaria para
        que una clave sea usada para cifrar o verificar firmas.
        Una vez que el propietario da consentimiento verificando su dirección de correo,
        la clave podrá ser encontrada vía búsqueda por dirección.</p>
    <h3 id="community">Comunidad y plataforma</h3>
    <p>Este servicio es mantenido como un esfuerzo comunitario.
        Puedes contactarnos en
        #hagrid en OFTC IRC,
        también alcanzable como #hagrid:stratum0.org en Matrix.
        Por supuesto también puedes contactarnos vía correo electrónico,
        en <tt>support at keys dot openpgp dot org</tt>.
        Los chicos que están manteniendo esto provienen
        de varios proyectos en el ecosistema OpenPGP,
        incluyendo Sequoia-PGP, OpenKeychain, y Enigmail.</p>
    <p>Técnicamente,
        <span class="brand">keys.openpgp.org</span> se ejecuta en el software de servidor de claves <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a>,
        que está basado en <a href="https://sequoia-pgp.org">Sequoia-PGP</a>.
        Nosotros nos ejecutamos en <a href="https://eclips.is" target="_blank">eclips.is</a>,
        una plataforma de hosting enfocada en proyectos de Libertad de Internet,
        que es administrado por <a href="https://greenhost.net/" target="_blank">Greenhost</a>.</p>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Acerca</a> | <a href="/about/news">Noticias</a> | <a href="/about/usage">Cómo usar</a> | <a href="/about/faq">FAQ</a> | Estadísticas | <a href="/about/privacy">Privacidad</a>
</h2></center>
    <h3>Correos electrónicos verificados</h3>
    <p>Una estadística sencilla del número total de correos electrónicos que están verificados actualmente.  📈</p>
    <p>
      </p>
<center></center>
    
    <p>
      </p>
<center></center>
    
    <h3>Promedio de Carga</h3>
    <p>El "promedio de carga" de un servidor es una estadística de que tan ocupado sea. En pocas palabras:</p>
<ul>
<li>0.0 significa que el servidor de <span class="brand">keys.openpgp.org</span> está completamente inactivo </li>
        <li>1.0 es bastante atareado</li>
        <li>4.0 y arriba significan que está en llamas 🔥</li>
      </ul>
<p>
      </p>
<center></center>
    
</div>
							
							
							
						
@@ -1,158 +0,0 @@
<div class="about usage">
    <center><h2>
<a href="/about">Acerca de</a> | <a href="/about/news">Noticias</a> | Uso | <a href="/about/faq">Preguntas más frecuentes</a> | <a href="/about/stats">Estadísticas</a> | <a href="/about/privacy">Privacidad</a>
</h2></center>
    <p>En esta página, recolectamos información de cómo usar
        <span class="brand">keys.openpgp.org</span> con diferentes productos de
        software OpenPGP.<br>
        Aún estamos en proceso de añadir más. Si notas que falta alguno, por favor
        escríbenos y trataremos de añadirlo.</p>
    <h2 id="web" style="padding-left: 3%;"><a href="#web">Interfaz Web</a></h2>
    <p>La interfaz web en <span class="brand">keys.openpgp.org</span> te permite:</p>
    <p>
        </p>
<ul>
<li>
<a href="/">Buscar</a> claves manualmente, por huella digital o dirección de correo electrónico.</li>
            <li>
<a href="/upload">Subir</a> claves manualmente, y verificarlas después de subirlas.</li>
            <li>
<a href="/manage">Administrar</a> tus claves, y eliminar identidades publicadas.</li>
        </ul>
<h2 id="enigmail">
        <div><img src="/assets/img/enigmail.svg"></div>
        <a href="#enigmail">Enigmail</a>
    </h2>
    <p><a href="https://enigmail.net" target="_blank">Enigmail</a> para Thunderbird
        usa <span class="brand">keys.openpgp.org</span> por defecto desde
        la versión 2.0.12.</p>
    <p>Soporte completo disponible desde Enigmail 2.1
        (para <a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> o superior):</p>
<ul>
<li>Las claves serán actualizadas automáticamente.</li>
            <li>Durante la creación de la clave, puedes subirla y verificarla.</li>
            <li>Las claves pueden descubrirse por dirección de correo electrónico.</li>
        </ul>
<h2 id="gpg-suite">
        <div><img src="/assets/img/gpgtools.png"></div>
        <a href="#gpg-suite">GPG Suite</a>
    </h2>
    <p><a href="https://gpgtools.org/">GPG Suite</a> para macOS
        usa <span class="brand">keys.openpgp.org</span> por defecto
        desde agosto de 2019.</p>
    <h2 id="openkeychain">
        <div><img src="/assets/img/openkeychain.svg"></div>
        <a href="#openkeychain">OpenKeychain</a>
    </h2>
    <p><a href="https://www.openkeychain.org/">OpenKeychain</a> para Android
        usa <span class="brand">keys.openpgp.org</span> por defecto
        desde julio de 2019.</p>
<ul>
<li>Las claves serán actualizadas automáticamente.</li>
            <li>Las claves pueden descubrirse por dirección de correo electrónico.</li>
        </ul>
<p>Ten en cuenta que aún no hay soporte incorporado para subir y verificar direcciones de correo.</p>
    <h2 id="pignus">
        <div><img src="/assets/img/pignus.png"></div>
        <a href="#pignus">Pignus</a>
    </h2>
    <p><a href="https://www.frobese.de/pignus/">Pignus</a> para iOS
        usa <span class="brand">keys.openpgp.org</span> por defecto
        desde noviembre de 2019.</p>
<ul>
<li>Tus claves pueden ser subidas en cualquier momento.</li>
            <li>Las claves pueden descubrirse por dirección de correo electrónico.</li>
        </ul>
<h2 id="gnupg">
        <div><img src="/assets/img/gnupg.svg"></div>
        <a href="#gnupg">GnuPG</a>
    </h2>
    <p>Para configurar que <a href="https://gnupg.org">GnuPG</a>
        use <span class="brand">keys.openpgp.org</span> como servidor de claves,
        añade esta línea a tu archivo <tt>gpg.conf</tt>:</p>
<blockquote>keyserver hkps://keys.openpgp.org</blockquote>
    
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">Obteniendo claves</a></h4>
    <ul>
<li>Para obtener la clave de un usuario, por dirección de correo:<blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>Para actualizar todas tus claves (P. ej. nuevos certificados de revocación y subclaves):<blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
<h4 id="gnupg-upload"><a href="#gnupg-upload">Subiendo tu clave</a></h4>
    <p>Las claves pueden ser subidas con el comando de GnuPG <tt>--send-keys</tt>, pero
        la información de identidad no puede ser verificada de esa forma para hacer que la clave
        se pueda buscar por dirección de correo (<a href="/about">¿qué significa esto?</a>).</p>
    <ul>
<li>Puedes probar este atajo para subir tu clave, el cual regresa
            un enlace directo a la página de verificación:<blockquote>gpg --export your_address@example.net | curl -T - {{ base_uri }}</blockquote>
        </li>
        <li>Alternativamente, puedes exportarlas a un archivo
            y seleccionar ese archivo en la página <a href="/upload" target="_blank">para subirla</a>:<blockquote>gpg --export your_address@example.net &gt; my_key.pub</blockquote>
        </li>
    </ul>
<h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">Solución de problemas</a></h4>
    <ul>
<li>Algunos archivos <tt>~/gnupg/dirmngr.conf</tt> viejos contienen una línea como esta:<blockquote>hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem</blockquote>
            <p>Esta configuración ya no es necesaria,
                pero evita que los certificados regulares funcionen.
                Es recomendado simplemente remover esta línea de la configuración.</p>
        </li>
        <li>Mientras actualizas tus claves, puede que veas errores como estos:<blockquote>gpg: key A2604867523C7ED8: no user ID</blockquote>
            Este es un <a href="https://dev.gnupg.org/T4393" target="_blank">problema conocido en GnuPG</a>.
            Estamos trabajando con el equipo de GnuPG para resolverlo.
        </li>
    </ul>
<h4 id="gnupg-tor"><a href="#gnupg-tor">Uso vía Tor</a></h4>
    <p>Para los usuarios que quieren ser extra cuidadosos,
        <span class="brand">keys.openpgp.org</span> puede ser alcanzado anónimamente como un
        <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">servicio cebolla (onion)</a>.
        Si tienes
        <a href="https://www.torproject.org/" target="_blank">Tor</a>
        instalado, usa la siguiente configuración:</p>
<blockquote>keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</blockquote>
    
    <h2 style="padding-left: 3%;" id="wkd-as-a-service"><a href="#wkd-as-a-service">WKD como Servicio</a></h2>
    <p>El Directorio Web de Claves (Web Key Directory - WKD) es un estándar para el descubrimiento de claves OpenPGP por dirección de correo electrónico, vía el dominio de su proveedor de correo.
        Es usado para descubrir claves desconocidas en algunos clientes de corro, como <a href="https://www.gpg4win.de/about.html" target="_blank">GpgOL</a>.</p>
<p><span class="brand">keys.openpgp.org</span> puede ser usado como a servicio WKD administrado para cualquier dominio.
        Para hacerlo, el dominio simplemente necesita un registro <tt>CNAME</tt> para delegar su subdominio <tt>openpgpkey</tt> a <tt>wkd.keys.openpgp.org</tt>.
        Debería ser posible hacer esto en la interfaz web de cualquier host de DNS.</p>
<p>Una vez activado para un dominio, sus direcciones verificadas automáticamente estarán disponibles para buscarse vía WKD.</p>
<p>El registro <tt>CNAME</tt> debería verse de esta forma:</p>
<blockquote>$ drill openpgpkey.example.org<br>
        ...<br>
        openpgpkey.example.org.       300     IN      CNAME   wkd.keys.openpgp.org.</blockquote>
    <p>Hay un verificador de estado simple para probar el servicio:</p>
<blockquote>$ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>
        CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>
</blockquote>
    <p>Para probar la obtención de claves:</p>
<blockquote>$ gpg  --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org<br>
</blockquote>
    <h2 style="padding-left: 3%;">API</h2>
    <p>Ofrecemos una API para soporte integrado en aplicaciones OpenPGP. Mira
        nuestra <a href="/about/api">documentación de API</a>.</p>
    <h2 style="padding-left: 3%;">Otros</h2>
    <p>¿No hay una guía para tu implementación favorita?  Este sitio es
        un trabajo-en-proceso, y estamos buscando mejorarlo. ¡escríbenos a
        <span class="email">support at keys dot openpgp dot org</span> si
        quieres ayudar!</p>
</div>
							
							
							
						
@@ -1,28 +0,0 @@
<div class="about">
    <center><h2>À propos | <a href="/about/news">Nouvelles</a> | <a href="/about/usage">Utilisation</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistiques</a> | <a href="/about/privacy">Protection des données</a>
</h2></center>
    <p>Le serveur <span class="brand">keys.openpgp.org</span> est un service public pour la distribution et la recherche de clés compatibles OpenPGP, communément appelé « serveur de clés ».</p>
    <p><strong>Des instructions se trouvent dans notre <a href="/about/usage">guide d’utilisation</a>.</strong></p>
    <h3>Fonctionnement</h3>
    <p>Une clé OpenPGP comprend deux sortes de renseignements :</p>
    <ul>
<li>Les <strong>renseignements d’identité</strong> sont les parties d’une clé qui donne l’identité de son propriétaire, aussi désignés « ID utilisateur ». Un ID utilisateur comprend habituellement un nom et une adresse courriel.</li>
        <li>Les <strong>renseignements qui ne permettent pas de vous identifier</strong> sont de nature technique, au sujet de la clé même. Ils comprennent les grands nombres utilisés pour confirmer les signatures et chiffrer les messages. Ils comprennent aussi des métadonnées telles que la date de création, des dates d’expiration et l’état de révocation.</li>
    </ul>
<p>Traditionnellement, ces renseignements ont toujours été distribués ensemble. Sur <span class="brand">keys.openpgp.org</span>, ils sont traités différemment. Bien que quelqu’un puisse téléverser toutes les parties d’une clé OpenPGP vers <span class="brand">keys.openpgp.org</span>, notre serveur de clés ne conservera et ne publiera que certaines parties, sous certaines conditions :</p>
    <p>Tout <strong>renseignement qui ne permet pas de vous identifier</strong> sera enregistré et distribué librement s’il passe un contrôle cryptographique d’intégrité. N’importe qui peut télécharger ces parties n’importe quand, car elles ne comprennent que des données techniques qui ne peuvent pas être utilisées pour identifier quelqu’un directement. Les logiciels OpenPGP de qualité peuvent utiliser <span class="brand">keys.openpgp.org</span> pour garder ces renseignements à jour pour n’importe quelle clé qu’il connaît. Cela permet aux utilisateurs d’OpenPGP d’assurer des communications sécurisées et fiables.</p>
    <p>Les <strong>renseignements d’identité</strong> d’une clé OpenPGP ne sont distribués qu’avec consentement. Ils comprennent des données personnelles et ne sont pas strictement nécessaires pour qu’une clé soit utilisée pour le chiffrement ou la confirmation par signature. Une fois que le propriétaire donne son consentement en confirmant son adresse courriel, la clé peut être trouvée en cherchant son adresse courriel.</p>
    <h3 id="community">Communauté et plateforme</h3>
    <p>Ce service existe en tant qu’effort communautaire. Vous pouvez nous contacter #hagrid sur l’IRC OFTC, ainsi que #hagrid:stratum0.org sur Matrix. Vous pouvez bien sûr nous contacter aussi par courriel à l’adresse <tt>support arobase keys point openpgp point org</tt>. Les opérateurs proviennent de différents projets de l’écosystème OpenPGP, dont Sequoia-PGP, OpenKeychain et Enigmail.</p>
    <p>D’un point de vue technique, <span class="brand">keys.openpgp.org</span> tourne sur le logiciel de serveur de clés <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a>, qui est fondé sur <a href="https://sequoia-pgp.org">Sequoia-PGP</a>. Nous utilisons <a href="https://eclips.is" target="_blank">eclips.is</a>, une plateforme d’hébergement axée sur les projets qui promeuvent la liberté sur Internet, gérée par <a href="https://greenhost.net/" target="_blank">Greenhost</a>. (Sites en anglais.)</p>
</div>
							
							
							
						
@@ -1,106 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">À propos</a> | <a href="/about/news">Nouvelles</a> | <a href="/about/usage">Utilisation</a> | FAQ | <a href="/about/stats">Statistiques</a> | <a href="/about/privacy">Protection des données</a>
</h2></center>
    <p><strong>Des instructions se trouvent dans notre <a href="/about/usage">guide d’utilisation</a>.</strong></p>
    <h3 id="sks-pool"><a href="#sks-pool">Ce serveur fait-il partie de la réserve « SKS » ? </a></h3>
    <p>Non. Le modèle fédéré de la réserve SKS présente divers problèmes en matière de fiabilité, de résistance aux abus, de confidentialité et d’utilisabilité. Nous réaliserons peut-être quelque chose de semblable, mais <span class="brand">keys.openpgp.org</span> ne fera jamais partie de la réserve SKS même.</p>
    <h3 id="federation"><a href="#federation">keys.openpgp.org est-il fédéré ? Puis-je participer en faisant tourner une instance du site ?</a></h3>
    <p>Pas pour le moment. Nous prévoyons de décentraliser <span class="brand">keys.openpgp.org</span> ultérieurement. Avec plusieurs serveurs exploités par des opérateurs indépendants, nous pouvons espérer améliorer encore plus la fiabilité de ce service.</p>
    <p>Plusieurs personnes ont offert de nous aider en « faisant tourner une instance du serveur Hagrid ». Nous sommes très reconnaissants de ces offres, mais nous n’aurons probablement jamais de modèle fédéré « ouvert » tel que SKS, où tout le monde peut exécuter une instance et faire partie d’une réserve. Il y a deux raisons :</p>
    <ol>
<li>La fédération à participation ouverte exige que toutes les données soient publiques. Cela a une incidence considérable sur la vie privée de nos utilisateurs, car cela permet à n’importe qui de récupérer une liste de toutes les adresses courriel.</li>
        <li>Les serveurs exploités comme passe-temps par des administrateurs occasionnels ne répondent pas à nos normes de fiabilité et de performances.</li>
    </ol>
<h3 id="non-email-uids"><a href="#non-email-uids">Pourquoi les identités qui ne sont pas des adresses courriel ne sont-elles pas prises en charge ?</a></h3>
    <p>Pour distribuer des renseignements d’identité, nous exigeons un consentement explicite. Les identités qui ne sont pas des adresses courriel, telles que les images ou les URL de site Web ne nous permettent pas d’obtenir facilement ce consentement.</p>
    <p>Note : Certains logiciels OpenPGP créent des clés avec des adresses courriel mal formatées. Ces adresses pourraient ne pas être reconnues correctement sur <span class="brand">keys.openpgp.org</span>.</p>
    <h3 id="verify-multiple"><a href="#verify-multiple">Puis-je confirmer plus d’une clé avec la même adresse courriel ?</a></h3>
    <p>Une adresse courriel ne peut être associée qu’avec une seule clé. Si une adresse est confirmée pour une nouvelle clé, elle n’apparaîtra plus avec aucune clé pour laquelle elle était confirmée précédemment. Les <a href="/about">renseignements qui ne permettent pas de vous identifier</a> seront encore distribués pour toutes les clés.</p>
    <p>Cela signifie qu’une recherche par adresse courriel ne retournera qu’une seule clé et non plusieurs candidates. Cela élimine un choix impossible pour l’utilisateur (« Quelle clé est la bonne ? ») et rend plus pratique la recherche de clés par adresse courriel.</p>
    <h3 id="email-protection"><a href="#email-protection">Que faites-vous pour protéger les courriels de confirmation sortants ?</a></h3>
    <p>Nous utilisons une norme moderne appelée <a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a> combinée à <a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a> de la FFÉ (sites en anglais), afin de nous assurer que les courriels de confirmation sont envoyés en toute sécurité. Ces mesures protègent contre l’écoute et l’interception en cours de livraison.</p>
    <p>Le mécanisme MTA-STS ne fonctionne que s’il est pris en charge par le service de courriel des destinataires. Les courriels seront autrement remis comme d’habitude. Vous pouvez <a href="https://www.hardenize.com/">exécuter ce test</a> pour voir si votre service de courriel le prend en charge. Si l’entrée « MTA-STS » située sur la gauche ne présente pas de coche verte, veuillez demander à votre fournisseur de mettre à jour sa configuration.</p>
    <h3 id="third-party-signatures"><a href="#third-party-signatures">Distribuez-vous les « signatures par des tiers » ?</a></h3>
    <p>Tout simplement, non.</p>
    <p>Une « signature par un tiers » est la signature d’une clé effectuée par quelque autre clé. Généralement, ce sont les signatures produites en signant la clé de quelqu’un, qui constituent la fondation de la « <a href="https://fr.wikipedia.org/wiki/Toile_de_confiance" target="_blank">toile de confiance</a> ». Pour plusieurs raisons, ces signatures ne sont actuellement pas distribuées par <span class="brand">keys.openpgp.org</span>.</p>
    <p>La raison principale est <strong>les contenus indésirables</strong>. Les signatures par des tiers permettent de joindre des données arbitraires à la clé de n’importe qui, et rien n’empêche un utilisateur malveillant de joindre tant de méga-octets de données obèses à une clé qu’elle devient pratiquement inutilisable. Pis encore, il pourrait joindre du contenu offensif ou illégal.</p>
    <p>Des idées de solution existent pour résoudre ce problème. Par exemple, les signatures pourraient être distribuées avec le signataire plutôt qu’avec la personne à qui la signature est destinée. Nous pourrions aussi exiger, avant distribution, une signature croisée de la personne à qui la signature est destinée, afin de prendre en charge un déroulement <a href="https://wiki.debian.org/caff" target="_blank">genre « caff »</a> (page en anglais). Si cela suscite suffisamment d’intérêt, nous sommes prêts à collaborer avec d’autres projets OpenPGP pour concevoir une solution.</p>
    <h3 id="no-sign-verified"><a href="#no-sign-verified">Pourquoi ne pas signer les clés après confirmation ?</a></h3>
    <p>Le service <span class="brand">keys.openpgp.org</span> est conçu pour la distribution et la recherche de clés, pas comme une autorité de certification de facto. Les mises en œuvre par des clients qui souhaitent offrir des communications vérifiées devraient reposer sur leur propre modèle de confiance.</p>
    <h3 id="revoked-uids"><a href="#revoked-uids">Pourquoi les identités révoquées ne sont-elles pas distribuées comme telles ?</a></h3>
    <p>Si une clé OpenPGP marque l’une de ses identités comme révoquée, cette identité ne devrait plus être considérée comme valide pour la clé. Ce renseignement devrait idéalement aussi être distribué à tous les clients OpenPGP qui connaissent déjà la nouvelle identité révoquée.</p>
    <p>Malheureusement, il n’existe actuellement aucune bonne façon de distribuer des révocations qui ne divulguerait pas aussi l’identité révoquée même.</p>
    <p>Des solutions à ce problème ont été proposées, qui permettent la distribution de révocations sans aussi divulguer l’identité même. Cependant, il n’existe jusqu’à présent aucune spécification finale ni prise charge par des logiciels OpenPGP. Nous espérons qu’une solution sera mise en place dans un avenir proche et nous la déploierons sur <span class="brand">keys.openpgp.org</span> dès que nous le pourrons.</p>
    <h3 id="search-substring"><a href="#search-substring">Pourquoi n’est-il pas possible d’effectuer une recherche avec une partie de l’adresse courriel, par exemple, seulement le domaine ?</a></h3>
    <p>Certains serveurs de clés prennent en charge la recherche de clés avec une partie de l’adresse courriel. Cela permet de découvrir non seulement des clés, mais aussi des adresses, avec une requête telle que « clés pour adresses à gmail point com ». Ainsi, une liste publique des adresses de toutes les clés sur ces serveurs est en fait créée.</p>
    <p>Sur <span class="brand">keys.openpgp.org</span>, une recherche par adresse courriel ne retourne une clé que si elle correspond exactement à l’adresse courriel. De cette façon, un utilisateur normal peut découvrir la clé associée avec n’importe quelle adresse courriel qu’il connaît déjà, mais il ne peut pas découvrir de nouvelles adresses courriel. Cela empêche un utilisateur malveillant ou un arroseur (pourrielleur) d’obtenir une liste de toutes les adresses courriel sur ce serveur.</p>
    <p>Nous avons mis cette restriction en place dans le cadre de notre <a href="/about/privacy">Politique de confidentialité</a>, ce qui signifie que nous ne pouvons pas la changer sans demander le consentement des utilisateurs.</p>
    <h3 id="tor"><a href="#tor">Prenez-vous Tor en charge ?</a></h3>
    <p>Bien sûr ! Si vous avez installé Tor, vous pouvez accéder anonymement à <span class="brand">keys.openpgp.org</span> en tant que <a href="https://support.torproject.org/fr/onionservices/#onionservices-2" target="_blank">service onion</a> : <br><a href="http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion">zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</a></p>
    <h3 id="encrypt-verification-emails"><a href="#encrypt-verification-emails">Pourquoi ne pas chiffrer les courriels de confirmation ?</a></h3>
    Il existe plusieurs raisons :
    <ol>
<li>C’est plus compliqué, à la fois pour les utilisateurs et pour nous.</li>
        <li>Cela ne prévient pas les attaques. Un assaillant ne gagne rien à téléverser une clé à laquelle il n’a pas accès.</li>
        <li>La suppression devrait quand même être possible même si une clé est perdue.</li>
        <li>Un mécanisme différent (et plus compliqué) serait nécessaire pour téléverser des clés qui peuvent seulement signer.</li>
    </ol>
<h3 id="older-gnupg"><a href="#older-gnupg">J’éprouve des difficultés à mettre à jour certaines clés avec GnuPG. Y a-t-il un bogue ? </a></h3>
    <p>GnuPG considère que les clés qui ne comprennent pas de renseignements d’identité sont invalides et refuse de les importer. Cependant, une clé qui n’a <a href="/about">pas d’adresse courriel confirmée</a> peut quand même comprendre des renseignements utiles. Plus précisément, il est possible de vérifier si la clé est révoquée ou non.</p>
    <p>En juin 2019, l’équipe de <span class="brand">keys.openpgp.org</span> a créé un correctif qui permet à GnuPG de traiter les mises à jour des clés sans renseignements d’identité.
Ce correctif a rapidement été intégré à plusieurs versions en aval de GnuPG, dont Debian, Fedora, NixOS, et GPG Suite pour macOS.</p>
    <p>En mars 2020, l’équipe de GnuPG a rejeté le correctif et a changé l’état du problème à « Wontfix » (ne sera pas corrigé). Cela signifie que <strong> les versions non corrigées de GnuPG ne peuvent pas recevoir de mises à jour de <span class="brand">keys.openpgp.org</span> pour les clés qui n’ont pas d’adresse courriel confirmée</strong>. Vous trouverez plus de précisions au sujet de cette décision dans le problème <a href="https://dev.gnupg.org/T4393#133689">T4393</a> du système de suivi des bogues de GnuPG (page en anglais).</p>
    <p>Les instructions qui suivent vous permettront de vérifier si votre version de GnuPG est affectée.</p>
    <blockquote>
<span style="font-size: larger;">Importez la clé de test :</span><br><br>
      $ curl https://keys.openpgp.org/assets/uid-test.pub.asc | gpg --import<br>
      gpg: clef F231550C4F47E38E: « Alice Lovelace &lt;alice@openpgp.example&gt; » importée<br>
      gpg: Quantité totale traitée : 1<br>
      gpg:               importées  1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">Avec le correctif, la clé sera mise à jour si elle est connue localement :</span><br><br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: clef F231550C4F47E38E : « Alice Lovelace &lt;alice@openpgp.example&gt; » inchangée<br>
      gpg: Quantité totale traitée : 1<br>
      gpg:              inchangées : 1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">Sans le correctif, une clé dépourvue d’identité est toujours rejetée :</span><br><br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key EB85BB5FA33A75E15E944E63F231550C4F47E38E : n'est pas un identifiant de clef <br>
</blockquote>
</div>
							
							
							
						
@@ -1,102 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">À propos</a> | Nouvelles | <a href="/about/usage">Utilisation</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistiques</a> | <a href="/about/privacy">Protection des données</a>
</h2></center>
    <h2 id="2019-11-12-celebrating-100k">
      <div style="float: right; font-size: small; line-height: 2em;">12-11-2019 📅</div>
      <a style="color: black;" href="/about/news#2019-11-12-celebrating-100k">Nous célébrons 100 000 adresses confirmées ! 📈</a>
    </h2>
    <p>Il y a cinq mois, nous lancions ce service. Nous avons aujourd’hui atteint une étape remarquable :</p>
<center style="margin-top: 2em; margin-bottom: 2em;">
<img src="/assets/img/stats-addresses-2019-11-12.png" style="padding: 1px; border: 1px solid gray;"><br><strong>Cent mille adresses courriel confirmées ! </strong>
</center>
    <p>Nous remercions tous ceux qui utilisent ce service. Nous remercions tout particulièrement ceux qui nous ont envoyé des rétroactions et qui ont collaboré avec des traductions et même du code.</p>
<p>Quelques nouvelles sur certaines des choses auxquelles nous travaillons :</p>
<ul>
<li>Cette page de nouvelles est maintenant proposée sous la forme de <strong><a target="_blank" href="/atom.xml">fil Atom<img src="/assets/img/atom.svg" style="height: 0.8em;"></a></strong>.</li>
        <li>Nous travaillons sur un <strong><a target="_blank" href="https://gitlab.com/keys.openpgp.org/hagrid/issues/131">nouveau mécanisme d’actualisation des clés</a></strong> qui protège mieux les données personnelles des utilisateurs.</li>
        <li>Le travail de <strong>localisation</strong> bat son plein ! Nous espérons proposer bientôt des versions internationales.</li>
    </ul>
<p>Si vous souhaitez que <span class="brand">keys.openpgp.org</span> soit traduit dans votre langue maternelle, n’hésitez pas <a target="_blank" href="https://www.transifex.com/otf/hagrid/">à vous joindre à l’équipe de traduction</a> sur Transifex. Nous aimerions recevoir de l’aide, plus particulièrement pour le <strong>russe</strong>, l’<strong>italien</strong>, le <strong>polonais</strong> et le <strong>néerlandais</strong>.</p>
<p>C’est tout pour ces brèves nouvelles. <span style="font-size: x-large;">👍️</span></p>
<hr style="margin-top: 2em; margin-bottom: 2em;">
<h2 id="2019-09-12-three-months-later">
      <div style="float: right; font-size: small; line-height: 2em;">12-09-2019 📅</div>
      <a style="color: black;" href="/about/news#2019-09-12-three-months-later">Trois mois après le lancement ✨ </a>
    </h2>
    <p><a href="/about/news#2019-06-12-launch">Nous avons lancé</a> <span class="brand">keys.openpgp.org</span> il y a maintenant trois mois. Nous sommes heureux d’annoncer que ce fut un succès retentissant. 🥳</p>
<h4>Adoption dans les clients</h4>
    <p>Le serveur de clés <span class="brand">keys.openpgp.org</span> a très bien été reçu par les utilisateurs, et les clients l’adoptent rapidement. Il est maintenant utilisé par défaut par <a href="https://gpgtools.org/" target="_blank">GPGTools</a>, <a href="https://enigmail.net/" target="_blank">Enigmail</a>, <a href="https://www.openkeychain.org/" target="_blank">OpenKeychain</a>, <a href="https://github.com/firstlookmedia/gpgsync" target="_blank">GPGSync</a>, Debian, NixOS et d’autres. De nombreux tutoriels ont aussi été mis à jour pour diriger les utilisateurs vers nous.</p>
<p>Alors que nous écrivons ces lignes, plus de 70 000 adresses courriel ont été confirmées.</p>
<center style="margin-top: 2em; margin-bottom: 2em;">
<img src="/assets/img/stats-addresses-2019-09-12.png" style="padding: 1px; border: 1px solid gray;"><br><span style="font-size: smaller;">Si ce n’est pas une courbe prometteuse, je ne sais pas ce qui pourrait l’être :)</span>
</center>
    <p>Il convient de féliciter tout particulièrement GPGTools pour macOS. Ils ont orchestré le processus de mise à jour de manière si fluide que le nombre d’adresses confirmées a totalement explosé après qu’ils ont publié leur mise à jour.</p>
<h4>Les activités se portent bien</h4>
    <p>Il n’a pas grand-chose à signaler d’un point de vue opérationnel et dans ce cas, pas de nouvelle est synonyme de bonne nouvelle. Depuis le lancement, il n’y a presque pas eu de temps d’arrêt et le volume d’assistance fut faible.</p>
<p>Notre trafic est actuellement de dix requêtes par seconde (plus durant la journée, moins la fin de semaine), et nous avons envoyé environ 100 000 courriels lors du mois dernier, sans problème.</p>
<p>Nous avons apporté plusieurs petites améliorations d’ordre opérationnel, dont le déploiement de <a href="http://dnsviz.net/d/keys.openpgp.org/dnssec/" target="_blank">DNSSEC</a>, la mise en place de <a href="/about/api#rate-limiting" target="_blank">limites de débit</a>, apporté la touche finale à nos en-têtes de <a href="https://developer.mozilla.org/fr/docs/Web/HTTP/CSP">politique de sécurité du contenu</a> et activé le mode à <a href="https://blog.torproject.org/whats-new-tor-0298" target="_blank">un seul saut</a> pour notre service onion sur Tor. Vous trouverez une liste plus complète <a href="https://gitlab.com/keys.openpgp.org/hagrid/merge_requests?scope=all&amp;utf8=%E2%9C%93&amp;state=merged" target="_blank">ici</a> (page en anglais).</p>
<h4>Remise sécurisée de courriels avec MTA-STS</h4>
    <p>Une amélioration qui mérite une mention spéciale est <a href="https://www.hardenize.com/blog/mta-sts">MTA-STS</a>, qui améliore la sécurité des courriels sortants.</p>
<p>Bien que HTTPS soit déployé à peu près partout de nos jours, ce n’est malheureusement pas le cas pour le courriel. De nombreux serveurs n’ont pas du tout recours au chiffrement ou utilisent un certificat autosigné au lieu d’un certificat adéquat (p. ex. de Let’s Encrypt). Mais les problèmes de remise gênent plus les clients qu’une sécurité réduite et de nombreux courriels sont encore remis sans chiffrement.</p>
<p>Avec MTA-STS, les opérateurs de domaines peuvent indiquer (par HTTPS) que leur serveur de courriel <em>prend en charge</em> le chiffrement. Si une connexion sécurisée ne peut pas être établie vers un tel serveur, la remise du courriel sera différée, voire refusée au lieu de poursuivre sans sécurité adéquate.</p>
<p>Cela est particulièrement utile pour des services tels que <span class="brand">keys.openpgp.org</span>. Si le chiffrement n’est pas fiable, des assaillants pourraient assez facilement intercepter les courriels de confirmation. Mais pour les fournisseurs qui ont mis en œuvre MTA-STS, nous pouvons être certains que tous les messages sont remis en toute sécurité et au bon serveur.</p>
<p>Vous pouvez <a href="https://aykevl.nl/apps/mta-sts/" target="_blank">effectuer un contrôle</a> (site en anglais) pour découvrir si votre fournisseur de service de courriel prend en charge MTA-STS. Si ce n’est pas le cas, veuillez leur envoyer un message et leur demander de rehausser leur niveau de sécurité.</p>
<h4>Travaux en cours</h4>
    <p>Nous travaillons sur deux choses :</p>
<p>La première est la <strong>localisation</strong>. La plupart des gens ne parlent pas anglais, mais c’est actuellement la seule langue que nous prenons en charge. Nous collaborons avec le <a href="https://www.opentech.fund/labs/localization-lab/" target="_blank">Labo de localisation</a> afin de traduire le site Web et les courriels sortants en d’autres langues.</p>
<p>La seconde est de ramener les <strong>signatures par des tiers</strong>. Comme <a href="/about/faq#third-party-signatures">mentionné dans notre FAQ</a>, nous ne les prenons actuellement pas en charge en raison de contenus indésirables et de possibilités d’abus. L’idée est d’exiger des <a href="https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/20/diffs" target="_blank">signatures croisées</a>, qui permettent à chaque clé de faire son choix quant aux signatures d’autres personnes qu’elle veut distribuer. Malgré cette étape supplémentaire, le processus est assez compatible avec les logiciels existants. De plus, il n’importune pas les utilisateurs qui ne se préoccupent pas des signatures.</p>
<p>Bien que nous travaillions à les mettre en place, une date de disponibilité n’est prévue ni pour l’une ni pour l’autre.</p>
<p>Au sujet du problème « <tt>pas d’identité</tt> » avec GnuPG (mentionné dans notre <a href="/about/news#2019-06-12-launch-challenges">dernier article de nouvelles</a> et dans notre <a href="/about/faq#older-gnupg" target="_blank">FAQ</a>), un correctif qui règle ce problème est maintenant en place sur Debian, ainsi que sur GPGTools pour macOS. GnuPG n’a pas encore fusionné ce correctif en amont.</p>
<p>C’est tout ! Nous vous remercions de votre intérêt. <span style="font-size: x-large;">👋</span> </p>
<hr style="margin-top: 2em; margin-bottom: 2em;">
<h2 id="2019-06-12-launch">
      <div style="float: right; font-size: small; line-height: 2em;">12-06-2019 📅</div>
      <a href="/about/news#2019-06-12-launch" style="color: black;">Lancement d’un nouveau serveur de clés ! 🚀</a>
    </h2>
    <p>Résultat d’une initiative communautaire par <a href="https://enigmail.net" target="_blank">Enigmail</a>, <a href="https://openkeychain.org" target="_blank">OpenKeychain</a> et <a href="https://sequoia-pgp.org">Sequoia PGP</a>, nous sommes heureux d’annoncer le lancement d’un nouveau serveur de clés OpenPGP public <span class="brand">keys.openpgp.org</span>. Hourra ! 🎉</p>
<h4>Pour résumer :</h4>
    <ul>
<li>Rapide et fiable. Pas de temps d’attente, pas de temps d’arrêt, pas d’incohérence !</li>
      <li>Précis. Les recherches ne retournent qu’une clé, ce qui permet une découverte de clés facile.</li>
      <li>Confirmé. Les identités ne sont publiées qu’avec consentement, alors que les renseignements qui ne permettent pas de vous identifier sont distribués librement.</li>
      <li>Supprimable. Les utilisateurs peuvent supprimer des renseignements personnels avec une simple confirmation par courriel.</li>
      <li>Écrit en Rust, propulsé par <a href="https://sequoia-pgp.org">Sequoia-PGP</a> (site en anglais). Gratuit et à code source ouvert, en vertu d’une licence AGPLv3.</li>
    </ul>
    Essayez-le dès maintenant en <a href="/upload">téléversant votre clé</a> !
    <h4>Pourquoi un nouveau serveur de clés ?</h4>
    <p>Nous avons créé <span class="brand">keys.openpgp.org</span> afin de fournir une solution de rechange à la réserve de serveurs de clés SKS, qui est de nos jours utilisée par défaut par de nombreuses applications. Ce réseau distribué de serveurs de clés est aux prises avec des <a target="_blank" href="https://medium.com/@mdrahony/are-sks-keyservers-safe-do-we-need-them-7056b495101c">abus</a>, des problèmes de <a target="_blank" href="https://en.wikipedia.org/wiki/Key_server_(cryptographic)#Problems_with_keyservers">performance</a> et de <a href="http://www.openwall.com/lists/oss-security/2017/12/10/1">protections des données personnelles</a>, et plus récemment aussi avec des questions de conformité au <a target="_blank" href="http://nongnu.13855.n7.nabble.com/SKS-apocalypse-mitigation-td228252.html">RGPD</a> (pages en anglais). Kristian Fiskerstrand a accompli un travail absolument exemplaire de maintenance de la réserve <a target="_blank" href="https://blog.sumptuouscapital.com/2016/12/10-year-anniversary-for-sks-keyservers-net/">depuis plus de dix ans</a>, mais à l’heure actuelle, l’activité de développement semble être <a target="_blank" href="https://bitbucket.org/skskeyserver/sks-keyserver/pull-requests/60/clean-build-with-405">pratiquement arrêtée</a> (pages en anglais).</p>
<p>Nous avons pensé qu’il était temps d’envisager une approche nouvelle pour résoudre ces problèmes.</p>
<h4>Les renseignements qui permettent de vous identifier et ceux qui ne le permettent pas</h4>
    <p>Le serveur de clés <span class="brand">keys.openpgp.org</span> sépare dans les clés les renseignements qui peuvent vous identifier de ceux qui ne le peuvent pas.
Vous trouverez plus de précisions sur notre <a href="/about" target="_blank">page À propos</a> : en gros, les renseignements qui ne permettent pas de vous identifier (les clés, les révocations, etc.) sont distribués librement, alors que ceux qui permettent de le faire sont seulement distribués avec consentement, qui lui-même peut être révoqué n’importe quand.</p>
<p>Si une nouvelle clé est confirmée pour une adresse courriel donnée, cette dernière remplacera la précédente. De cette façon, chaque adresse courriel est au plus associée à une seule clé. Le propriétaire de l’adresse peut aussi la retirer n’importe quand de la liste. Cela est très pratique pour la découverte de clés : si une recherche par adresse courriel retourne une clé, cela implique que c’est la seule qui est actuellement valide pour l’adresse courriel recherchée.</p>
<h4>Prise en charge dans Enigmail et OpenKeychain</h4>
    <p>Le serveur de clés <span class="brand">keys.openpgp.org</span> sera pris en charge de façon prioritaire dans les versions à venir d’<a href="https://enigmail.net" target="_blank">Enigmail</a> pour Thunderbird et d’<a href="https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain&amp;hl=en">OpenKeychain</a> pour Android. Cela signifie que les utilisateurs de ces logiciels profiteront de temps de réponse plus courts et d’une découverte de clés par adresse courriel améliorée. Nous espérons que cela nous donnera aussi l’élan nécessaire pour faire évoluer ce projet vers une initiative communautaire de plus grande envergure.</p>
<h4 id="2019-06-12-launch-challenges">Les défis actuels</h4>
    <p>Les techniques qui protègent les données personnelles sont encore nouvelles pour ce qui est des serveurs de clés et malheureusement, la séparation des renseignements d’identité cause encore quelques problèmes de compatibilité.</p>
<p>Plus particulièrement, quand GnuPG (version 2.2.16 au moment d’écrire ces lignes) rencontre une clé OpenPGP sans identités, il retourne une erreur « pas d’identité » et ne traite pas les nouveaux renseignements qui ne permettent pas l’identification (tels que les certificats de révocation), même s’ils sont valides d’un point de vue cryptographique. Nous nous efforçons activement de trouver des correctifs pour ces problèmes.</p>
<h4>L’avenir</h4>
    <p>Les techniques qui protègent les données personnelles sont encore nouvelles pour ce qui est des serveurs de clés et nous avons d’autres idées sur la façon de réduire la quantité de métadonnées. Mais pour l’instant, nous prévoyons seulement d’assurer la fiabilité et la rapidité 🐇 de <span class="brand">keys.openpgp.org</span>, de corriger les bogues qui se présenteraient 🐞, et de rester à l’écoute <a href="/about#community">des rétroactions</a> de la communauté. 👂</p>
<p>Pour plus de précisions, consultez nos pages <a target="_blank" href="/about">À propos</a> et <a target="_blank" href="/about/faq">FAQ</a>. Vous pouvez commencer tout de suite en <a href="/upload" target="_blank">téléversant votre clé</a>. Vous serez aussi intéressés par notre <a target="_blank" href="/about/api">API</a> et notre <a target="_blank" href="/about/faq#tor">service onion</a>.</p>
<p>Merci !
    <span style="font-size: x-large;">🍻</span></p>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">À propos</a> | <a href="/about/news">Nouvelles</a> | <a href="/about/usage">Utilisation</a> | <a href="/about/faq">FAQ</a> | Statistiques | <a href="/about/privacy">Protection des données</a>
</h2></center>
    <h3>Adresses courriel confirmées</h3>
    <p>Une statistique simple du nombre total d’adresses courriel qui sont actuellement confirmées. 📈</p>
    <p>
      </p>
<center><img src="/about/stats/week.png"></center>
    
    <p>
      </p>
<center><img src="/about/stats/month.png"></center>
    
    <h3>Charge moyenne</h3>
    <p>La « charge moyenne » d’un serveur traduit son niveau d’occupation. En termes simples :</p>
<ul>
<li>0.0 signifie que l’hôte <span class="brand">keys.openpgp.org</span> est au repos</li>
        <li>1.0 signifie qu’il est assez occupé</li>
        <li>4.0 et plus qu’il est en feu 🔥</li>
      </ul>
<p>
      </p>
<center><img src="/about/stats/load_week.png"></center>
    
</div>
							
							
							
						
@@ -1,124 +0,0 @@
<div class="about usage">
    <center><h2>
<a href="/about">À propos</a> | <a href="/about/news">Nouvelles</a> | Utilisation | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistiques</a> | <a href="/about/privacy">Protection des données</a>
</h2></center>
    <p>Sur cette page, nous regroupons des renseignements sur la façon d’utiliser <span class="brand">keys.openpgp.org</span> avec différents logiciels OpenPGP.<br> Nous continuons à en ajouter de nouveaux. Si certains manquent, veuillez nous écrire et nous nous efforcerons de les ajouter.</p>
    <h2 id="web" style="padding-left: 3%;"><a href="#web">Interface Web</a></h2>
    <p>L’interface Web de <span class="brand">keys.openpgp.org</span> vous permet de :</p>
    <p>
        </p>
<ul>
<li>
<a href="/">Chercher</a> des clés manuellement, par empreinte ou par adresse courriel.</li>
            <li>
<a href="/upload">Téléverser</a> des clés manuellement et de les confirmer une fois téléversées.</li>
            <li>
<a href="/manage">Gérer</a> vos clés et supprimer les identités publiées.</li>
        </ul>
<h2 id="enigmail">
        <div><img src="/assets/img/enigmail.svg"></div>
        <a href="#enigmail">Enigmail</a>
    </h2>
    <p><a href="https://enigmail.net" target="_blank">Enigmail</a> pour Thunderbird utilise <span class="brand">keys.openpgp.org</span> par défaut depuis la version 2.0.12.</p>
    <p>Une prise en charge totale est offerte depuis Enigmail 2.1 (pour <a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> [page en anglais] ou version ultérieure) : </p>
<ul>
<li>Les clés seront tenues à jour automatiquement.</li>
            <li>Lors de la création d’une clé, vous pouvez téléverser et confirmer votre clé.</li>
            <li>La recherche de clés peut se faire par adresse courriel.</li>
        </ul>
<h2 id="gpg-suite">
        <div><img src="/assets/img/gpgtools.png"></div>
        <a href="#gpg-suite">Suite GPG</a>
    </h2>
    <p><a href="https://gpgtools.org/">GPG Suite</a> pour macOS utilise <span class="brand">keys.openpgp.org</span> par défaut depuis août 2019.</p>
    <h2 id="openkeychain">
        <div><img src="/assets/img/openkeychain.svg"></div>
        <a href="#openkeychain">OpenKeychain</a>
    </h2>
    <p><a href="https://www.openkeychain.org/">OpenKeychain</a> pour Android utilise <span class="brand">keys.openpgp.org</span> par défaut depuis juillet 2019.</p>
<ul>
<li>Les clés seront tenues à jour automatiquement.</li>
            <li>La recherche de clés peut se faire par adresse courriel.</li>
        </ul>
<p>Notez qu’il n’y a actuellement pas de prise en charge intégrée du téléversement ni de la confirmation d’adresses courriel.</p>
    <h2 id="pignus">
        <div><img src="/assets/img/pignus.png"></div>
        <a href="#pignus">Pignus</a>
    </h2>
    <p><a href="https://www.frobese.de/pignus/">Pignus</a> pour iOS utilise <span class="brand">keys.openpgp.org</span> par défaut depuis novembre 2019.</p>
<ul>
<li>Vos clés peuvent être téléversées n’importe quand.</li>
            <li>La recherche de clés peut se faire par adresse courriel.</li>
        </ul>
<h2 id="gnupg">
        <div><img src="/assets/img/gnupg.svg"></div>
        <a href="#gnupg">GnuPG</a>
    </h2>
    <p>Afin de configurer <a href="https://gnupg.org">GnuPG</a> pour utiliser <span class="brand">keys.openpgp.org</span> comme serveur de clés, ajoutez cette ligne à votre fichier <tt>gpg.conf</tt> :</p>
<blockquote>keyserver hkps://keys.openpgp.org</blockquote>
    
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">Récupérer des clés</a></h4>
    <ul>
<li>Pour trouver la clé d’un utilisateur, par adresse courriel :<blockquote>gpg --auto-key-locate keyserver --locate-keys utilisateur@exemple.net</blockquote>
        </li>
        <li>Pour actualiser toutes vos clés (p. ex. les nouveaux certificats de révocation et les sous-clés) :<blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
<h4 id="gnupg-upload"><a href="#gnupg-upload">Téléverser votre clé</a></h4>
    <p>Les clés peuvent être téléversées avec la commande <tt>--send-keys</tt> de GnuPG, mais les renseignements d’identité ne peuvent pas être confirmés de cette façon afin qu’une recherche par adresse courriel trouve la clé. (<a href="/about">Qu’est-ce que cela signifie ?</a>)</p>
    <ul>
<li>Vous pouvez essayer ce raccourci pour téléverser votre clé. Il retournera un lien direct vers la page de confirmation :<blockquote>gpg --export votre_adresse_courriel@exemple.net | curl -T - {{ base_uri }}</blockquote>
        </li>
        <li>Vous pouvez autrement les exporter dans un fichier et le sélectionner dans la page de <a href="/upload" target="_blank">téléversement</a> :<blockquote>gpg --export votre_adresse_courriel@exemple.net &gt; ma_clé.pub</blockquote>
        </li>
    </ul>
<h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">Dépannage</a></h4>
    <ul>
<li>Certains anciens fichiers <tt>~/gnupg/dirmngr.conf</tt> comprennent une ligne telle que celle-ci :<blockquote>hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem</blockquote>
            <p>Cette configuration n’est plus nécessaire, mais empêche les certificats ordinaires de fonctionner. Il est recommandé de simplement supprimer cette ligne de la configuration.</p>
        </li>
        <li>Lors de l’actualisation des clés, vous pourriez rencontrer des erreurs telles que celle qui suit :<blockquote>gpg: key A2604867523C7ED8 : pas d’identité</blockquote>
            C’est un <a href="https://dev.gnupg.org/T4393" target="_blank">problème connu de GnuPG</a> (page en anglais). Nous nous efforçons de résoudre ce problème avec l’équipe de GnuPG.
        </li>
    </ul>
<h4 id="gnupg-tor"><a href="#gnupg-tor">Utilisation avec Tor</a></h4>
    <p>Pour les utilisateurs qui souhaitent être particulièrement prudents, il est possible d’accéder anonymement à <span class="brand">keys.openpgp.org</span> en tant que <a href="https://support.torproject.org/fr/onionservices/#onionservices-2" target="_blank">service onion</a>. Si vous avez installé <a href="https://www.torproject.org/fr/" target="_blank">Tor</a>, utilisez la configuration suivante :</p>
<blockquote>keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</blockquote>
    
    <h2 style="padding-left: 3%;" id="wkd-as-a-service"><a href="#wkd-as-a-service">WKD-service</a></h2>
    <p>L’annuaire de clés Web (WDK) est la norme pour découvrir des clés OpenPGP d’après une adresse courriel, par le domaine de son service de courriel. Il est utilisé pour découvrir des clés inconnues dans certains clients de courriel tels que <a href="https://www.gpg4win.de/about.html" target="_blank">GpgOL</a> (page en anglais).</p>
<p>Pour n’importe quel domaine, <span class="brand">keys.openpgp.org</span> peut être utilisé comme service WKD géré. Pour ce faire, le domaine doit simplement être un enregistrement <tt>CNAME</tt> qui délègue son sous-domaine <tt>openpgpkey</tt> à <tt>wkd.keys.openpgp.org</tt>. Il devrait être possible de le faire dans l’interface Web de n’importe quel hébergeur de DNS.</p>
<p>Une fois qu’il est appliqué pour un domaine, ses adresses confirmées seront automatiquement disponibles pour les recherches grâce au WKD.</p>
<p>L’enregistrement <tt>CNAME</tt> devrait ressembler à ceci : </p>
<blockquote>$ drill openpgpkey.example.org<br>
        ...<br>
        openpgpkey.example.org.       300     IN      CNAME   wkd.keys.openpgp.org.</blockquote>
    <p>Il existe un vérificateur d’état simple pour tester le service :</p>
<blockquote>$ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>
        CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>
</blockquote>
    <p>Pour tester la récupération des clés :</p>
<blockquote>$ gpg  --locate-keys --auto-key-locate clear,nodefault,wkd adresse@exemple.org<br>
</blockquote>
    <h2 style="padding-left: 3%;">API</h2>
    <p>Nous offrons une API pour une prise en charge intégrée dans les applications OpenPGP. Consultez la <a href="/about/api">documentation de notre API</a>.</p>
    <h2 style="padding-left: 3%;">Autres</h2>
    <p>Vous manque-t-il un guide pour votre logiciel OpenPGP préféré ? Ce site est évolutif et nous cherchons à l’améliorer. Envoyez-nous un courriel à l’adresse <span class="email">support arobase keys point openpgp point org</span> si vous souhaitez nous aider.</p>
</div>
							
							
							
						
@@ -1,58 +0,0 @@
<div class="about">
    <center><h2>About | <a href="/about/news">Novità</a> | <a href="/about/usage">Guida all'uso</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistiche</a> | <a href="/about/privacy">Privacy</a>
</h2></center>
    <p>Il server <tt>keys.openpgp.org</tt> è un servizio pubblico per la distribuzione e ricerca di chiavi OpenPGP-compatibili, chiamato comunemente "keyserver".</p>
    <p><strong>Per le istruzioni, vedi la nostra <a href="/about/usage">guida all'uso</a>.</strong></p>
    <h3>Come funziona</h3>
    <p>Una chiave OpenPGP contiene due tipi di informazioni:</p>
    <ul>
<li>
<strong>Informazioni identificative</strong> indica le parti della chiave che identificano il suo proprietario, anche conosciute come "User IDs".
Un User ID tipicamente include un nome e un indirizzo email.</li>
        <li>Le <strong>Informazioni non identificative</strong> sono tutte le informazioni tecniche sulla chiave stessa. Questo include i grandi numeri
usati per verificare le firme e cifrare i messaggi.
Include anche i metadata come data di creazione, alcune date
 di scadenza, e lo stato di revoca.</li>
    </ul>
<p>Di consuetudine, queste informazioni sono sempre state distribuite
congiuntamente. Su <span class="brand">keys.openpgp.org</span>, sono
gestiti differentemente. Mentre chiunque può caricare tutte le parti di una chiave OpenPGP
su <span class="brand">keys.openpgp.org</span>, il nostro keyserver
immagazinerà e pubblicherà solo certe parti sotto certe condizioni:</p>
    <p>Tutte le <strong>informazioni non identificative</strong> saranno conservate e liberamente
ridistribuite, se vengono convalidate dal controllo di integrità crittografica.
Chiunque può scaricare queste parti in qualsiasi momento, dato che contengono solo
dati tecnici che non possono essere usati per identificare una persona.
Un buon software OpenPGP può usare <span class="brand">keys.openpgp.org</span>
per tenere queste informazioni aggiornate per ogni chiave che conosce.
Questo aiuta gli utenti OpenPGP a mantenere la propria comunicazione sicura e affidabile.</p>
    <p>Le <strong>informazioni identificative</strong> in una chiave OpenPGP
sono distribuite solo dietro consenso.
Contengono dati personali, e non sono strettamente necessarie affinché
una chiave possa essere usata per la cifratura o verificare una firma.
Una volta che il proprietario fornisce il proprio consenso verificando il suo indirizzo email,
la chiave può essere trovata tramite la ricerca per indirizzo email.</p>
    <h3 id="community">Comunità e piattaforma</h3>
    <p>Questo servizio è uno sforzo comunitario.
Puoi contattarci su
#hagrid su Freenode IRC,
raggiungibile anche da #hagrid:stratum0.org su Matrix.
Ovviamente puoi anche mandarci una email,
all'indirizzo <tt>support chiocciola keys punto openpgp punto org</tt>.
Le persone che lo portano avanti vengono da vari progetti nell'ecosistema OpenPGP, inclusi  Sequoia-PGP, OpenKeychain, e Enigmail.</p>
    <p>Tecnicamente, <tt>keys.openpgp.org</tt> funziona grazie al software <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a>keyserver,
  che è basato su <a href="https://sequoia-pgp.org">Sequoia-PGP</a>.
Stiamo girando su <a href="https://eclips.is" target="_blank">eclips.is</a>,
una piattaforma di hosting incentrata sui progetti di Internet Freedom,
che è gestita da <a href="https://greenhost.net/" target="_blank">Greenhost</a>.</p>
</div>
							
							
							
						
@@ -1,175 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">About</a> | <a href="/about/news">Novità</a> | <a href="/about/usage">Guida all'uso</a> | FAQ | <a href="/about/stats">Statistiche</a> | <a href="/about/privacy">Privacy</a>
</h2></center>
    <h3 id="sks-pool"><a href="#sks-pool">Questo server è parte del pool "SKS"?</a></h3>
    <p>No. Il modello di federazione del pool SKS ha diversi problemi in termini
di affidabilità, resistenza all'abuso, privacy, ed usabilità. Potremmmo fare
qualcosa di simile, ma <span class="brand">keys.openpgp.org</span>
non sarà mai parte del pool SKS.</p>
    <h3 id="federation"><a href="#federation">keys.openpgp.org è federato? Posso contribuire mantenendo un'istanza?</a></h3>
    <p>Per il momento, no.
Vogliamo decentralizzare <span class="brand">keys.openpgp.org</span>
prima o poi.
Con più server
gestiti da più agenti indipendenti,
possiamo auspicabilmente migliorare ulteriormente
l'affidabilità di questo servizio.</p>
    <p>Diverse persone si sono offerte di aiutare
"facendo girare un'istanza del server Hagrid".
Appreziamo molto l'offerta,
ma probabilmente non avremo mai un modello di federazione "aperta" come SKS,
dove chiunque può gestire un'istanza e divenire parte del "pool".
Questo per due ragioni:</p>
    <ol>
<li>La federazione a partecipazione aperta richiede che tutti i dati siano pubblici.
Questo impatta significativamente la privacy dei nostri utenti, perché
consente a chiunque di estrarre una lista di tutti gli indirizzi email.</li>
        <li>I server mantenuti per hobby dagli amministratori amatoriali non raggiungono i nostri standard di performance e affidabilità.</li>
    </ol>
<h3 id="non-email-uids"><a href="#non-email-uids">Perché non c'è supporto
per le identità che non sono indirizzi email?</a></h3>
    <p>Richiediamo il consenso esplicito per distribuire le informazioni identificative.
Le identità che non sono indirizzi email, come immagini o URL di siti web, non offrono alcun modo pratico per chiedere questo consenso.</p>
    <p>Nota: Alcuni software OpenPGP creano chiavi con email formattati incorrettamente. Questi indirizzi potrebbero non essere riconosciuti correttamente su <span class="brand">keys.openpgp.org</span>.</p>
    <h3 id="verify-multiple"><a href="#verify-multiple">Posso verificare più
di una chiave per alcuni indirizzi email?</a></h3>
    <p>Un indirizzo email può essere associato solo con una singola chiave.
Quando un indirizzo è verificato per una nuova chiave,
non appare più in nessuna chiave per cui era stato precedentemente verificato.
Le<a href="/about">informazioni non identificative</a> vengono comunque distribuite per tutte le chiavi.</p>
    <p>Questo significa che una ricerca per indirizzo email
restituirà una sola chiave,
non diversi candidati.
Questo elimina una scelta impossibile per l'utente
("Quale chiave è quella giusta?"),
e rende la ricerca delle chiavi per email molto più semplice.</p>
    <h3 id="email-protection"><a href="#email-protection">Cosa fare per
proteggere le email di verifica in uscita?</a></h3>
    <p>Usiamo uno standard moderno chiamato
<a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a>,
oltre a 
<a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a>
della EFF,
per essere sicuri che le mail di verifica siano inviate in maniera sicura.
Questo protegge dalle intercettazioni durante la consegna.</p>
    <p>Il meccanismo MTA-STS dipende dalla corretta configurazione dei server email.
Puoi <a href="https://www.hardenize.com/">eseguire questo test</a>
per vedere se il tuo provider email lo supporta.
Se la voce "MTA-STS" sulla sinistra non è una spunta verde,
chiedi al tuo provider di aggiornare la sua configurazione.</p>
    <h3 id="third-party-signatures"><a href="#third-party-signatures">
Distribuite "firme di terze parti"?</a></h3>
    <p>In sintesi: No.</p>
    <p>Una "firma di terza parte" è una firma su una chiave
che è stata fatta con una qualche altra chiave.
Più comunemente,
queste sono firme prodotte quando si "firma la chiave di qualcuno",
che è la base per
la "<a href="https://en.wikipedia.org/wiki/Web_of_trust" target="_blank">Rete della Fiducia</a>".
Per svariate ragioni,
queste firme non vengono attualmente distribuite
da <span class="brand">keys.openpgp.org</span>.</p>
    <p>La ragione principale è lo <strong>spam</strong>.
Le firme di terze parti consentono di allegare dati a piacere alla chiave di chiunque,
e niente impedisce a un utente malintenzionato di
allegare così tanti megabyte di ciarpame a una chiave
da renderla praticamente inutilizzabile.
Anche peggio,
potrebbero allegare contenuto offensivo o illegale.</p>
    <p>Ci sono delle idee per risolvere questo problema.
Per esempio, le firme potrebbero essere distribuite con la chiave del firmatario,
invece che del firmato.
In alternativa, potremmo richiedere
una firma incrociata dal firmatario prima della distribuzione
per supportare un
flusso <a href="https://wiki.debian.org/caff" target="_blank">a-la-caff</a>.
Se c'è abbastanza interesse,
siamo aperti a lavorare con gli altri progetti OpenPGP
ad una soluzione.</p>
    <h3 id="no-sign-verified"><a href="#no-sign-verified">Perché non firmare le chiavi
dopo la verifica?</a></h3>
    <p>Il servizio <span class="brand">keys.openpgp.org</span>è mirato a distribuire
e far reperire le chiavi, non ad essere una Certification Authority de facto. 
Le implementazioni dei client che vogliono offrire una comunicazione verificata dovrebbero
fare affidamento sul loro modello di fiducia.</p>
    <h3 id="revoked-uids"><a href="#revoked-uids">Perché le identità revocate non sono distribuite come tali?</a></h3>
    <p>Quando una chiave OpenPGP segnala una delle sue identità come revocata, questa
identità non dovrebbe essere più ritenuta valida per la chiave, e questa
informazione dovrebbe essere idealmente distribuita a tutti i client OpenPGP che
conoscono già l'identità appena revocata.</p>
    <p>Sfortunatamente, attualmente non c'è un buon modo di distribuire le revoche
che non riveli anche l'identità revocata stessa. Non vogliamo
distribuire le identità revocate, quindi non possiamo distribuire l'identità affatto.</p>
    <p>Ci sono delle soluzioni proposte per questo problema, che consentono la distribuzione
delle revoche senza rivelare anche l'identità stessa. Ma finora
non c'è stata nessuna specifica finale, o supporto in alcun software OpenPGP. 
Speriamo che una soluzione sia individuata nell'immediato futuro, e
aggiungeremo il supporto su <span class="brand">keys.openpgp.org</span> appena possibile.</p>
    <h3 id="search-substring"><a href="#search-substring">Perché non è possibile cercare per solo una parte di indirizzo email, per esempio solo il dominio?</a></h3>
    <p>Alcuni keyserver supportano la ricerca di chiavi per parte di indirizzo email.
Questo consente di reperire non solo le chiavi, ma anche gli indirizzi, con una query del tipo "chiavi per indirizzi chiocciola gmail punto com".
Questo pone a tutti gli effetti gl iindirizzi di tutte le chiavi su quei keyserver in una lista pubblica.</p>
    <p>Una ricerca per indirizzo email su <span class="brand">keys.openpgp.org</span> restituisce una chiave solo se corrisponde esattamente all'indirizzo inserito.
In questo modo, un utente normale può reperire le chiavi associate con qualsiasi indirizzo conoscano già, ma non possono scoprire alcun nuovo indirizzo email.
Questo previene agli utenti malintenzionati o agli spammer di ottenere facilmente una lista di tutti gli indirizzi email presenti nel server.</p>
    <p>Abbiamo resto questa restrizione parte della nostra <a href="/about/privacy">privacy policy</a>,
il che vuol dire che non la cambieremo senza chiedere esplicito consenso agli utenti.</p>
    <h3 id="tor"><a href="#tor">Supportate Tor?</a></h3>
    <p>Certo!
Se hai Tor installato,
puoi raggiungere <span class="brand">keys.openpgp.org</span> anonimamente come un <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">servizio onion</a>:
<br><a href="http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion">zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</a></p>
    <h3 id="encrypt-verification-emails"><a href="#encrypt-verification-emails">Perché non cifrare le mail di verifica?</a></h3>
    Diversi motivi:
    <ol>
<li>È più complicato, sia per i nostri utenti che per noi.</li>
        <li>Non previene gli attacchi - un attaccante non ha alcun beneficio dal
caricare una chiave a cui non hanno accesso.</li>
        <li>La cancellazione dovrebbe restare possibile anche quando una chaive è
persa.</li>
        <li>Richiederebbe un meccanismo diverso (e più complesso) per
caricare chiavi abilitate solo alla firma.</li>
    </ol>
<h3 id="older-gnupg"><a href="#older-gnupg">
Sto avendo dei problemi ad aggiornare alcune chiavi con GnuPG. C'è un bug?
</a></h3>
    <p>È un problema con le attuali versioni di GnuPG. Se provi a 
aggiornare una chiave da <span class="brand">keys.openpgp.org</span> che
non contiene <a href="/about">informazioni identificative</a>, GnupG si rifiuterà
di gestire la chiave:</p>
    <blockquote>$ gpg --receive-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key EB85BB5FA33A75E15E944E63F231550C4F47E38E: no user ID</blockquote>
    <p>Stiamo lavorando con il team GnuPG per risolvere questo problema.</p>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">About</a> | <a href="/about/news">Novità</a> | <a href="/about/usage">Guida all'uso</a> | <a href="/about/faq">FAQ</a> | Statistiche | <a href="/about/privacy">Privacy</a>
</h2></center>
    <h3>Indirizzi email verificati</h3>
    <p>Una semplice statistica del numero totali di indirizzi email che sono attualmente verificati. 📈</p>
    <p>
      </p>
<center><img src="/about/stats/month.png"></center>
    
    <p>
      </p>
<center><img src="/about/stats/year.png"></center>
    
    <h3>Carico medio</h3>
    <p>Il "carico medio" di un server è una statistica di quanto è impegnato. In sintesi:</p>
<ul>
<li>0.0 significa che l'host <span class="brand">keys.openpgp.org</span> è completamente scarico.</li>
        <li>1.0 è abbastanza carico</li>
        <li>4.0 e oltre significa che va a fuoco 🔥</li>
      </ul>
<p>
      </p>
<center><img src="/about/stats/load_week.png"></center>
    
</div>
							
							
							
						
@@ -1,141 +0,0 @@
<div class="about usage">
    <center><h2>
<a href="/about">About</a> | <a href="/about/news">Novità</a> | Guida all'uso | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistiche</a> | <a href="/about/privacy">Privacy</a>
</h2></center>
    <p>In questa pagina abbiamo raccolto le informazioni su come usare
<span class="brand">keys.openpgp.org</span> con diversi prodotti
software OpenPGP.<br>
Ne stiamo ancora aggiungendo altri. Se ne manca uno, puoi
scriverci e proveremo ad aggiungerlo.</p>
    <h2>
        <div><img src="/assets/img/enigmail.svg"></div>
        Enigmail
    </h2>
    <p><a href="https://enigmail.net" target="_blank">Enigmail</a> per Thunderbird
        usa <span class="brand">keys.openpgp.org</span> di default dalla
        versione 2.0.12.</p>
    <p>Pieno supporto è disponibile da Enigmail 2.1
(per <a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> o più recente):</p>
<ul>
<li>Le chiavi saranno aggiornate automaticamente.</li>
            <li>Durante la creazione delle chiavi, puoi caricare e verificare la tua chiave.</li>
            <li>Le chiavi possono essere cercate per indirizzo email.</li>
        </ul>
<h2>
        <div><img src="/assets/img/gpgtools.png"></div>
        GPG Suite
    </h2>
    <p><a href="https://gpgtools.org/">GPG Suite</a> per macOS
usa <span class="brand">keys.openpgp.org</span> di default
da Agosto 2019.</p>
    <h2>
        <div><img src="/assets/img/openkeychain.svg"></div>
        OpenKeychain
    </h2>
    <p><a href="https://www.openkeychain.org/">OpenKeychain</a> per Android
usa <span class="brand">keys.openpgp.org</span> di default
da Luglio 2019.</p>
<ul>
<li>Le chiavi saranno aggiornate automaticamente.</li>
            <li>Le chiavi possono essere cercate per indirizzo email.</li>
        </ul>
<p>Nota che non c'è alcun supporto predisposto per il caricamento e la verifica degli indirizzi email per ora.</p>
    <h2>
        <div><img src="/assets/img/pignus.png"></div>
        Pignus
    </h2>
    <p><a href="https://www.frobese.de/pignus/">Pignus</a> per iOS
usa <span class="brand">keys.openpgp.org</span> di default
da Novembre 2019.</p>
<ul>
<li>Le tue chiavi possono essere caricate in qualsiasi momento.</li>
            <li>Le chiavi possono essere cercate per indirizzo email.</li>
        </ul>
<h2>
        <div><img src="/assets/img/gnupg.svg"></div>
        GnuPG
    </h2>
    <p>Per configurare <a href="https://gnupg.org">GnuPG</a>
per usare <span class="brand">keys.openpgp.org</span> come keyserver,
aggiungi questa riga al tuo file <tt>gpg.conf</tt>:</p>
<blockquote>keyserver hkps://keys.openpgp.org</blockquote>
    
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">Reperire una chiave</a></h4>
    <ul>
<li>Per trovare la chiave di un utente, per indirizzo email:<blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>Per rinnovare tutte le tue chiavi (ossia nuovi certificati di revoca e sottochiavi):<blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
<h4 id="gnupg-upload"><a href="#gnupg-upload">Caricare la tua chiave</a></h4>
    <p>Le chiavi possono essere caricate con il comando <tt>--send-keys</tt> di GnuPG, ma
le informazioni identificative non possono essere verificate in questo modo per rendere la chiave
ricercabile per indirizzo email (<a href="/about">Cosa vuol dire?</a>)</p>
    <ul>
<li>Puoi provare questa scorciatoia per caricare la tua chaive, che restituisce
un link diretto alla pagina di verifica:<blockquote>gpg --export your_address@example.net | curl -T - {{ base_uri }}</blockquote>
        </li>
        <li>In alternativa, puoi esportarle in un file
e selezionare quel file nella pagina di <a href="/upload" target="_blank">caricamento</a>:<blockquote>gpg --export your_address@example.net &gt; my_key.pub</blockquote>
        </li>
    </ul>
<h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">Risoluzione dei problemi</a></h4>
    <ul>
<li>Alcuni vecchi file <tt>~/gnupg/dirmngr.conf</tt> contengono una linea come questa:<blockquote>hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem</blockquote>
            <p>Questa configurazione non è più necessaria,
ma impedisce il funzionamento dei normali certificati.
Si raccomanda di rimuovere semplicemente questa linea dalla configurazione.</p>
        </li>
        <li>Mentre rinnovi le chiavi, potresti vedere errori come questi:<blockquote>gpg: key A2604867523C7ED8: no user ID</blockquote>
            Questo è un <a href="https://dev.gnupg.org/T4393" target="_blank">problema noto in GnuPG</a>.
Stiamo lavorando con il team GnuPG per risolvere questo problema.
        </li>
    </ul>
<h4 id="gnupg-tor"><a href="#gnupg-tor">Uso tramite Tor</a></h4>
    <p>Per gli utenti che vogliono prendere precauzioni aggiuntive, <span class="brand">keys.openpgp.org</span> può essere raggiunto anonimamente come un
<a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">servizio onion</a>.
Se hai
<a href="https://www.torproject.org/" target="_blank">Tor</a>
installato, puoi usare la seguente configurazione:</p>
<blockquote>keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</blockquote>
    
    <h2 style="padding-left: 3%;" id="wkd-as-a-service"><a style="color: #050505;" href="#wkd-as-a-service">WKD as a Service</a></h2>
    <p>Il Web Key Directory (WKD) è uno standard per la ricerca delle chiavi OpenPGP per indirizzo email, tramite il dominio della email.
Viene usato per cercare le chiavi sconosciute in alcuni client email, come <a href="https://www.gpg4win.de/about.html" target="_blank">GpgOL</a>.</p>
<p><span class="brand">keys.openpgp.org</span> può essere usato come un servizio WKD gestito per un qualsiasi dominio.
Per farlo, al dominio serve semplicemente una voce <tt>CNAME</tt> che deleghi il suo sotto-dominio <tt>openpgpkey</tt> a <tt>wkd.keys.openpgp.org</tt>.Dovrebbe essere possibile farlo nell'interfaccia web dell'host del DNS.</p>
<p>Una volta abilitato per il dominio, l'indirizzo verificato sarà automaticamente disponibile per la ricerca tramite WKD.</p>
<p>La voce <tt>CNAME</tt> dovrebbe assomigliare a questa:</p>
<blockquote>$ drill openpgpkey.example.org<br>
...<br>
openpgpkey.example.org.       300     IN      CNAME   wkd.keys.openpgp.org.</blockquote>
    <p>C'è un pratico indicatore per verificare lo stato del servizio:</p>
<blockquote>$ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>
        CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>
</blockquote>
    <p>Per provare la ricerca delle chiavi:</p>
<blockquote>$ gpg --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org<br>
</blockquote>
    <h2 style="margin-left: 3%;">API</h2>
    <p>Offriamo una API con supporto integrato per le applicazioni OpenPGP.
Visita
la nostra <a href="/about/api">documentazione API</a>.</p>
    <h2 style="margin-left: 3%;">Altri</h2>
    <p>Manca una guida per la tua implementazione preferita? Questo sito è un work-in-progress, e vogliamo migliorarlo. Scrivici a <span class="email">support chiocciola keys punto openpgp punto org</span> se vuoi darci una mano!</p>
</div>
							
							
							
						
@@ -1,30 +0,0 @@
<div class="about">
    <center><h2>서비스 소개 | <a href="/about/news">새 소식</a> | <a href="/about/usage">사용 안내</a> | <a href="/about/faq">자주 묻는 질문</a> | <a href="/about/stats">통계</a> | <a href="/about/privacy">개인 정보 보호</a>
</h2></center>
    <p><span class="brand">keys.openpgp.org</span> 서비스는 OpenPGP 호환 키의 배포와 발견을 위한 공공 키서버입니다.</p>
    <p><strong>사용 방법에 대해선 <a href="/about/usage">사용 안내서</a>를 읽어보세요.</strong></p>
    <h3>어떻게 돌아가나요?</h3>
    <p>OpenPGP 키는 두 종류의 정보를 담고 있습니다:</p>
    <ul>
<li>
<strong>명의 정보</strong>는 해당 키의 주인을 명시하는 "사용자 ID" 부분을 뜻합니다. 사용자 ID는 이름과 전자 메일 주소를 포함합니다.</li>
        <li>
<strong>비-명의 정보</strong>는 키 그 자체에 대한 기술적인 부분을 뜻합니다. 비-명의 정보는 서명 검증이나 정보 암호화에 쓰이는 굉장히 큰 소수라든가 하는 핵심 정보와 키 생성 날짜, 만료일, 폐기 여부 등등의 메타데이터를 담고 있습니다.</li>
    </ul>
<p>전통적으로, 이 둘은 항상 함께 배포되곤 했습니다. 하지만 <span class="brand">keys.openpgp.org</span>에서는 이 둘이 서로 다르게 처리됩니다. 어떤 OpenPGP 키든 누구나 <span class="brand">keys.openpgp.org</span>에 올릴 수 있긴 하지만, 본 키서버는 다음 조건이 맞는다는 가정 하에 매우 특정한 정보만을 저장하고 공개합니다:</p>
    <p><strong>비-명의 정보</strong> 부분은 암호학적 무결성 검증을 통과한다면 제한 없이 저장되고 배포됩니다. 이 기술적인 정보 부분은 개개인을 특정할 수 없기 때문에, 누구든 이 정보를 언제든 내려받을 수 있습니다. 잘 구현된 OpenPGP 소프트웨어는 보유한 키 정보를 최신으로 유지하기 위해 얼마든지 <span class="brand">keys.openpgp.org</span> 서비스를 이용할 수 있습니다. 이를 통해 OpenPGP 사용자는 소통의 보안과 안정성을 유지할 수 있습니다.</p>
    <p>OpenPGP 키 안에 포함된 <strong>명의 정보</strong> 부분은 명시적인 동의가 이뤄진 경우에 한해서 배포됩니다. 명의 정보 부분은 암호화나 서명 검증에 반드시 필요한 것도 아닐 뿐더러, 당연하게도 개인 정보에 해당하기 때문이죠. 키 소유주가 전자 메일 주소를 인증하고 공개에 명시적인 동의를 표해야 비로소 해당 키를 주소로 찾을 수 있게 됩니다.</p>
    <h3 id="community">커뮤니티와 플랫폼</h3>
    <p>이 서비스는 커뮤니티 공동의 노력으로 운영하고 있습니다. Freenode IRC 서버의 #hagrid 채널에 찾아오세요. Matrix의 #hagrid:stratum0.org에서도 우리를 만나실 수 있습니다. 물론 <tt>support 골뱅이 keys 닷 openpgp 닷 org</tt>로 전자 메일을 보내셔도 됩니다. 이 서비스는 Sequoia-PGP, OpenKeychain, 그리고 Enigmail 같은, OpenPGP 생태계를 이루는 다양한 프로젝트 출신들이 모여서 운영합니다.</p>
    <p>기술적인 부분에서 말씀드리자면, <span class="brand">keys.openpgp.org</span> 서비스는 <a href="https://sequoia-pgp.org">Sequoia-PGP</a> 기반의 <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a> 키서버 소프트웨어로 동작합니다. 서버의 경우에는 <a href="https://greenhost.net/" target="_blank">Greenhost</a>가 관리하는 자유 인터넷 프로젝트 중심 호스팅 플랫폼 <a href="https://eclips.is" target="_blank">eclips.is</a>에서 제공합니다.</p>
</div>
							
							
							
						
@@ -1,105 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">서비스 소개</a> | <a href="/about/news">새 소식</a> | <a href="/about/usage">사용 안내</a> | 자주 묻는 질문 | <a href="/about/stats">통계</a> | <a href="/about/privacy">개인 정보 보호</a>
</h2></center>
    <p><strong>사용 방법에 대해선 <a href="/about/usage">사용 안내서</a>를 읽어보세요.</strong></p>
    <h3 id="sks-pool"><a href="#sks-pool">이 서버가 "SKS" 풀에 포함돼 있나요?</a></h3>
    <p>아니요. SKS 풀이 채택한 연합 모델은 안정성, 악용 방지, 개인 정보 보호, 사용성 등의 부분에서 많은 문제를 안고 있습니다. <span class="brand">keys.openpgp.org</span> 서비스도 언젠가는 그 비슷한 걸 할 지도 모르지만, 직접적으로 SKS 풀의 일부가 되는 일은 절대 없을 겁니다.</p>
    <h3 id="federation"><a href="#federation">keys.openpgp.org 서비스는 현재 연합의 일부인가요? 인스턴스 운영 등의 도움은 필요없나요?</a></h3>
    <p>지금 당장은 아닙니다. 물론 미래에는 <span class="brand">keys.openpgp.org</span> 서비스를 완전히 분산화할 계획이긴 합니다. 이를 통해 독립적인 운영 주체들이 다수의 서버를 각각 운영함으로써 서비스의 안정성을 더 끌어올릴 수 있길 기대하고 있습니다.</p>
    <p>몇몇 사람들이 "Hagrid 서버 인스턴스 운영"을 통해 우리를 돕겠다고 연락해오긴 했습니다. 이러한 의사를 밝혀주신 건 고맙지만, SKS처럼 누구나 인스턴스를 운영함으로써 "풀"에 참여할 수 있는 "열린" 연합 모델은 절대 우리가 원하는 게 아니에요. 두 가지 이유가 있습니다:</p>
    <ol>
<li>누구나 참여 가능한 연합 모델은 필연적으로 모든 데이터가 공개되어야 가능합니다. 이렇게 활짝 열려있다면 누구든 전자 메일 주소 데이터에 손쉽게 접근할 수 있고, 당연히 사용자의 개인 정보 보호에 큰 지장을 줄 수밖에 없지요.</li>
        <li>일반적인 지식을 가진 "캐주얼한" 관리자가 취미로 운영하는 서버 수준으로는 우리가 필요로 하는 안정성과 성능 기준을 달성하기 힘듭니다.</li>
    </ol>
<h3 id="non-email-uids"><a href="#non-email-uids">왜 전자 메일 주소 이외의 명의 정보는 지원하지 않나요?</a></h3>
    <p>우리는 명의 정보의 배포에 앞서 명시적인 동의를 받고 있습니다. 사진이나 웹 사이트 URL 같은, 전자 메일 주소가 아닌 명의 정보로는 이러한 동의를 받는 것 자체가 매우 힘듭니다.</p>
    <p>참고하세요: 어떤 OpenPGP 소프트웨어는 올바르지 않은 형식의 전자 메일 주소를 담은 키를 생성하기도 합니다. <span class="brand">keys.openpgp.org</span> 서비스는 이러한 주소를 인식하지 못할 수도 있습니다.</p>
    <h3 id="verify-multiple"><a href="#verify-multiple">하나의 전자 메일 주소에 대해 키 여러 개를 인증할 수 있나요?</a></h3>
    <p>하나의 전자 메일 주소는 오로지 하나의 키에 대해서만 엮을 수 있습니다. 만약 어떤 전자 메일 주소가 새 키에 대해 인증된다면, 과거에 이 주소로 인증됐던 모든 키와의 연계가 해제될 거예요. 물론 <a href="/about">비-명의 정보</a>는 모든 키에 대해 여전히 공개됩니다.</p>
    <p>이게 무슨 얘기냐 하면, 어떤 전자 메일 주소로 키를 찾으면 무조건 단 하나의 키만 나온다는 거예요. 이렇게 함으로써, 사용자가 스스로는 절대 답변 불가능한 "도대체 어떤 키가 맞는 걸까?"와 같은 의문점을 아예 원천 차단하고, 전자 메일 주소로 키를 찾는 과정이 훨씬 편해지는 거죠.</p>
    <h3 id="email-protection"><a href="#email-protection">이 서비스가 전자 메일을 발신할 때는 어떤 종류의 보호 수단을 적용하고 있나요?</a></h3>
    <p>우리는 <a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a>라는 최신 표준과 EFF의 <a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a> 프로젝트 둘 다를 이용해 인증 전자 메일이 안전하게 발송될 수 있도록 노력합니다. 이렇게 함으로써 전송 과정에서의 도청이나 개입을 방지할 수 있죠.</p>
    <p>MTA-STS 방식은 수신자의 전자 메일 서비스 제공자가 이 방식을 지원할 때만 제대로 동작합니다. 수신자의 전자 메일 서비스 제공자가 MTA-STS 방식을 지원하지 않으면, 전자 메일은 그냥 기존처럼 별다른 추가 보호 없이 전송돼요. 내 전자 메일 서비스 제공자가 이 방식을 제대로 지원하고 있는지 여부는 <a href="https://www.hardenize.com/">여기서 테스트해볼</a> 수 있습니다. 만약 왼쪽 목록에서 "MTA-STS" 항목에 녹색 체크 마크가 없다면, 내 전자 메일 서비스 제공자에게 연락해서 설정을 바꿔 달라고 요청해보세요.</p>
    <h3 id="third-party-signatures"><a href="#third-party-signatures">혹시 "제삼자 서명"도 배포하나요?</a></h3>
    <p>한 줄 요약: 아뇨.</p>
    <p>"제삼자 서명"이라 함은 다른 누군가의 키가 내 키에 남긴 서명을 뜻합니다. 대개의 경우 "제삼자 서명"이란 누군가가 "다른 사람의 키를 서명"하면 만들어지는 것으로, 원래 이를 통해서 "<a href="https://en.wikipedia.org/wiki/Web_of_trust" target="_blank">신뢰 그물망</a>"을 구성하곤 했습니다. 하지만 몇몇 문제점으로 인해서 <span class="brand">keys.openpgp.org</span> 서비스는 현재 제삼자 서명을 배포하지 않습니다.</p>
    <p>제일 큰 문제는 <strong>스팸</strong>입니다. 제삼자 서명은 어떤 키에 대해 임의의 데이터를 갖다붙일 수 있게 하는데, 이를 통해서 악의적인 누군가가 키에 수 메가바이트 이상의 쓰레기 정보를 이어붙여서 키 자체를 못쓸 것으로 만들어버릴 수가 있습니다. 한 술 더 떠서, 키에 모욕적이거나 법에 저촉되는 내용을 달아버리는 것도 가능하죠.</p>
    <p>이 문제를 해결하고자 여러 대안이 제시됐습니다. 개중 하나를 예로 들자면, 기존에는 서명된 키의 주인이 배포하던 제삼자 서명을 서명한 본인이 배포하도록 하는 게 있겠네요. 또는, <a href="https://wiki.debian.org/caff" target="_blank">caff식</a> 서명 절차처럼 서명자와 서명되는 키 주인 서로가 서로의 키를 상호 서명한 경우에 한해 배포를 허용하는 것도 한 방법이고요. 추후 이 주제에 대해 충분한 관심이 생긴다면, 다른 OpenPGP 프로젝트와 연계하여 해결 방안을 강구할 용의도 있습니다.</p>
    <h3 id="no-sign-verified"><a href="#no-sign-verified">왜 인증 후에 키를 서명해주지 않나요?</a></h3>
    <p><span class="brand">keys.openpgp.org</span> 서비스는 키 배포와 발견에 중점을 두고 있지, 사실상의 인증 기관으로 행세하려는 게 아니에요. 상호 검증된 참여자끼리의 통신을 필요로 하는 클라이언트 구현체는 스스로의 신뢰 모델을 만들어 쓰기를 권장합니다.</p>
    <h3 id="revoked-uids"><a href="#revoked-uids">왜 폐기된 명의는 배포가 중지되나요?</a></h3>
    <p>어떤 OpenPGP 키에 들어있는 명의 중 하나가 폐기된다면, 그 순간부터 이 명의는 해당 키에 대해 '올바르지 않은 것'으로 간주됩니다. 그리고, 이상적으로는, 기존에 이 명의를 알고 있던 모든 OpenPGP 클라이언트가 폐기 사실에 대해 전달받아야 하고요.</p>
    <p>애석하게도, 폐기된 명의를 공개하지 않으면서 동시에 폐기 사실을 널리 알릴수 있는 그런 방법이 아직까지는 없습니다. 폐기된 명의를 배포하는 건 지양하고 싶기에, 그 명의 자체를 공개할 수는 없는 거죠.</p>
    <p>일단, 폐기된 명의 그 자체를 공개하지는 않으면서 폐기 사실을 배포 가능하게끔 제안된 방법이 몇 가지가 있긴 합니다. 문제는, 아직 확정된 명세서가 존재하는 것도 아니고, 이걸 지원하는 OpenPGP 소프트웨어가 하나도 없다는 거예요. 우리도 이게 근시일 내에 확정되길 원합니다. 확정만 되면 <span class="brand">keys.openpgp.org</span> 서비스에 그 지원을 추가할 거고요.</p>
    <h3 id="search-substring"><a href="#search-substring">왜 도메인 같은 전자 메일 주소의 일부분으로는 키 찾기가 안 되나요?</a></h3>
    <p>일부 키서버는 전자 메일 주소의 일부분만으로도 키를 찾을 수 있게 허용합니다. 그런데 말이죠, 이게 허용되면 키만 찾을 수 있는 게 아니라, "gmail 닷 com으로 끝나는 전자 메일 주소를 가진 키를 찾기"와 같이 임의의 전자 메일 주소를 대량으로 찾을 수 있게 하는 거거든요. 아예 모든 전자 메일 주소를 대놓고 공개하는 것과 진배없는 겁니다.</p>
    <p><span class="brand">keys.openpgp.org</span> 서비스는 완전한 전자 메일 주소에 해당하는 키 단 하나만을 반환하게 만들어졌습니다. 이렇게 하면 사용자는 이미 알고 있는 전자 메일 주소에 대한 키를 손쉽게 찾을 수는 있지만, 완전히 새로운 전자 메일 주소를 찾아내는 건 할 수 없지요. 이를 통해 스패머나 악의적인 사용자가 서버에 담긴 모든 전자 메일 주소의 목록을 뽑아내는 걸 방지합니다.</p>
    <p>이건 <a href="/about/privacy">개인 정보 보호 정책</a>의 일부이기 때문에, 사용자 동의 없이 우리가 멋대로 이 설계를 고칠 수는 없습니다.</p>
    <h3 id="tor"><a href="#tor">Tor 지원하세요?</a></h3>
    <p>물론이죠! 이미 Tor를 설치했다면 다음 주소로 <span class="brand">keys.openpgp.org</span> <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion 서비스</a>에 익명 접속이 가능합니다:<br><a href="http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion">zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</a></p>
    <h3 id="encrypt-verification-emails"><a href="#encrypt-verification-emails">왜 인증 전자 메일은 암호화하지 않나요?</a></h3>
    이유야 많죠:
    <ol>
<li>사용자 입장에서나 우리 입장에서나 이게 간단한 게 아니에요.</li>
        <li>이런다고 공격을 방지하지는 못합니다. (그런데 사실 공격자는 소유권이 없는 키를 올려서 얻는 게 하나도 없습니다.)</li>
        <li>사용자가 키를 분실하더라도 주소 지우기는 가능해야 합니다.</li>
        <li>오로지 서명만 가능한 키를 올리는 경우에는 별도의 인증 절차가 필요할 테고, 이러면 상황이 복잡해집니다.</li>
    </ol>
<h3 id="older-gnupg"><a href="#older-gnupg">GnuPG를 쓰는데요, 몇몇 키는 갱신이 안 되네요? 버그인가요?</a></h3>
    <p>GnuPG는 명의 정보가 없는 키를 올바르지 않은 키로 취급하여 가져오기 등의 처리를 거부합니다. 그런데, <a href="/about">인증된 전자 메일 주소</a>가 없는 키라 할지라도 아직 유용한 정보는 담고있기 마련이거든요. 예를 들자면, 키가 폐기됐는지 아닌지 여부는 여전히 확인 가능하다 이겁니다.</p>
    <p>2019년 6월에 <span class="brand">keys.openpgp.org</span> 팀은 GnuPG가 명의 정보 없는 키 역시 처리를 제대로 하도록 수정하는 패치를 준비했습니다. 이 패치는 곧바로 Debian, Fedora, NixOS 등의 배포판에 내장된 GnuPG와 macOS용 GPG Suite에 적용됐지요.</p>
    <p>2020년 3월, GnuPG 팀은 이 패치를 승인하길 거부하고, 이 문제를 "고치지 않겠다(wontfix)"고 선언했습니다. 이 말인즉슨, <strong>패치가 적용되지 않은 GnuPG 버전은 앞으로도 <span class="brand">keys.openpgp.org</span> 키서버에서 전자 메일 주소가 포함되지 않은 키를 받아올 수 없다</strong>는 거죠. 이 문제에 대한 지금까지의 논의사항은 GnuPG 버그 트래커의 <a href="https://dev.gnupg.org/T4393#133689">T4393번 티켓</a>에서 볼 수 있습니다.</p>
    <p>내 GnuPG가 이 문제를 겪는지 안 겪는지 아래 방법으로 알아봅시다.</p>
    <blockquote>
<span style="font-size: larger;">테스트 키 가져오기:</span><br><br>
      $ curl https://keys.openpgp.org/assets/uid-test.pub.asc | gpg --import<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" imported<br>
      gpg: Total number processed: 1<br>
      gpg:               imported: 1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">패치가 적용됐다면, 로컬에서 이미 알고 있는 키에 대해 갱신을 시도합니다:</span><br><br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" not changed<br>
      gpg: Total number processed: 1<br>
      gpg:              unchanged: 1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">패치가 적용 안 됐다면, 명의 정보 없는 키는 여전히 처리가 거부될 겁니다:</span><br><br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key EB85BB5FA33A75E15E944E63F231550C4F47E38E: no user ID<br>
</blockquote>
</div>
							
							
							
						
@@ -1,101 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">서비스 소개</a> | 새 소식 | <a href="/about/usage">사용 안내</a> | <a href="/about/faq">자주 묻는 질문</a> | <a href="/about/stats">통계</a> | <a href="/about/privacy">개인 정보 보호</a>
</h2></center>
    <h2 id="2019-11-12-celebrating-100k">
      <div style="float: right; font-size: small; line-height: 2em;">2019-11-12 📅</div>
      <a style="color: black;" href="/about/news#2019-11-12-celebrating-100k">주소 인증 100,000건을 달성했습니다! 📈</a>
    </h2>
    <p>서비스를 개시한 지 불과 5개월만에, 오늘 우리는 하나의 마일스톤을 달성했습니다:</p>
<center style="margin-top: 2em; margin-bottom: 2em;">
<img src="/assets/img/stats-addresses-2019-11-12.png" style="padding: 1px; border: 1px solid gray;"><br><strong>무려 십만 개의 전자 메일 주소가 인증됐습니다!</strong>
</center>
    <p>이 서비스를 사용해주셔서 고맙습니다! 특히 사용자 의견 투고나 번역 제공, 소스 코드 기여 등의 도움을 주신 분들이 계신 것에 대단히 고마움을 느낍니다.</p>
<p>그간 우리가 준비한 것 몇 개를 알려드립니다:</p>
<ul>
<li>이 새 소식 페이지는 이제 <strong><a target="_blank" href="/atom.xml">ATOM 피드<img src="/assets/img/atom.svg" style="height: 0.8em;"></a></strong>로도 제공됩니다.</li>
        <li>사용자의 개인 정보를 더 효과적으로 보호할 수 있는 <strong><a target="_blank" href="https://gitlab.com/keys.openpgp.org/hagrid/issues/131">새로운 키 갱신 방식</a></strong>을 고려 중입니다.</li>
        <li>
<strong>현지화 작업</strong>에 전력 집중하고 있습니다! 곧 이 서비스를 몇몇 언어로 제공할 수 있길 기대합니다.</li>
    </ul>
<p>만약 여러분의 언어로 <span class="brand">keys.openpgp.org</span> 서비스가 제공되길 원한다면 Transifex <a target="_blank" href="https://www.transifex.com/otf/hagrid/">번역 팀에 참여하세요</a>. 지금 당장은 <strong>러시아어</strong>, <strong>이탈리아어</strong>, <strong>폴란드어</strong>와 <strong>네덜란드어</strong> 번역에 특히 도움이 필요합니다.</p>
<p>이상으로 현재 상황을 짧게 알려드렸습니다! <span style="font-size: x-large;">👍️</span></p>
<hr style="margin-top: 2em; margin-bottom: 2em;">
<h2 id="2019-09-12-three-months-later">
      <div style="float: right; font-size: small; line-height: 2em;">2019-09-12 📅</div>
      <a style="color: black;" href="/about/news#2019-09-12-three-months-later">서비스 개시 후 3개월이 지났습니다 ✨</a>
    </h2>
    <p>우리가 <span class="brand">keys.openpgp.org</span> <a href="/about/news#2019-06-12-launch">서비스를 개시</a>한 지 벌써 3개월이 지났습니다. 이에 다음 사실을 기쁘게 알려드립니다: 그야말로 대성공이에요! 🥳</p>
<h4>각종 클라이언트의 서비스 도입</h4>
    <p><span class="brand">keys.openpgp.org</span> 키서버가 사용자 사이에서 호평을 받으면서 각종 클라이언트가 우리 서비스를 도입하는 사례가 매우 빠르게 늘고 있습니다. 이제 <a href="https://gpgtools.org/" target="_blank">GPGTools</a>, <a href="https://enigmail.net/" target="_blank">Enigmail</a>, <a href="https://www.openkeychain.org/" target="_blank">OpenKeychain</a>, <a href="https://github.com/firstlookmedia/gpgsync" target="_blank">GPGSync</a>, Debian, NixOS 등이 우리 서비스를 기본 키서버로 사용합니다. 많은 튜토리얼 문서가 사용자로 하여금 우리 서비스를 사용하도록 수정되기도 했고요.</p>
<p>이 소식을 쓰는 지금 시점으로 벌써 70,000개가 넘는 전자 메일 주소가 인증됐습니다.</p>
<center style="margin-top: 2em; margin-bottom: 2em;">
<img src="/assets/img/stats-addresses-2019-09-12.png" style="padding: 1px; border: 1px solid gray;"><br><span style="font-size: smaller;">이게 잘 나가는 그래프가 아니라고 할 수 있는 사람? :)</span>
</center>
    <p>macOS용 GPGTools 팀에게 특별히 고마움의 말씀을 전합니다. GPGTools 클라이언트 안에서의 키 갱신 절차를 대단히 잘 구현한 덕분에, 클라이언트 판올림 직후 우리 키서버에서 인증된 전자 메일 주소 개수가 아주 폭발적으로 늘어났다니까요.</p>
<h4>서비스 운영은 아주 순조롭습니다</h4>
    <p>운영 측면에서는 그닥 알려드릴 만한 게 없네요. 이런 게 바로 "무소식이 희소식"인 거죠! 개시부터 지금까지 우리는 서비스 불통이 거의 없었습니다. 키 올리기 절차에서 잠깐 문제를 일으킨 버그가 딱 하나 있었고요, 사용자 지원 문의율은 아주 바람직할 정도로 낮았습니다.</p>
<p>네트워크 통행량은 대충 초당 요청 10개 선에서 머물고 있습니다. (낮시간엔 좀 더 많고, 주말엔 좀 더 적어요.) 지금까지 발송한 전자 메일은 대략 100,000통 정도 됩니다. 이 정도야 가뿐하죠.</p>
<p>운영 측면에서 자잘한 개선은 꽤 있었습니다. 대충 꼽아보자면 <a href="http://dnsviz.net/d/keys.openpgp.org/dnssec/" target="_blank">DNSSEC</a> 적용, <a href="/about/api#rate-limiting" target="_blank">API 요청량 제한</a> 적용, <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP">콘텐츠 보안 정책</a> 헤더의 영구 적용, 그리고 Tor Onion 서비스에 <a href="https://blog.torproject.org/whats-new-tor-0298" target="_blank">단일-단계</a> 모드 적용 정도가 있겠네요. 개선 사항 전체 목록은 <a href="https://gitlab.com/keys.openpgp.org/hagrid/merge_requests?scope=all&amp;utf8=%E2%9C%93&amp;state=merged" target="_blank">여기서</a> 볼 수 있습니다.</p>
<h4>MTA-STS를 통한 안전한 전자 메일 발송</h4>
    <p>이건 좀 중요하니까 따로 언급할게요. <a href="https://www.hardenize.com/blog/mta-sts">MTA-STS</a> 적용을 통해 전자 메일 발신의 보안성을 끌어올렸습니다.</p>
<p>요즘 HTTPS 적용 안 한 곳을 찾기가 힘들 정도죠. 그런데 전자 메일쪽은 완전히 상황이 다릅니다. 상당한 수의 메일 서버가 암호화 통신을 하지 않거나, 기껏 하더라도 보안성이라고는 하나도 없는 스스로 서명된 인증서로 틀어막았다거나 하는 상황이 부지기수네요. (Let's Encrypt처럼 제대로 된 것 좀 쓰지....) 뭐, 사용자 입장에서는 보안성이 좀 떨어지더라도 일단 잘 가는 게 중요하니까... 그래서 아직도 무수히 많은 전자 메일이 암호화 통신 없이 오고가나봅니다.</p>
<p>MTA-STS를 적용하면, 도메인 운영자는 자기네 전자 메일 서버가 암호화 통신을 <em>지원함을</em> (HTTPS를 통해) 안내할 수 있습니다. 이러한 서버로의 보안 통신이 연결될 수 없다면 메시지 전달은 지연되거나, 궁극적으로는 반송됩니다. 즉, 안전성을 보장할 수 없으면 메시지를 아예 전달하지 않아요.</p>
<p><span class="brand">keys.openpgp.org</span> 같은 서비스 입장에서는 이게 대단히 유용한 기술입니다. 충분히 신뢰할 수 있는 암호화 통신을 쓰지 않는다면 공격자가 중간에 인증 전자 메일을 비교적 쉽게 가로챌 수 있거든요. MTA-STS를 적용한 전자 메일 서비스 제공자에 한해서 우리는 모든 메시지가 올바른 서버에게 안전히 전달됐음을 보장할 수 있습니다.</p>
<p>내 전자 메일 서비스 제공자가 MTA-STS를 지원하는지 <a href="https://aykevl.nl/apps/mta-sts/" target="_blank">점검해보세요</a>. 만약 지원하지 않는 걸로 나타나면, 고객 지원에 연락해서 보안 수준 좀 끌어올리라고 반드시 요청하세요!</p>
<h4>아직 준비 중인 것</h4>
    <p>현재 두 가지 기능에 집중하고 있어요:</p>
<p>일단 첫째로 <strong>지역화</strong>가 있습니다. 우리는 지금까지 오로지 영어만 지원해왔는데, 대다수의 사람들은 영어를 못 하거든요. 접근성 측면에서 이걸 해결하고자 우리는 OTF의 <a href="https://www.opentech.fund/labs/localization-lab/" target="_blank">Localization Lab</a>과 협업하여 이 웹 사이트와 전자 메일 발송을 여러 언어로 가능하게끔 노력하고 있습니다.</p>
<p>둘째로는 <strong>제삼자 서명</strong>을 다시 부활시키는 겁니다. <a href="/about/faq#third-party-signatures">자주 묻는 질문에서 언급했듯</a>, 우리는 현재 스팸이나 악용 가능성의 문제 때문에 제삼자 서명을 지원하지 않고 있어요. 지금까지 대안으로 제시된 건 키 주인이 어떤 사람에게서 받은 제삼자 서명을 공개할지 직접 선택할 수 있도록 <a href="https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/20/diffs" target="_blank">상호 서명</a>을 요구하는 방안이 있겠네요. 키 주인 입장에서는 뭔가 더 귀찮겠지만, 이 방식은 현존하는 소프트웨어와도 꽤나 호환 가능하다는 것과, 서명이고 뭐고 신경 안 쓰는 사람들에게는 전혀 방해가 안 된다는 장점이 있습니다.</p>
<p>이 두 가지 기능은 이미 상당한 작업이 진행되긴 했지만 언제 공개할지는 미정입니다.</p>
<p>(<a href="/about/news#2019-06-12-launch-challenges">지난 번 소식</a>이랑 <a href="/about/faq#older-gnupg" target="_blank">자주 묻는 질문</a>에서 언급했던) GnuPG의 "<tt>no user ID</tt>" 문제 관련해서는, 이걸 해결하는 패치가 Debian과 macOS용 GPGTools에는 적용됐지만 아직 GnuPG 그 자체에는 적용이 안 됐다는 걸 알려드립니다.</p>
<p>이상입니다! 관심 가지고 지켜봐줘서 고마워요! <span style="font-size: x-large;">👋</span></p>
<hr style="margin-top: 2em; margin-bottom: 2em;">
<h2 id="2019-06-12-launch">
      <div style="float: right; font-size: small; line-height: 2em;">2019-06-12 📅</div>
      <a href="/about/news#2019-06-12-launch" style="color: black;">새로운 키서버를 발족합니다! 🚀</a>
    </h2>
    <p>오늘 우리는 <a href="https://enigmail.net" target="_blank">Enigmail</a> 팀, <a href="https://openkeychain.org" target="_blank">OpenKeychain</a> 팀, 그리고 <a href="https://sequoia-pgp.org">Sequoia PGP</a> 팀이 공동으로 준비해온 새로운 공개 OpenPGP 키서버인 <span class="brand">keys.openpgp.org</span> 서비스의 개시를 발표합니다! 만세! 🎉</p>
<h4>짧막한 소개 좀 부탁합니다!</h4>
    <ul>
<li>빠르고 안정적입니다. 요청 응답을 기다릴 필요도 없고, 서비스 불통도 없으며, 모순되는 부분도 없습니다.</li>
      <li>정확합니다. 키 찾기는 오로지 단 하나의 키만 반환하기에, 매우 쉽게 키를 발견할 수 있어요.</li>
      <li>사용자 인증을 거칩니다. 키의 명의 정보는 오로지 본인 동의가 있을 때만 공개됩니다. 반면, 비-명의 정보는 아무런 제한 없이 배포돼요.</li>
      <li>잊힐 수 있습니다. 사용자는 간단한 전자 메일 인증을 통해 개인 정보를 완전히 제거할 수 있습니다.</li>
      <li>자유 오픈 소스 (AGPLv3) 라이브러리인 <a href="https://sequoia-pgp.org" target="_blank">Sequoia PGP</a>를 기반으로, 러스트 프로그래밍 언어로 만들어졌습니다.</li>
    </ul>
    지금 당장 <a href="/upload">내 키를 올려보세요</a>!
    <h4>왜 또 새로운 키서버를 만들었나요?</h4>
    <p><span class="brand">keys.openpgp.org</span> 서비스는 현재 많은 응용 프로그램에서 기본으로 사용하는 SKS 키서버 풀에 대한 대안으로 만들어졌습니다. 이 키서버 분산 네트워크는 최근 들어 <a target="_blank" href="https://medium.com/@mdrahony/are-sks-keyservers-safe-do-we-need-them-7056b495101c">악용되고</a>, <a target="_blank" href="https://en.wikipedia.org/wiki/Key_server_(cryptographic)#Problems_with_keyservers">태생적인 성능 한계를 가졌으며</a>, <a href="http://www.openwall.com/lists/oss-security/2017/12/10/1">개인 정보 문제를 겪고 있고</a>, <a target="_blank" href="http://nongnu.13855.n7.nabble.com/SKS-apocalypse-mitigation-td228252.html">GDPR</a> 준수 여부도 도마에 올랐습니다. Kristian Fiskerstrand는 분명 <a target="_blank" href="https://blog.sumptuouscapital.com/2016/12/10-year-anniversary-for-sks-keyservers-net/">십 년이 넘는 기간 동안</a> 풀을 유지해오는 대단한 업적을 세웠습니다만, 이제는 그 개발 여력도 <a target="_blank" href="https://bitbucket.org/skskeyserver/sks-keyserver/pull-requests/60/clean-build-with-405">거의 바닥난 듯하네요</a>.</p>
<p>이제는 이러한 해묵은 문제를 해결할 신선한 접근법이 필요하다는 게 우리 생각이었죠.</p>
<h4>명의 정보와 비-명의 정보</h4>
    <p><span class="brand">keys.openpgp.org</span> 키서버는 우선 키 안에 들어있는 명의 정보와 비-명의 정보를 쪼개는 것부터 시작합니다. 자세한 사항은 <a href="/about" target="_blank">서비스 소개 페이지</a>에서 찾을 수 있지만, 일단 간단히 요약해보자면: 키의 기술적인 부분이나 폐기 여부 같은 비-명의 정보는 자유로이 배포되지만, 전자 메일 주소와 이름에 해당하는 명의 정보는 오로지 사용자 동의가 있어야 배포가 가능하고, 그 동의에 대한 철회도 언제든지 가능하다는 겁니다.</p>
<p>만약 어떤 전자 메일 주소가 새로운 키에 대해 인증되면 이 키는 기존에 해당 주소에 대해 결부돼있던 키를 대체합니다. 이렇게 함으로써 모든 전자 메일 주소는 오로지 단 하나의 키에만 엮이게 됩니다. 주소 주인은 언제나 해당 주소를 공개된 목록에서 내려버릴 수도 있고요. 사실 이렇게 되면 키 발견 측면에서 엄청난 이득이 생깁니다: 전자 메일 주소로 키를 찾았을 때 단 하나의 키만 반환된다면 오로지 이 키만이 해당 전자 메일 주소에 대해 올바르다는 뜻이 되거든요.</p>
<h4>Enigmail과 OpenKeychain이 지원합니다</h4>
    <p><span class="brand">keys.openpgp.org</span> 키서버는 곧 판올림될 Thunderbird용 <a href="https://enigmail.net" target="_blank">Enigmail</a>과 Android용 <a href="https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain&amp;hl=en">OpenKeychain</a>의 전폭적인 지원을 받습니다. 이게 무엇이냐 하면 해당 구현체 사용자들은 우리 서비스가 약속하는 빠른 응답 시간과 전자 메일 주소로의 개선된 키 찾기를 바로 누릴 수 있다는 거죠. 우리는 이 작은 한 걸음이 커뮤니티 사이의 더 큰 협력을 불러일으키길 바랍니다.</p>
<h4 id="2019-06-12-launch-challenges">현재 걸림돌로 남아있는 것</h4>
    <p>키서버 그 자체에 개인 정보 보호 기법을 녹여내는 건 아직 굉장히 생소하다고 봐야 합니다. 필연적으로, 명의 정보를 분리시키는 이 발상 자체가 몇몇 호환성 문제를 불러일으키고 있습니다. 애석하게도 말이죠.</p>
<p>대표적으로, (이 글을 쓰는 현재 2.2.16 버전인) GnuPG는 명의 정보가 없는 OpenPGP 키를 접할 경우 "no user ID" 오류를 뿜고 즉시 처리를 멈춰버립니다. 즉, (폐기 인증서 같은) 비-명의 부분이 암호학적으로 올바를지라도 처리를 거부해버리는 것이죠. 우리는 현재 이 문제를 해결하기 위해 분주히 노력하고 있습니다.</p>
<h4>앞으로의 계획</h4>
    <p>키서버 그 자체에 개인 정보 보호 기법을 녹여내는 건 매우 새로운 발상이고, 우리는 여기에 덧붙여 메타데이터 자체를 최소화할 수 있는 여러 방법을 생각 중에 있습니다. 뭐, 그래도 지금 당장은 <span class="brand">keys.openpgp.org</span> 서비스를 🐇 안정적이고 빠르게 유지하고, 🐞 추후 발생할 버그를 고쳐나가며, 👂 커뮤니티로부터 오는 <a href="/about#community">사용자 의견에 귀를 기울일 생각입니다</a>.</p>
<p>더 자세한 정보는 <a target="_blank" href="/about">서비스 소개</a> 페이지나 <a target="_blank" href="/about/faq">자주 묻는 질문</a> 페이지를 참고하세요. 지금 당장이라도 <a href="/upload" target="_blank">내 키를 올려보세요</a>! 이외에도 <a target="_blank" href="/about/api">API</a>라든가 <a target="_blank" href="/about/faq#tor">Onion 서비스</a> 같은 멋진 것들도 준비돼있으니 찬찬히 살펴보세요.</p>
<p>키서버의 미래를 위하여! <span style="font-size: x-large;">🍻</span></p>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">서비스 소개</a> | <a href="/about/news">새 소식</a> | <a href="/about/usage">사용 안내</a> | <a href="/about/faq">자주 묻는 질문</a> | 통계 | <a href="/about/privacy">개인 정보 보호</a>
</h2></center>
    <h3>전자 메일 주소 인증</h3>
    <p>📈 인증된 전자 메일 주소 개수에 대한 간단한 통계를 내 봤습니다.</p>
    <p>
      </p>
<center><img src="/about/stats/month.png"></center>
    
    <p>
      </p>
<center><img src="/about/stats/year.png"></center>
    
    <h3>평균 부하</h3>
    <p>"평균 부하"란 서버가 얼마나 바쁜지에 대한 수치입니다. 간단히 설명하자면:</p>
<ul>
<li>0.0: <span class="brand">keys.openpgp.org</span> 서버가 하릴없이 놀고 있음</li>
        <li>1.0: 상당히 바쁘게 돌고 있음</li>
        <li>4.0 이상: 어디 서버 타는 냄새 안 나나요? 🔥 불이야!</li>
      </ul>
<p>
      </p>
<center><img src="/about/stats/load_week.png"></center>
    
</div>
							
							
							
						
@@ -1,123 +0,0 @@
<div class="about usage">
    <center><h2>
<a href="/about">서비스 소개</a> | <a href="/about/news">새 소식</a> | 사용 안내 | <a href="/about/faq">자주 묻는 질문</a> | <a href="/about/stats">통계</a> | <a href="/about/privacy">개인 정보 보호</a>
</h2></center>
    <p>이 페이지에는 다양한 OpenPGP 소프트웨어에서 <span class="brand">keys.openpgp.org</span> 서비스를 사용하는 방법을 다룹니다.<br>이 페이지의 내용은 끊임없이 보충될 예정입니다. 뭔가 부족하다 싶은 게 있으면 알려주세요! 추가하도록 노력하겠습니다.</p>
    <h2 id="web" style="padding-left: 3%;"><a href="#web">웹 인터페이스</a></h2>
    <p><span class="brand">keys.openpgp.org</span> 웹 인터페이스는 다음 기능을 제공합니다:</p>
    <p>
        </p>
<ul>
<li>지문이나 전자 메일 주소로 키 <a href="/">찾기</a>
</li>
            <li>키를 직접 <a href="/upload">올리고</a> 인증하기</li>
            <li>공개된 명의를 지우는 등의 내 키 <a href="/manage">관리하기</a>
</li>
        </ul>
<h2 id="enigmail">
        <div><img src="/assets/img/enigmail.svg"></div>
        <a href="#enigmail">Enigmail</a>
    </h2>
    <p>Thunderbird용 <a href="https://enigmail.net" target="_blank">Enigmail</a>은 버전 2.0.12부터 <span class="brand">keys.openpgp.org</span> 서비스를 기본으로 사용하고 있습니다.</p>
    <p>(<a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> 또는 그 이후 버전을 위한) Enigmail 2.1부터 다음과 같은 기능이 완벽 지원됩니다:</p>
<ul>
<li>키 정보가 자동으로 항상 최신으로 유지됩니다.</li>
            <li>키 생성 과정에서 키 올리기와 인증을 동시에 할 수 있습니다.</li>
            <li>전자 메일 주소로 키 찾기를 지원합니다.</li>
        </ul>
<h2 id="gpg-suite">
        <div><img src="/assets/img/gpgtools.png"></div>
        <a href="#gpg-suite">GPG Suite</a>
    </h2>
    <p>macOS용 <a href="https://gpgtools.org/">GPG Suite</a>는 2019년 8월부터 <span class="brand">keys.openpgp.org</span> 서비스를 기본으로 사용합니다.</p>
    <h2 id="openkeychain">
        <div><img src="/assets/img/openkeychain.svg"></div>
        <a href="#openkeychain">OpenKeychain</a>
    </h2>
    <p>Android용 <a href="https://www.openkeychain.org/">OpenKeychain</a>은 2019년 7월부터 <span class="brand">keys.openpgp.org</span> 서비스를 기본으로 사용합니다.</p>
<ul>
<li>키 정보가 자동으로 항상 최신으로 유지됩니다.</li>
            <li>전자 메일 주소로 키 찾기를 지원합니다.</li>
        </ul>
<p>아직 앱 내에서 키 올리기와 전자 메일 주소 인증을 지원하지 않음을 유의하세요.</p>
    <h2 id="pignus">
        <div><img src="/assets/img/pignus.png"></div>
        <a href="#pignus">Pignus</a>
    </h2>
    <p>iOS용 <a href="https://www.frobese.de/pignus/">Pignus</a>는 2019년 11월부터 <span class="brand">keys.openpgp.org</span> 서비스를 기본으로 사용합니다.</p>
<ul>
<li>언제 어디서든 내 키 올리기가 가능합니다.</li>
            <li>전자 메일 주소로 키 찾기를 지원합니다.</li>
        </ul>
<h2 id="gnupg">
        <div><img src="/assets/img/gnupg.svg"></div>
        <a href="#gnupg">GnuPG</a>
    </h2>
    <p><a href="https://gnupg.org">GnuPG</a>가 <span class="brand">keys.openpgp.org</span> 서비스를 키서버로 사용하게끔 설정하려면 아래 한 줄을 <tt>gpg.conf</tt> 파일에 추가하세요:</p>
<blockquote>keyserver hkps://keys.openpgp.org</blockquote>
    
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">키 받아오기</a></h4>
    <ul>
<li>누군가의 키를 전자 메일 주소로 찾아 받아오려면 다음 명령을 실행하세요:<blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>현재 알고있는 모든 키에 대한 최신 정보(새 폐기 인증서라든가 새 서브키라든가)를 가져오려면 다음 명령을 실행하세요:<blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
<h4 id="gnupg-upload"><a href="#gnupg-upload">내 키 올리기</a></h4>
    <p>GnuPG의 <tt>--send-keys</tt> 명령으로 키를 올릴 수 있습니다만, 동시에 명의 정보 인증을 진행하지는 못합니다. 즉, 이렇게 올린 키는 전자 메일 주소로 찾을 수 없습니다. (<a href="/about">이게 뭘 뜻하나요?</a>)</p>
    <ul>
<li>다음 명령으로 키를 올리고 동시에 인증 페이지로의 직접 링크를 받아오는 것까지 한 번에 해결하는 것은 가능합니다:<blockquote>gpg --export your_address@example.net | curl -T - {{ base_uri }}</blockquote>
        </li>
        <li>아니면 키를 파일로 내보낸 다음 직접 <a href="/upload" target="_blank">올리기</a> 페이지에서 불러올 수도 있어요:<blockquote>gpg --export your_address@example.net &gt; my_key.pub</blockquote>
        </li>
    </ul>
<h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">문제 해결</a></h4>
    <ul>
<li>오래된 <tt>~/gnupg/dirmngr.conf</tt> 파일은 간혹 다음과 같은 한 줄을 포함하기도 합니다:<blockquote>hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem</blockquote>
            <p>이 설정은 이젠 필요 없습니다. 오히려 정상적인 인증서를 방해할 뿐이죠. 해당 한 줄을 지우는 걸 권장합니다.</p>
        </li>
        <li>키 갱신 과정에서 다음과 같은 오류를 접할 수도 있습니다:<blockquote>gpg: key A2604867523C7ED8: no user ID</blockquote>
            이건 <a href="https://dev.gnupg.org/T4393" target="_blank">이미 보고된 GnuPG 자체의 문제</a>입니다. GnuPG 팀과 함께 문제 해결을 위해 노력 중이에요.
        </li>
    </ul>
<h4 id="gnupg-tor"><a href="#gnupg-tor">Tor를 통해 사용하기</a></h4>
    <p>더 조심스러운 접근이 필요하다면 <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">Onion 서비스</a>를 거쳐 <span class="brand">keys.openpgp.org</span> 서비스에 익명으로 접속할 수도 있습니다. <a href="https://www.torproject.org/" target="_blank">Tor</a> 설치가 이미 돼 있다면 다음 설정을 사용하세요:</p>
<blockquote>keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</blockquote>
    
    <h2 style="padding-left: 3%;" id="wkd-as-a-service"><a href="#wkd-as-a-service">서비스로서의 WKD</a></h2>
    <p>Web Key Directory(WKD)는 전자 메일 서비스 제공자의 도메인을 통해 전자 메일 주소만 가지고 OpenPGP 키를 찾아올 수 있게 하는 표준 기술입니다. <a href="https://www.gpg4win.de/about.html" target="_blank">GpgOL</a>을 위시한 일부 전자 메일 클라이언트는 기존에 알려지지 않은 키를 WKD로 찾도록 지원합니다.</p>
<p><span class="brand">keys.openpgp.org</span>는 임의의 도메인에 대해서 WKD 서비스를 위임받아 제공할 수 있습니다. 단순히 <tt>openpgpkey</tt> 서브 도메인에 대한 <tt>CNAME</tt> 레코드를 <tt>wkd.keys.openpgp.org</tt> 주소를 가리키도록 설정해두면 됩니다. 어느 DNS 호스팅이든 웹 인터페이스를 통해 충분히 설정할 수 있을 걸요.</p>
<p>일단 해당 도메인에 대해 설정이 완료되면, 기존에 인증된 전자 메일 주소는 WKD를 통해 얼마든지 찾을 수 있습니다.</p>
<p><tt>CNAME</tt> 레코드가 다음과 같이 보이면 성공입니다:</p>
<blockquote>$ drill openpgpkey.example.org<br>
        ...<br>
        openpgpkey.example.org.       300     IN      CNAME   wkd.keys.openpgp.org.</blockquote>
    <p>다음과 같이 WKD 설정 상태 점검을 간단하게 할 수도 있습니다:</p>
<blockquote>$ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>
        CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>
</blockquote>
    <p>키 받아오기를 테스트하려면 다음 명령을 실행하세요:</p>
<blockquote>$ gpg  --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org<br>
</blockquote>
    <h2 style="padding-left: 3%;">API</h2>
    <p>OpenPGP 응용 프로그램에 기능 통합 지원을 위한 API도 제공 중입니다. <a href="/about/api">API 문서</a>를 확인해보세요.</p>
    <h2 style="padding-left: 3%;">기타 사항</h2>
    <p>여러분이 애용하는 구현체에 대한 사용 안내가 없나요? 이 사이트는 아직 미완성이고 계속해서 개선 중임을 기억해주세요. 혹시라도 도움 주실 생각이라면 언제든 <span class="email">support 골뱅이 keys 닷 openpgp 닷 org</span>로 연락주세요!</p>
</div>
							
							
							
						
@@ -1,61 +0,0 @@
<div class="about">
    <center><h2>Om | <a href="/about/news">Nyheter</a> | <a href="/about/usage">Bruk</a> | <a href="/about/faq">Ofte stilte spørsmål</a> | <a href="/about/stats">Statistikk</a> | <a href="/about/privacy">Personvern</a>
</h2></center>
    <p>Tjeneren <tt>keys.openpgp.org</tt> er en offentlig tjeneste
for distribusjon og oppdagelse av OpenPGP-kompatible nøkler,
ofte kalt «nøkkeltjener».</p>
    <p><strong>For instruksjoner, se <a href="/about/usage">bruksanvisningen</a> vår.</strong></p>
    <h3>Slik virker det</h3>
    <p>En OpenPGP-nøkkel inneholder to typer informasjon:</p>
    <ul>
<li>
<strong>Identifiserende opplysninger</strong> brukes om delene av en nøkkel som identifiserer eieren, også kjent som «bruker-IDer».
En bruker-ID inneholder vanligvis et navn og en e-postadresse.</li>
        <li>
<strong>Ikke-identifiserende opplysninger</strong> er alle de tekniske
opplysningene om selve nøkkelen. Dette omfatter de store tallene
som brukes for å bekrefte signaturer og for å kryptere meldinger.
Det omfatter også metadata som opprettelsesdato, noen utløpsdatoer og status for tilbakekalling.</li>
    </ul>
<p>Det har vært vanlig å gi ut disse opplysningene samlet.
På <span class="brand">keys.openpgp.org</span> blir de behandlet på en annen måte.
Mens hvem som helst kan laste opp alle deler av en hvilken som helst OpenPGP-nøkkel til <span class="brand">keys.openpgp.org</span>, vil nøkkeltjeneren bare ta vare på og offentliggjøre visse deler av nøkkelen, og bare under visse omstendigheter:</p>
    <p><strong>Ikke-identifiserende opplysninger</strong> vil bli lagret og fritt gitt ut på ny dersom de består en kryptografisk integritetssjekk.
Hvem som helst kan laste ned disse opplysningene ettersom de bare
inneholder informasjon som ikke kan brukes til å identifisere en person direkte.
Bra OpenPGP-programvare kan bruke <span class="brand">keys.openpgp.org</span>
for å holde slike opplysninger oppdatert for enhver nøkkel den kjenner til.
Dette hjelper OpenPGP-brukere med å opprettholde sikker og pålitelig kommunikasjon.</p>
    <p>De <strong>Identifiserende opplysningene</strong> i en OpenPGP-nøkkel
blir bare gitt ut med samtykke.
De inneholder personlig informasjon, og er ikke strengt nødvendige
for at en nøkkel skal kunne brukes til å kryptere eller bekrefte signaturer.
Så snart eieren gir et slikt samtykke ved å bekrefte e-postadressen sin,
kan nøkkelen finnes ved å søke på adressen.</p>
    <h3 id="community">Fellesskap og plattform</h3>
    <p>Denne tjenesten blir drevet på dugnad.
Du kan snakke med oss på
#hagrid på Freenode IRC,
som du også kan få tilgang til via #hagrid:stratum0.org på Matrix.
Selvsagt når du oss også på e-post:
<tt>support alfakrøll keys punktum openpgp punktum org</tt>.
Folkene som driver dette kommer
fra diverse prosjekter innenfor OpenPGP-økosystemet,
blant annet Sequoia-PGP, OpenKeychain og Enigmail.</p>
    <p>Når det gjelder det tekniske,
kjører <tt>keys.openpgp.org</tt> nøkkeltjener-programvaren <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a>,
som er basert på <a href="https://sequoia-pgp.org">Sequoia-PGP</a>.
Vi kjører på <a href="https://eclips.is" target="_blank">eclips.is</a>,
en hostingplattform for prosjekter som arbeider for et fritt Internett.
Plattformen drives av <a href="https://greenhost.net/" target="_blank">Greenhost</a>.</p>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Om</a> | <a href="/about/news">Nyheter</a> | <a href="/about/usage">Bruk</a> | <a href="/about/faq">Ofte stilte spørsmål</a> | Statistikk | <a href="/about/privacy">Personvern</a>
</h2></center>
    <h3>Bekreftede e-postadresser</h3>
    <p>En enkel statistikk som viser hvor mange e-postadresser som er bekreftede for øyeblikket. 📈</p>
    <p>
      </p>
<center><img src="/about/stats/month.png"></center>
    
    <p>
      </p>
<center><img src="/about/stats/year.png"></center>
    
    <h3>Snittbelastning</h3>
    <p>Snittbelastningen er et mål på hvor trafikkert tjeneren er. Kort sagt betyr:</p>
<ul>
<li>0,0 at tjeneren <span class="brand">keys.openpgp.org</span> er fullstendig ledig</li>
        <li>1,0 at tjeneren er ganske trafikkert</li>
        <li>4,0 og høyere at tjeneren går så det suser 💨</li>
      </ul>
<p>
      </p>
<center><img src="/about/stats/load_week.png"></center>
    
</div>
							
							
							
						
@@ -1,67 +0,0 @@
<div class="about">
    <center><h2>Over | <a href="/about/news">Nieuws</a> | <a href="/about/usage">Gebruik</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistieken</a> | <a href="/about/privacy">Privacy</a>
</h2></center>
    <p>De <tt>keys.openpgp.org</tt> server is een openbare dienst voor de
distributie en vinden van OpenPGP-compatibele sleutels, gewoonlijk
wordt een "sleutelserver" genoemd.</p>
    <p><strong>Raadpleeg voor instructies onze <a href="/about/usage">gebruiksgids</a>.</strong></p>
    <h3>Hoe het werkt</h3>
    <p>Een OpenPGP-sleutel bevat twee soorten informatie:</p>
    <ul>
<li>
<strong>Identiteitsinformatie</strong> beschrijft de delen van
 een sleutel die de eigenaar identificeert, ook bekend als "Gebruikers-ID's".
 Een gebruikers-ID bevat doorgaans een naam en een e-mailadres.</li>
        <li>
<strong>Niet-identiteitsgegevens</strong> is allemaal technisch
informatie over de sleutel zelf. Dit omvat de grote getallen
gebruikt voor het verifiëren van handtekeningen en het versleutelen van berichten.
Het bevat ook metagegevens zoals de aanmaakdatum, een bepaalde vervaldatum
datums en intrekkingsstatus.</li>
    </ul>
<p>Traditioneel zijn deze stukjes informatie altijd samen verspreid
Op <span class="brand">keys.openpgp.org</span> worden deze
anders behandeld. Terwijl iedereen alle delen van een OpenPGP-sleutel kan uploaden
naar <span class="brand">keys.openpgp.org</span>,  zal onze sleutelserver
alleen bepaalde delen behouden en publiceren onder bepaalde
voorwaarden:</p>
    <p>Alle <strong>niet-identiteitsinformatie</strong> wordt vrij opgeslagen
herverdeeld, als het een cryptografische integriteitscontrole doorstaat.
Iedereen kan deze onderdelen op elk moment downloaden omdat ze alleen
technische gegevens bevatten die niet kunnen worden gebruikt om een persoon rechtstreeks te identificeren.
Goede OpenPGP-software kan <span class="brand">keys.openpgp.org</span> gebruiken
om deze informatie up-to-date te houden voor elke sleutel die het kent.
Dit helpt OpenPGP-gebruikers om veilige en betrouwbare communicatie te onderhouden.</p>
    <p>De <strong>identiteitsgegevens</strong> in een OpenPGP-sleutel
wordt alleen verspreid met toestemming.
Het bevat persoonsgegevens en is niet strikt noodzakelijk voor
een sleutel die wordt gebruikt voor codering of handtekeningverificatie.
Zodra de eigenaar toestemming geeft door zijn e-mailadres te verifiëren,
is de sleutel te vinden via zoeken op adres.</p>
    <h3 id="community">Community en platform</h3>
    <p>Deze service wordt uitgevoerd door gezamenlijke 'community' inspanningen.
U kunt met ons praten via
#hagrid op Freenode IRC,
ook bereikbaar als #hagrid:stratum0.org op Matrix.
Uiteraard kunt u ons ook bereiken via e-mail,
via <tt>support apenstaartje keys punt openpgp punt org</tt>.
De mensen die dit runnen, komen
van verschillende projecten in het OpenPGP-ecosysteem,
waaronder Sequoia-PGP, OpenKeychain en Enigmail.</p>
    <p>Technisch,
<tt>keys.openpgp.org</tt> draait op de <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a> sleutelserver software,
die is gebaseerd op <a href="https://sequoia-pgp.org">Sequoia-PGP</a>.
We draaien op <a href="https://eclips.is" target="_blank">eclips.is</a>,
een hostingplatform gericht op Internet Freedom projecten,
die wordt beheerd door <a href="https://greenhost.net/" target="_blank">Greenhost</a>.</p>
</div>
							
							
							
						
@@ -1,185 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Over</a> | <a href="/about/news">Nieuws</a> | <a href="/about/usage">Gebruik</a> | FAQ | <a href="/about/stats">Statistieken</a> | <a href="/about/privacy">Privacy</a>
</h2></center>
    <h3 id="sks-pool"><a href="#sks-pool">Maakt deze server deel uit van de "SKS" pool?</a></h3>
    <p>Nee. Het federatiemodel van de SKS pool heeft verschillende problemen 
op het gebied van betrouwbaarheid, weerstand tegen misbruik, privacy, en gebruiksvriendelijkheid. 
We kunnen misschien overwegen iets gelijkaardig te doen, 
maar <span class="brand">keys.openpgp.org</span> zal zelf nooit uitmaken van de SKS pool.</p>
    <h3 id="federation"><a href="#federation">Is keys.openpgp.org gefedereerd? Kan ik helpen door een instance te draaien?</a></h3>
    <p>Op het moment niet, nee.
We zijn uiteindelijk van plan om <span class="brand">keys.openpgp.org</span> te decentralizeren.
Met meerdere servers
Online bij onafhankelijke operatoren,
kunnen we hopelijk de betrouwbaarheid van deze service
nog meer verbeteren.</p>
    <p>Verschillende mensen hebben hun hulp aangeboden
door het "draaien van een Hagrid server instance".
We waarderen het aanbod zeer,
maar we zullen hoogstwarschijnlijk nooit een "open" federatie model hebben zoals SKS,
waar iedereen een instance kan draaien en deel uitmaken van een "pool".
Dit is voor twee redenen:</p>
    <ol>
<li>Federatie met open deelname vereist dat alle gegevens openbaar zijn.
Dit heeft een grote impact op de privacy van onze gebruikers, omdat
iedereen zo een lijst kan samenstellen van alle e-mailadressen.</li>
        <li>Servers die als hobby worden gerund door informele beheerders voldoen niet aan onze
normen voor betrouwbaarheid en prestaties.</li>
    </ol>
<h3 id="non-email-uids"><a href="#non-email-uids">Waarom is er geen ondersteuning
voor identiteiten welke geen e-mailadres zijn?</a></h3>
    <p>We hebben expliciete toestemming nodig om identiteitsgegevens te verspreiden.
Identiteiten die geen e-mailadressen zijn, zoals afbeeldingen of website
URL's, bieden ons geen eenvoudige manier om deze toestemming te verkrijgen.</p>
    <p>Opmerking: Sommige OpenPGP-software maakt sleutels met een onjuiste
e-mailadressen indeling. Deze adressen worden mogelijk niet correct herkend op
<span class="brand">keys.openpgp.org</span>.</p>
    <h3 id="verify-multiple"><a href="#verify-multiple">Kan ik meer dan
één sleutel valideren voor een e-mailadres?</a></h3>
    <p>Een e-mailadres kan slechts aan één sleutel worden gekoppeld.
Als een adres is geverifieerd voor een nieuwe sleutel,
zal deze in geen enkele sleutel meer verschijnen
waarvoor het eerder was geverifieerd.
<a href="/about">Niet-identiteitsgegevens</a> worden nog steeds verspreid
 voor alle sleutels.</p>
    <p>Dit betekent dat een zoekopdracht op e-mailadres
slechts één sleutel terug geeft ,
niet meerdere kandidaten.
Dit elimineert een onmogelijke keuze voor de gebruiker
("Welke sleutel is de juiste?"),
en maakt het vinden van sleutels via e-mail veel gemakkelijker.</p>
    <h3 id="email-protection"><a href="#email-protection">Wat doen jullie om
uitgaande verificatie-e-mails te beschermen?</a></h3>
    <p>We gebruiken een moderne standaard genaamd
<a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a>,
gecombineerd met
<a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a>
door de EFF,
om ervoor te zorgen dat verificatie-e-mails veilig worden verzonden.
Dit beschermt tegen afluisteren en onderscheppen tijdens het afleveren.</p>
    <p>Het MTA-STS mechanisme is afhankelijk van correct geconfigureerde e-mailservers.
U kunt <a href="https://www.hardenize.com/">deze test uitvoeren</a>
om te zien of uw e-mailprovider dit ondersteunt.
Als de vermelding "MTA-STS" aan de linkerkant geen groen vinkje is,
vraag uw provider dan om hun configuratie bij te werken.</p>
    <h3 id="third-party-signatures">
<a href="#third-party-signatures">
Distribueren jullie "derde partij handtekeningen"?</a> </h3>
    <p>In het kort: Nee.</p>
    <p>Een "handtekening van derden" is een handtekening op een sleutel
dat is gemaakt door een andere sleutel.
Meestal
dat zijn de handtekeningen die worden geproduceerd bij het "ondertekenen van iemands sleutel",
die de basis vormen voor
het "<a href="https://en.wikipedia.org/wiki/Web_of_trust" target="_blank">Web of Trust</a>".
Om een aantal redenen,
worden deze handtekeningen momenteel niet verspreid
via <span class="brand">keys.openpgp.org</span>.</p>
    <p>De belangrijkste reden is <strong>spam.</strong>.
Handtekeningen van derden maken het mogelijk willekeurige gegevens aan iemands sleutel toe te voegen,
en niets weerhoudt een kwaadwillende gebruiker ervan
vele megabytes 'ballast' aan een sleutel koppelen
zodat deze praktisch onbruikbaar wordt.
Erger nog,
ze kunnen aanstootgevende of illegale inhoud toevoegen.</p>
    <p>Er zijn ideeën om dit probleem op te lossen.
Als voorbeeld kunnen handtekeningen worden gedistribueerd met een ondertekenaar,
in plaats van de iemand die ondertekend.
Als alternatief kunnen we ondertekening eisendoor de ondertekenaar vóór distributie
ter ondersteuning van een
<a href="https://wiki.debian.org/caff" target="_blank">caff-stijl</a>
workflow. 
Als er voldoende interesse is,
staan we open voor samenwerking met andere OpenPGP-projecten
voor een oplossing.</p>
    <h3 id="no-sign-verified"><a href="#no-sign-verified">Waarom geen sleutels ondertekenen?
na verificatie?</a></h3>
    <p>De service <span class="brand">keys.openpgp.org</span> is bedoeld voor sleutel
distributie en vindbaarheid, niet als een certificeringsinstantie.
Clientimplementaties die geverifieerde communicatie willen aanbieden, zouden dat moeten
vertrouwen op hun eigen vertrouwensmodel.</p>
    <h3 id="revoked-uids"><a href="#revoked-uids">Waarom worden ingetrokken identiteiten niet
als zodanig verdeeld?</a></h3>
    <p>Wanneer een OpenPGP-sleutel een van zijn identiteiten als ingetrokken markeert
moet deze identiteit niet langer als geldig worden beschouwd voor de sleutel, en deze
informatie zou idealiter verspreid moeten worden onder alle OpenPGP-clients
weet al van de nieuw ingetrokken identiteit.</p>
    <p>Helaas is er momenteel geen goede manier om intrekkingen te verspreiden,
die niet de ingetrokken identiteit zelf onthult. We willen
ingetrokken identiteiten niet verspreid, daarom kunnen we de identiteit helemaal niet verspreiden.</p>
    <p>Er zijn voorgestelde oplossingen voor dit probleem, die de distributie mogelijk maken
van intrekkingen zonder ook de identiteit zelf te onthullen. Maar tot nu toe
zijn er geen definitieve specificatie of ondersteuning in enige OpenPGP-software. Wij
hoop dat er in de nabije toekomst een oplossing zal komen en hiervoor
ondersteuning kunnen toevoegen op <span class="brand">keys.openpgp.org</span> zodra
we kunnen.</p>
    <h3 id="search-substring"><a href="#search-substring">Waarom is het niet mogelijk om te zoeken op een deel van een e-mailadres, zoals alleen het domein?</a></h3>
    <p>Sommige sleutelservers ondersteunen het zoeken naar sleutels via een deel van een e-mailadres.
Hierdoor kunnen niet alleen sleutels worden gevonden, maar ook adressen, met een vraag als "sleutels voor adressen op gmail dot com".
Hierdoor worden de adressen van alle sleutels op die sleutelservers effectief in een openbare lijst geplaatst.</p>
    <p>Een zoekopdracht op e-mailadres op <span class="brand">keys.openpgp.org</span> levert alleen een sleutel op als deze exact overeenkomt met het e-mailadres.
Op deze manier kan een normale gebruiker de sleutel ontdekken die is gekoppeld aan elk adres dat hij al kent, maar hij kan geen nieuwe e-mailadressen ontdekken.
Dit voorkomt dat een kwaadwillende gebruiker of spammer gemakkelijk een lijst met alle e-mailadressen van de server krijgt.</p>
    <p>We hebben deze beperking opgenomen in ons <a href="/about/privacy">privacybeleid</a>,
wat betekent dat we dit niet kunnen wijzigen zonder toestemming van de gebruiker te vragen.</p>
    <h3 id="tor"><a href="#tor">Ondersteunen jullie Tor?</a></h3>
    <p>Als u Tor hebt geïnstalleerd,
kunt u <span class="brand">keys.openpgp.org</span> anoniem bereiken
als
<a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion service</a>:
<br><a href="http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion">zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</a></p>
    <h3 id="encrypt-verification-emails"><a href="#encrypt-verification-emails">
Waarom worden verificatie-e-mails niet versleuteld?</a></h3>
    Verschillende redenen:
    <ol>
<li>Het is ingewikkelder, zowel voor onze gebruikers als voor ons.</li>
        <li>Het voorkomt aanvallen niet - een aanvaller heeft geen voordeel bij
het uploaden van een sleutel waar men geen toegang tot heeft.</li>
        <li>Verwijderen zou nog steeds mogelijk moeten zijn, zelfs als er een sleutel is
verloren.</li>
        <li>Het zou een ander (en ingewikkelder) mechanisme vereisen voor
het uploaden sleutels die alleen kunnen ondertekenen.</li>
    </ol>
<h3 id="older-gnupg"><a href="#older-gnupg">
Ik heb problemen met het updaten van sommige sleutels met GnuPG. Is er een bug?
</a></h3>
    <p>Dit is een probleem met de huidige versies van GnuPG. Als je het probeert
een sleutel te update op <span class="brand">keys.openpgp.org</span> die
geen <a href="/about">identiteitsgegevens</a> bevat, zal GnuPG weigeren
om de sleutel te verwerken:</p>
    <blockquote>$ gpg --receive-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E1<br>
gpg: key EB85BB5FA33A75E15E944E63F231550C4F47E38E: geen gebruikers-ID</blockquote>
    <p>We werken met het GnuPG team samen om dit probleem op te lossen.</p>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Over</a> | <a href="/about/news">Nieuws</a> | <a href="/about/usage">Gebruik</a> | <a href="/about/faq">FAQ</a> | Statistieken | <a href="/about/privacy">Privacy</a>
</h2></center>
    <h3>Geverifieerde e-mailadressen</h3>
    <p>Een eenvoudige statistiek van het totale aantal e-mailadressen dat momenteel is geverifieerd. 📈</p>
    <p>
      </p>
<center><img src="/about/stats/month.png"></center>
    
    <p>
      </p>
<center><img src="/about/stats/year.png"></center>
    
    <h3>Gemiddelde belasting</h3>
    <p>De "gemiddelde belasting" van een server is een statistiek van hoe druk het is. Simpel gezegd:</p>
<ul>
<li>0.0 betekent dat de <span class="brand">keys.openpgp.org</span> server volledig inactief is</li>
        <li>1.0 is redelijk druk</li>
        <li>4.0 en hoger betekent dat het in brand staat 🔥</li>
      </ul>
<p>
      </p>
<center><img src="/about/stats/load_week.png"></center>
    
</div>
							
							
							
						
@@ -1,67 +0,0 @@
<div class="about">
    <center><h2>Despre | <a href="/about/news">Noutăți</a> | <a href="/about/usage">Utilizare</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistici</a> | <a href="/about/privacy">Confidențialitate</a>
</h2></center>
    <p>Serverul <span class="brand">keys.openpgp.org</span> este un serviciu public pentru
        distribuție și descoperire a cheilor compatibile cu OpenPGP, în mod obișnuit
        denumit în mod obișnuit "server de chei".</p>
    <p><strong>Pentru instrucțiuni, consultați al nostru <a href="/about/usage">ghid de utilizare</a>.</strong></p>
    <h3>Cum funcționează</h3>
    <p>O cheie OpenPGP conține două tipuri de informații:</p>
    <ul>
<li>
<strong>Informațiile privind identitatea</strong> descriu părțile din
            o cheie care identifică proprietarul acesteia, cunoscute și sub denumirea de "ID-uri de utilizator".
            Un ID de utilizator include, de obicei, un nume și o adresă de e-mail.</li>
        <li>
<strong>Informațiile fără identitate</strong> sunt toate informațiile tehnice
            informații tehnice despre cheia în sine. Acestea includ numerele mari
            utilizate pentru verificarea semnăturilor și criptarea mesajelor.
            De asemenea, include metadate precum data creării, unele date de expirare
            date de expirare și starea de revocare.</li>
    </ul>
<p>În mod tradițional, aceste informații au fost întotdeauna distribuite
        împreună. Pe <span class="brand">keys.openpgp.org</span>, acestea sunt
        tratate diferit.  În timp ce oricine poate încărca toate părțile oricărei chei OpenPGP
        la <span class="brand">keys.openpgp.org</span>, serverul nostru de chei
        va reține și va publica doar anumite părți în anumite
        condiții:</p>
    <p>Orice <strong>informație care nu este de identitate</strong>  va fi stocată și va fi
       redistribuită în mod liber, dacă trece de o verificare criptografică a integrității.
        Oricine poate descărca aceste părți în orice moment, deoarece ele conțin doar
       date tehnice care nu pot fi folosite pentru a identifica direct o persoană.
        Un software OpenPGP bun poate utiliza <span class="brand">keys.openpgp.org</span>
        pentru a menține aceste informații actualizate pentru orice cheie despre care știe.
         Acest lucru ajută utilizatorii OpenPGP să mențină o comunicare sigură și fiabilă.</p>
    <p> <strong>Informațiile de identitate</strong> dintr-o cheie OpenPGP
        se distribuie numai cu consimțământ.
        Acestea conțin date cu caracter personal și nu sunt strict necesare pentru
        ca o cheie să fie utilizată pentru criptare sau pentru verificarea semnăturii.
        Odată ce proprietarul își dă consimțământul prin verificarea adresei sale de e-mail,
        cheia poate fi găsită prin intermediul căutării după adresă.</p>
    <h3 id="community">Comunitate și platforma</h3>
    <p>Acest serviciu este gestionat ca un efort comunitar.
        Puteți vorbi cu noi în
        #hagrid pe OFTC IRC,
        de asemenea, puteți ajunge la #hagrid:stratum0.org pe Matrix.
        Bineînțeles, ne puteți contacta și prin e-mail,
        la <tt>support at keys dot openpgp dot org</tt>.
       Cei care conduc acest proiect sunt
        din diverse proiecte din ecosistemul OpenPGP,
        inclusiv Sequoia-PGP, OpenKeychain și Enigmail.</p>
    <p>Din punct de vedere tehnic,
        <span class="brand">keys.openpgp.org</span>rulează pe software-ul <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a> keyserver ,
        care se bazează pe <a href="https://sequoia-pgp.org">Sequoia-PGP</a>.
        Noi funcționăm pe <a href="https://eclips.is" target="_blank">eclips.is</a>,
        o platforma de găzduire axată pe proiecte de libertate pe internet,
        care este administrată de <a href="https://greenhost.net/" target="_blank">Greenhost</a>.</p>
</div>
							
							
							
						
@@ -1,212 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Despre</a> | <a href="/about/news">Noutăți</a> | <a href="/about/usage">Utilizare</a> | FAQ | <a href="/about/stats">Statistici</a> | <a href="/about/privacy">Confidențialitate</a>
</h2></center>
    <p><strong>Pentru instrucțiuni, consultați <a href="/about/usage">ghidul nostru de utilizare</a>.</strong></p>
    <h3 id="sks-pool"><a href="#sks-pool">Acest server face parte din lotul "SKS"?</a></h3>
    <p>Nu. Modelul de federație al bazinului SKS are diverse probleme în ceea ce privește
        de fiabilitate, rezistență la abuzuri, confidențialitate și utilizabilitate. Am putea face
        ceva similar, dar <span class="brand">keys.openpgp.org</span>
        nu va face niciodată parte din fondul SKS propriu-zis.</p>
    <h3 id="federation"><a href="#federation">Este keys.openpgp.org federat? Pot să vă ajut prin rularea unei instanțe?</a></h3>
    <p>Pentru moment, nu.
        Avem în plan să descentralizăm <span class="brand">keys.openpgp.org</span>
       la un moment dat.
        Cu mai multe servere
        conduse de operatori independenți,
        putem spera să îmbunătățim fiabilitatea
        acestui serviciu și mai mult.</p>
    <p>Mai mulți oameni s-au oferit să ajute
        prin "rularea unei instanțe de server Hagrid".
        Apreciem foarte mult această ofertă,
        dar probabil că nu vom avea niciodată un model de federație "deschisă" precum SKS,
        în care toată lumea poate rula o instanță și poate deveni parte a unui "grup".
        Acest lucru se datorează din două motive:</p>
    <ol>
<li>Federația cu participare deschisă presupune ca toate datele să fie publice.
            Acest lucru are un impact semnificativ asupra vieții private a utilizatorilor noștri, deoarece
            permite oricui să extragă o listă cu toate adresele de e-mail.</li>
        <li>Serverele rulate ca hobby de administratori ocazionali nu îndeplinesc cerințele noastre.
            standardele de fiabilitate și performanță.</li>
    </ol>
<h3 id="non-email-uids"><a href="#non-email-uids">De ce nu există suport
            pentru identități care nu sunt adrese de e-mail?</a></h3>
    <p>Avem nevoie de consimțământul explicit pentru a distribui informații privind identitatea.
        Identități care nu sunt adrese de e-mail, cum ar fi fotografii sau site-uri web
        URL-uri, nu ne oferă o modalitate simplă de a obține acest consimțământ.</p>
    <p>Notă: Unele programe OpenPGP creează chei cu formatări incorecte.
        de e-mail formate greșit.  Este posibil ca aceste adrese să nu fie recunoscute corect pe
        <span class="brand">keys.openpgp.org</span>.</p>
    <h3 id="verify-multiple"><a href="#verify-multiple">Pot să verific mai mult de
            o cheie pentru o anumită adresă de e-mail?</a></h3>
    <p>O adresă de e-mail poate fi asociată doar cu o singură cheie.
        Atunci când o adresă este verificată pentru o nouă cheie,
        aceasta nu mai apare în nicio cheie
        pentru care a fost verificată anterior.
        <a href="/about">Informațiile fără identitate</a> vor fi distribuite în continuare
        pentru toate cheile.</p>
    <p>Aceasta înseamnă o căutare după adresa de e-mail
        va returna doar o singură cheie,
        nu mai mulți candidați.
        Astfel, se elimină o alegere imposibilă pentru utilizator
        ("Care cheie este cea corectă?"),
        și face ca descoperirea cheilor prin e-mail să fie mult mai convenabilă.</p>
    <h3 id="email-protection"><a href="#email-protection">Ce faci pentru a
            protejați e-mailurile de verificare de ieșire?</a></h3>
    <p>Noi folosim un standard modern numit
        <a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a>,
        combinat cu
        <a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a>
       de către EFF,
        pentru a ne asigura că e-mailurile de verificare sunt trimise în siguranță.
        Acest lucru protejează împotriva ascultării și interceptării în timpul livrării.</p>
    <p>Mecanismul MTA-STS funcționează numai dacă este acceptat de e-mailul destinatarului.
        furnizorului de e-mail. În caz contrar, e-mailurile vor fi livrate ca de obicei.
        Puteți <a href="https://www.hardenize.com/">rula acest test</a>
        pentru a vedea dacă furnizorul dvs. de e-mail îl acceptă.
        Dacă intrarea "MTA-STS" din stânga nu este bifată cu verde,
        vă rugăm să solicitați furnizorului dvs. să își actualizeze configurația.</p>
    <h3 id="third-party-signatures"><a href="#third-party-signatures">
            Distribuiți "semnături de la terți"?</a></h3>
    <p>Răspuns scurt: Nu.</p>
    <p>O "semnătură a unei terțe părți" este o semnătură pe o cheie
        care a fost făcută de o altă cheie.
        Cel mai frecvent,
        acestea sunt semnăturile produse atunci când se "semnează cheia cuiva",
        care reprezintă baza pentru
         "<a href="https://en.wikipedia.org/wiki/Web_of_trust" target="_blank">rețeaua de încredere</a>".
        Din mai multe motive,
        aceste semnături nu sunt distribuite în prezent
        prin intermediul<span class="brand">keys.openpgp.org</span>.</p>
    <p>Principalul motiv este <strong>spam</strong>.
        Semnăturile terților permit atașarea de date arbitrare la cheia oricui,
        și nimic nu oprește un utilizator rău intenționat să
        atașarea unui număr atât de mare de megaocteți de informații la o cheie.
        încât aceasta devine practic inutilizabilă.
        Chiar mai rău,
        ar putea atașa conținut ofensator sau ilegal.</p>
    <p>Există idei pentru a rezolva această problemă.
        De exemplu, semnăturile ar putea fi distribuite împreună cu semnatarul,
        mai degrabă decât cu semnatarul.
        Alternativ, am putea solicita
        semnarea încrucișată de către semnatar înainte de distribuire
        pentru a susține o
        <a href="https://wiki.debian.org/caff" target="_blank">caff-style</a>
        workflow.
        Dacă există suficient interes,
        suntem deschiși să colaborăm cu alte proiecte OpenPGP
        la o soluție.</p>
    <h3 id="no-sign-verified"><a href="#no-sign-verified">De ce să nu semneze chei
            după verificare?</a></h3>
    <p>Serviciul <span class="brand">keys.openpgp.org</span> este destinat pentru chei
        distribuție și descoperire, nu ca o autoritate de certificare de facto.
        Implementările de client care doresc să ofere o comunicare verificată ar trebui să
        să se bazeze pe propriul lor model de încredere</p>
    <h3 id="revoked-uids"><a href="#revoked-uids">De ce identitățile revocate nu sunt
            distribuite ca atare?</a></h3>
    <p>Atunci când o cheie OpenPGP marchează una dintre identitățile sale ca fiind revocată, aceasta
        identitate nu mai trebuie să fie considerată valabilă pentru cheie, iar această
        informații ar trebui, în mod ideal, să fie distribuită tuturor clienților OpenPGP care
        care cunosc deja identitatea nou revocată.</p>
    <p>Din păcate, în prezent nu există o modalitate bună de distribuire a revocărilor,
        care să nu dezvăluie și identitatea revocată în sine.  Nu dorim să
        să distribuim identități revocate, deci nu putem distribui identitatea la
        deloc.</p>
    <p>Există soluții propuse pentru această problemă, care permit distribuirea
        revocărilor fără a dezvălui și identitatea în sine.  Dar până în prezent
        nu există o specificație finală sau suport în niciun software OpenPGP.  Noi
        sperăm că o soluție va fi stabilită în viitorul apropiat și va
        adăugăm suport pe<span class="brand">keys.openpgp.org</span> de îndată ce
        vom putea.</p>
    <h3 id="search-substring"><a href="#search-substring">De ce nu este posibilă căutarea după o parte a unei adrese de e-mail, cum ar fi doar domeniul?</a></h3>
    <p>Unele servere de chei permit căutarea cheilor după o parte a unei adrese de e-mail.
        Acest lucru permite descoperirea nu numai a cheilor, ci și a adreselor, cu o interogare de tipul "chei pentru adrese la gmail punct com".
        Astfel, adresele tuturor cheilor de pe aceste servere de chei sunt efectiv incluse într-o listă publică.</p>
    <p>O căutare după adresa de e-mail pe<span class="brand">keys.openpgp.org</span> returnează o cheie numai dacă aceasta corespunde exact cu adresa de e-mail.
        În acest fel, un utilizator normal poate descoperi cheia asociată oricărei adrese pe care o cunoaște deja, dar nu poate descoperi adrese de e-mail noi.
        Acest lucru împiedică un utilizator rău intenționat sau un spammer să obțină cu ușurință o listă cu toate adresele de e-mail de pe server.</p>
    <p>Am inclus această restricție în <a href="/about/privacy">politica noastră de confidențialitate</a>,
        ceea ce înseamnă că nu o putem schimba fără a cere consimțământul utilizatorului.</p>
    <h3 id="tor"><a href="#tor">Susțineți Tor?</a></h3>
    <p>Bineînțeles că da!
        Dacă aveți Tor instalat,
        puteți ajunge la <span class="brand">keys.openpgp.org</span> în mod anonim
        ca un
        <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion service</a>:
        <br><a href="http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion">zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</a></p>
    <h3 id="encrypt-verification-emails"><a href="#encrypt-verification-emails">
            De ce să nu criptați e-mailurile de verificare?</a></h3>
    Din diverse motive:
    <ol>
<li>Este mai complicat, atât pentru utilizatorii noștri, cât și pentru noi.</li>
        <li>Nu previne atacurile - un atacator nu câștigă nimic din
            încărcarea unei chei la care nu are acces.</li>
        <li>Ștergerea ar trebui să fie posibilă chiar și atunci când o cheie este
            pierdută.</li>
        <li>Ar fi nevoie de un mecanism diferit (și mai complicat) pentru a
            încărca chei care pot doar să semneze.</li>
    </ol>
<h3 id="older-gnupg"><a href="#older-gnupg">
      Am probleme cu actualizarea unor chei cu GnuPG.  Există o eroare?
    </a></h3>
    <p>GnuPG consideră că cheile care nu conțin informații de identitate sunt invalide și refuză să le importe.
      Cu toate acestea, o cheie care nu conține <a href="/about">adrese de e-mail verificate</a> poate conține totuși informații utile.
      În special, este încă posibil să se verifice dacă cheia este revocată sau nu.</p>
    <p>În iunie 2019, echipa <span class="brand">keys.openpgp.org</span> a creat un patch care îi permite lui GnuPG să proceseze actualizări de la chei fără informații de identitate.
      Acest patch a fost inclus rapid în mai multe distribuții din aval ale GnuPG, inclusiv Debian, Fedora, NixOS și GPG Suite pentru macOS.</p>
    <p>În martie 2020, echipa GnuPG a respins patch-ul și a actualizat starea problemei la "Wontfix".
      Acest lucru înseamnă că <strong>versiunile fără patch-uri ale GnuPG nu pot primi actualizări de la <span class="brand">keys.openpgp.org</span> pentru cheile care nu au nicio adresă de e-mail verificată</strong>.
      Puteți citi despre această decizie în problema  <a href="https://dev.gnupg.org/T4393#133689">T4393</a> de pe GnuPG bug tracker.</p>
    <p>Puteți verifica dacă versiunea dvs. de GnuPG este afectată cu următoarele instrucțiuni.</p>
    <blockquote>
<span style="font-size: larger;">Importul cheii de test:</span><br><br>
      $ curl https://keys.openpgp.org/assets/uid-test.pub.asc | gpg --import<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;"importat<br>
      gpg: Numărul total procesat: 1<br>
      gpg:               importat: 1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">Odată cu patch-ul, cheia va fi actualizată dacă este cunoscută la nivel local:</span><br><br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" nu s-a schimbat<br>
      gpg: Numărul total procesat: 1<br>
      gpg:              neschimbat: 1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">Fără patch, o cheie fără identitate este întotdeauna respinsă:</span><br><br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key EB85BB5FA33A75E15E944E63F231550C4F47E38E: fără identitate de utilizator<br>
</blockquote>
</div>
							
							
							
						
@@ -1,281 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Despre</a> | Noutăți | <a href="/about/usage">Utilizare</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistici</a> | <a href="/about/privacy">Confidențialitate</a>
</h2></center>
    <h2 id="2019-11-12-celebrating-100k">
      <div style="float: right; font-size: small; line-height: 2em;">2019-11-12 📅</div>
      <a style="color: black;" href="/about/news#2019-11-12-celebrating-100k">Sărbătorim 100.000 de adrese verificate! 📈</a>
    </h2>
    <p>În urmă cu cinci luni, am lansat acest serviciu.
        Și chiar astăzi, am atins o etapă remarcabilă:</p>
<center style="margin-top: 2em; margin-bottom: 2em;">
<img src="/assets/img/stats-addresses-2019-11-12.png" style="padding: 1px; border: 1px solid gray;"><br><strong>O sută de mii de adrese de e-mail verificate!</strong>
</center>
    <p>Mulțumesc tuturor celor care folosesc acest serviciu!
        Și mulțumiri în special celor care ne-au oferit feedback,
        traduceri, sau chiar contribuții la cod!</p>
<p>Câteva actualizări despre lucrurile la care am lucrat:</p>
<ul>
<li>Această pagină de știri este acum disponibilă ca<strong><a target="_blank" href="/atom.xml">un feed atomic<img src="/assets/img/atom.svg" style="height: 0.8em;"></a></strong>.</li>
        <li>Am lucrat la
            un <strong><a target="_blank" href="https://gitlab.com/keys.openpgp.org/hagrid/issues/131">un nou mecanism de reîmprospătare a cheilor</a></strong>
           care protejează mai bine confidențialitatea utilizatorului.</li>
        <li>Lucrările de <strong>localizare</strong> sunt în plină desfășurare!
            sperăm să avem în curând câteva limbi pregătite pentru implementare.</li>
    </ul>
<p>Dacă doriți să vedeți <span class="brand">keys.openpgp.org</span>
       tradus în limba dvs. maternă,
        vă rugăm <a target="_blank" href="https://www.transifex.com/otf/hagrid/">să vă alăturați echipei de traducere</a>
        pe Transifex.
       Am aprecia ajutorul în special pentru limbile <strong>rusă</strong>, <strong>italiană</strong>, <strong>poloneză</strong> și<strong>olandeză</strong>.</p>
<p>Asta e tot, o să fie scurt.!
        <span style="font-size: x-large;">👍️</span></p>
<hr style="margin-top: 2em; margin-bottom: 2em;">
<h2 id="2019-09-12-three-months-later">
      <div style="float: right; font-size: small; line-height: 2em;">2019-09-12 📅</div>
      <a style="color: black;" href="/about/news#2019-09-12-three-months-later">Trei luni de la lansare ✨</a>
    </h2>
    <p>Au trecut deja trei luni
        <a href="/about/news#2019-06-12-launch">de când am lansat</a>
        <span class="brand">keys.openpgp.org</span>.
       Suntem bucuroși să semnalăm următorul raport:
        A fost un succes răsunător!
        🥳</p>
<h4>Adopție la clienți</h4>
    <p>Acest
        <span class="brand">keys.openpgp.org</span>
         a fost primit foarte bine de către utilizatori,
        iar clienții îl adoptă rapid.
        În prezent, acesta este utilizat în mod implicit în
        <a href="https://gpgtools.org/" target="_blank">GPGTools</a>,
        <a href="https://enigmail.net/" target="_blank">Enigmail</a>,
        <a href="https://www.openkeychain.org/" target="_blank">OpenKeychain</a>,
        <a href="https://github.com/firstlookmedia/gpgsync" target="_blank">GPGSync</a>,
        Debian,
        NixOS,
       și altele.
         Multe tutoriale au fost, de asemenea, actualizate,
        indicând utilizatorilor calea noastră.</p>
<p>La momentul redactării acestui articol,
        peste 70.000 de adrese de e-mail
        au fost verificate.</p>
<center style="margin-top: 2em; margin-bottom: 2em;">
<img src="/assets/img/stats-addresses-2019-09-12.png" style="padding: 1px; border: 1px solid gray;"><br><span style="font-size: smaller;">Dacă asta nu este o curbă promițătoare, nu știu ce este. :)</span>
</center>
    <p>O mențiune specială este pentru GPGTools pentru macOS.
        Au implementat procesul de actualizare atât de ușor,
        că numărul de adrese verificate a explodat complet
        când au lansat actualizarea.</p>
<h4>Totul e bine în operațiuni</h4>
    <p>Nu există prea multe în raport din punct de vedere operațional,
        și nicio veste este o veste bună în acest caz!
        De la lansare,
        nu a existat aproape nicio întrerupere,
        a apărut doar o singură eroare
        care a cauzat pentru scurt timp probleme în timpul încărcării,
        iar volumul de asistență a fost destul de scăzut.</p>
<p>Traficul nostru este în prezent
        la aproximativ zece cereri pe secundă
        (mai multe în timpul zilei, mai puține în weekend),
        și am livrat aproximativ 100.000 de e-mailuri
        în ultima lună.
        Nu vă faceți griji.</p>
<p>Am făcut câteva mici îmbunătățiri operaționale
        inclusiv desfășurarea de
        <a href="http://dnsviz.net/d/keys.openpgp.org/dnssec/" target="_blank">DNSSEC</a>,
       implementarea unor
        <a href="/about/api#rate-limiting" target="_blank">limitări ale ratei</a>,
        am pus la punct
        <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP">politica de securitate a conținutului</a>
        antetele,
        și activarea
        <a href="https://blog.torproject.org/whats-new-tor-0298" target="_blank">single-hop</a>
        pe serviciul nostru Tor Onion.
        Puteți găsi o listă mai completă
        <a href="https://gitlab.com/keys.openpgp.org/hagrid/merge_requests?scope=all&amp;utf8=%E2%9C%93&amp;state=merged" target="_blank">aici</a>.</p>
<h4>Livrare securizată a e-mailurilor cu MTA-STS</h4>
    <p>O îmbunătățire care merită o mențiune specială este
        <a href="https://www.hardenize.com/blog/mta-sts">MTA-STS</a>,
        care îmbunătățește securitatea mesajelor de poștă electronică de ieșire.</p>
<p>În timp ce HTTPS este implementat destul de universal în aceste zile,
        din păcate, acest lucru nu este valabil și pentru e-mail.
        Multe servere nu folosesc deloc criptarea,
        sau folosesc un certificat auto-semnat
        în locul unuia corespunzător (de exemplu, de la Let's Encrypt).
        Dar eșecurile de livrare îi supără pe clienți mai mult
        decât securitatea redusă,
        și multe e-mailuri sunt încă livrate fără criptare.</p>
<p>Cu MTA-STS, operatorii de domeniu pot indica
        (prin HTTPS)
        că serverul lor de e-mail <em>acceptă</em>criptarea.
       Atunci când nu se poate stabili o conexiune securizată
        la un astfel de server,
        livrarea mesajelor va fi amânată
        sau, în cele din urmă, va fi respinsă,
        în loc să continue în condiții de nesiguranță.</p>
<p>Acest lucru este extrem de util pentru servicii precum
        <span class="brand">keys.openpgp.org</span>.
       În cazul în care criptarea nu este de încredere,
        atacatorii pot intercepta relativ ușor e-mailurile de verificare.
        Dar pentru furnizorii care au MTA-STS implementat,
        putem fi siguri că
        fiecare mesaj este livrat în siguranță,
        și către serverul potrivit.</p>
<p>Puteți <a href="https://aykevl.nl/apps/mta-sts/" target="_blank">efectua o verificare</a>
        pentru a afla dacă furnizorul dvs. de e-mail
        acceptă MTA-STS.
        În caz contrar,
        vă rugăm să le trimiteți un mesaj și să le spuneți
        să își îmbunătățească nivelul de securitate!</p>
<h4>Lucrări în curs</h4>
    <p>Lucrăm la două caracteristici:</p>
<p>primul este <strong>localizarea</strong>.
       Majoritatea oamenilor nu vorbesc limba engleză,
        dar până acum aceasta este singura limbă pe care o suportăm.
        Pentru a face acest serviciu mai accesibil,
        lucrăm cu OTF's
        <a href="https://www.opentech.fund/labs/localization-lab/" target="_blank">Localization Lab</a>
        pentru a face ca site-ul web și e-mailurile de ieșire
        disponibile în mai multe limbi.</p>
<p>Al doilea este de a aduce înapoi
        <strong>semnăturile terților</strong>.
        <a href="/about/faq#third-party-signatures">După cum se menționează în FAQ</a>,
        în prezent nu le susținem din cauza spam-ului și a potențialului de abuz.
        Ideea este de a solicita
        <a href="https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/20/diffs" target="_blank">semnături încrucișate</a>,
       care să permită fiecărei chei să aleagă singură
        ce semnături de la alte persoane dorește să distribuie.
        În ciuda acestui pas suplimentar,
        acest lucru este destul de compatibil cu software-ul existent.
        De asemenea, se ferește în mod plăcut de utilizatorii
        cărora nu le pasă de semnături.</p>
<p>Cu toate că se lucrează în prezent la ambele caracteristici,
        niciuna dintre ele nu are încă o dată planificată de lansare.</p>
<p>În ceea ce privește problema "<tt>nici un ID de utilizator</tt>" cu GnuPG
        (menționată în pagina noastră
        <a href="/about/news#2019-06-12-launch-challenges">ultima postare de știri</a>
        și în pagina noastră
        <a href="/about/faq#older-gnupg" target="_blank">FAQ</a>),
         un patch care rezolvă această problemă este acum distribuit de Debian,
        precum și GPGTools pentru macOS.
        GnuPG upstream nu a fuzionat patch-ul până în prezent.</p>
<p>Asta e!
        Vă mulțumim pentru interesul dumneavoastră!
        <span style="font-size: x-large;">👋</span></p>
<hr style="margin-top: 2em; margin-bottom: 2em;">
<h2 id="2019-06-12-launch">
      <div style="float: right; font-size: small; line-height: 2em;">2019-06-12 📅</div>
      <a href="/about/news#2019-06-12-launch" style="color: black;">Lansarea unui nou server de chei! 🚀</a>
    </h2>
    <p>Dintr-un efort comunitar al
    <a href="https://enigmail.net" target="_blank">Enigmail</a>,
    <a href="https://openkeychain.org" target="_blank">OpenKeychain</a>,
    și <a href="https://sequoia-pgp.org">Sequoia PGP</a>,
   avem plăcerea de a anunța
    lansarea noului server public de chei OpenPGP
    <span class="brand">keys.openpgp.org</span>!
   Ura! 🎉</p>
<h4>Dă-mi povestea scurtă!</h4>
    <ul>
<li>Rapid și fiabil. Fără timpi de așteptare, fără timpii de nefuncționare, fără neconcordanțe.</li>
      <li>Precis. Căutările returnează doar o singură cheie, ceea ce permite descoperirea ușoară a cheilor.</li>
      <li>Validarea. Identitățile sunt publicate numai cu acord, 
        în timp ce informațiile fără identitate sunt distribuite în mod liber.</li>
      <li>Șterse. Utilizatorii pot șterge informațiile personale cu o simplă confirmare prin e-mail.</li>
      <li>Construit pe Rust, alimentat de<a href="https://sequoia-pgp.org" target="_blank">Sequoia PGP</a> - gratuit și open source, rulează AGPLv3.</li>
    </ul>
    Începeți chiar acum prin <a href="/upload">încărcarea cheii dumneavoastră!</a>!
    <h4>De ce un nou server de chei?</h4>
    <p>Am creat <span class="brand">keys.openpgp.org</span>
      pentru a oferi o alternativă la grupul SKS Keyserver,
      care este implicit în multe aplicații din prezent.
      Această rețea distribuită de servere de chei s-a luptat cu
      <a target="_blank" href="https://medium.com/@mdrahony/are-sks-keyservers-safe-do-we-need-them-7056b495101c">abuz</a>,
      <a target="_blank" href="https://en.wikipedia.org/wiki/Key_server_(cryptographic)#Problems_with_keyservers">performanță</a>,
      precum și cu <a href="http://www.openwall.com/lists/oss-security/2017/12/10/1">probleme de confidențialitate</a>,
      și, mai recent, de asemenea
      <a target="_blank" href="http://nongnu.13855.n7.nabble.com/SKS-apocalypse-mitigation-td228252.html">GDPR</a>
     întrebări legate de conformitate.
      Kristian Fiskerstrand a făcut o treabă extraordinară în ceea ce privește menținerea bazei pentru
      <a target="_blank" href="https://blog.sumptuouscapital.com/2016/12/10-year-anniversary-for-sks-keyservers-net/">mai bine de zece ani</a>,
      dar, în acest moment, activitatea de dezvoltare pare să fi
      <a target="_blank" href="https://bitbucket.org/skskeyserver/sks-keyserver/pull-requests/60/clean-build-with-405">încetat</a>.</p>
<p>Ne-am gândit că este timpul să luăm în considerare o abordare nouă pentru a rezolva aceste probleme.</p>
<h4>Informații privind identitatea și non-identitatea</h4>
    <p>Serverul de chei <span class="brand">keys.openpgp.org</span> se divizează 
    informațiile de identitate și non-identitate în chei.
    Puteți găsi mai multe detalii pe pagina noastră <a href="/about" target="_blank">Despre</a>:
     Ideea este că informațiile non-identitate (chei, revocări și așa mai departe)
    sunt distribuite în mod liber,
    în timp ce informațiile privind identitatea
    sunt distribuite numai cu consimțământul
    care poate fi, de asemenea, revocat în orice moment.</p>
<p>În cazul în care se verifică o nouă cheie pentru o anumită adresă de e-mail,
    aceasta o va înlocui pe cea anterioară.
    În acest fel,
    fiecare adresă de e-mail este asociată cu cel mult o singură cheie.
    De asemenea, aceasta poate fi eliminată din listă
    în orice moment de către proprietarul adresei.
    Acest lucru este foarte util pentru descoperirea cheilor:
    dacă o căutare după adresa de e-mail returnează o cheie,
    înseamnă că aceasta este singura cheie
    care este valabilă în prezent pentru adresa de e-mail căutată.</p>
<h4>Suport în Enigmail și OpenKeychain</h4>
    <p>Serverul <span class="brand">keys.openpgp.org</span> de chei
     va primi suport pentru prima parte în următoarele versiuni ale
    <a href="https://enigmail.net" target="_blank">Enigmail</a> pentru Thunderbird,
    precum și
    <a href="https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain&amp;hl=en">OpenKeychain</a> pe Android.
   Acest lucru înseamnă că utilizatorii acestor implementări vor
    beneficia de timpi de răspuns mai rapizi,
    și de descoperirea îmbunătățită a cheilor în funcție de adresa de e-mail.
    Sperăm că acest lucru ne va da, de asemenea, un impuls
    pentru a transforma acest proiect într-un efort mai mare al comunității.</p>
<h4 id="2019-06-12-launch-challenges">Provocări actuale</h4>
    <p>Tehnicile de păstrare a confidențialității în serverele de chei sunt încă noi,
    și, din păcate, există încă câteva probleme de compatibilitate.
    cauzate de divizarea informațiilor de identitate.</p>
<p>În special, atunci când GnuPG (la data scrierii acestui articol, versiunea 2.2.16) întâlnește
    o cheie OpenPGP fără identitate,
    se aruncă o eroare "fără ID de utilizator".
    și nu procesează noi informații fără identitate
    (cum ar fi certificatele de revocare).
    chiar dacă acestea sunt valide din punct de vedere criptografic.
    Suntem implicați în mod activ în
    furnizarea de soluții pentru aceste probleme.</p>
<h4>Viitorul</h4>
    <p>Tehnicile de păstrare a confidențialității în serverele de chei sunt încă noi,
    și avem mai multe idei pentru reducerea metadatelor.
    Dar, deocamdată, planul nostru este doar de a
    să menținem <span class="brand">keys.openpgp.org</span> fiabil și rapid 🐇,
    să rezolvăm orice bug-uri viitoare 🐞,
    și <a href="/about#community">să ascultăm feedback-ul</a> din partea comunității. 👂</p>
<p>Pentru mai multe informații, vizitați
    paginile noastre <a target="_blank" href="/about">Despre</a>
    și <a target="_blank" href="/about/faq">FAQ</a> .
    Puteți începe imediat
    prin  <a href="/upload" target="_blank">încărcarea cheii dumneavoastră</a>!
    În afară de asta, mai sunt și alte lucruri interesante de descoperit,
    cum ar fi <a target="_blank" href="/about/api">API</a>,
    și un <a target="_blank" href="/about/faq#tor">Onion Service</a>!</p>
<p>Noroc!
    <span style="font-size: x-large;">🍻</span></p>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Despre</a> | <a href="/about/news">Noutăți</a> | <a href="/about/usage">Utilizare</a> | <a href="/about/faq">FAQ</a> | Statistici | <a href="/about/privacy">Confidențialitate</a>
</h2></center>
    <h3>Adrese de e-mail verificate</h3>
    <p>O statistică simplă a numărului total de adrese de e-mail care sunt verificate în prezent. 📈</p>
    <p>
      </p>
<center><img src="/about/stats/month.png"></center>
    
    <p>
      </p>
<center><img src="/about/stats/year.png"></center>
    
    <h3>Încărcare medie</h3>
    <p>"Media de încărcare" a unui server este o statistică a gradului de ocupare a acestuia. Pe scurt:</p>
<ul>
<li>0.0înseamnă că gazda <span class="brand">keys.openpgp.org</span> este complet inactivă</li>
        <li>1.0 este destul de ocupat</li>
        <li>4.0 și peste înseamnă că e în flăcări 🔥.</li>
      </ul>
<p>
      </p>
<center><img src="/about/stats/load_week.png"></center>
    
</div>
							
							
							
						
@@ -1,159 +0,0 @@
<div class="about usage">
    <center><h2>
<a href="/about">Despre</a> | <a href="/about/news">Noutăți</a> | Utilizare | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistici</a> | <a href="/about/privacy">Confidențialitate</a>
</h2></center>
    <p>Pe această pagină, colectăm informații despre cum să folosim
        <span class="brand">keys.openpgp.org</span> cu diferite aplicații OpenPGP
        produse software.<br>
       Suntem încă în curs de a adăuga altele. Dacă vă lipsesc unele, vă rugăm să
        scrieți-ne și vom încerca să le adăugăm.</p>
    <h2 id="web" style="padding-left: 3%;"><a href="#web">Interfață web</a></h2>
    <p>Interfața web de pe <span class="brand">keys.openpgp.org</span> vă permite să:</p>
    <p>
        </p>
<ul>
<li>
<a href="/">Căutați</a> cheile manual, după amprenta digitală sau adresa de e-mail..</li>
            <li>
<a href="/upload">Încărcați</a> cheile manual și verificați-le după încărcare.</li>
            <li>
<a href="/manage">Gestionați-vă</a> cheile și eliminați identitățile publicate.</li>
        </ul>
<h2 id="enigmail">
        <div><img src="/assets/img/enigmail.svg"></div>
        <a href="#enigmail">Enigmail</a>
    </h2>
    <p><a href="https://enigmail.net" target="_blank">Enigmail</a> pentru Thunderbird
        utilizează <span class="brand">keys.openpgp.org</span> în mod implicit, deoarece
        versiunea 2.0.12.</p>
    <p>Suport complet este disponibil de la Enigmail 2.1
        (pentru <a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> ori mai nou):</p>
<ul>
<li>Cheile vor fi actualizate în mod automat.</li>
            <li>În timpul creării cheii, vă puteți încărca și verifica cheia.</li>
            <li>Cheile pot fi descoperite după adresa de e-mail.</li>
        </ul>
<h2 id="gpg-suite">
        <div><img src="/assets/img/gpgtools.png"></div>
        <a href="#gpg-suite">GPG Suita</a>
    </h2>
    <p><a href="https://gpgtools.org/">GPG Suite</a> pentru macOS
        utilizează <span class="brand">keys.openpgp.org</span> în mod implicit
        din august 2019.</p>
    <h2 id="openkeychain">
        <div><img src="/assets/img/openkeychain.svg"></div>
        <a href="#openkeychain">OpenKeychain</a>
    </h2>
    <p><a href="https://www.openkeychain.org/">OpenKeychain</a> pentru Android
        utilizează <span class="brand">keys.openpgp.org</span> în mod implicit
        din iulie 2019.</p>
<ul>
<li>Cheile vor fi actualizate în mod automat.</li>
            <li>Cheile pot fi descoperite după adresa de e-mail.</li>
        </ul>
<p>Rețineți că, deocamdată, nu există un suport integrat pentru verificarea încărcării și a adresei de e-mail.</p>
    <h2 id="pignus">
        <div><img src="/assets/img/pignus.png"></div>
        <a href="#pignus">Pignus</a>
    </h2>
    <p><a href="https://www.frobese.de/pignus/">Pignus</a> pentru iOS
        utilizează <span class="brand">keys.openpgp.org</span> în mod implicit
        din noiembrie 2019.</p>
<ul>
<li>Cheile dvs. pot fi încărcate în orice moment.</li>
            <li>Cheile pot fi descoperite după adresa de e-mail.</li>
        </ul>
<h2 id="gnupg">
        <div><img src="/assets/img/gnupg.svg"></div>
        <a href="#gnupg">GnuPG</a>
    </h2>
    <p>Pentru a configura <a href="https://gnupg.org">GnuPG</a>
        pentru a utiliza <span class="brand">keys.openpgp.org</span> ca server de chei,
        adăugați această linie la fișierul <tt>gpg.conf</tt>:</p>
<blockquote>keyserver hkps://keys.openpgp.org</blockquote>
    
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">Recuperarea cheilor</a></h4>
    <ul>
<li>Pentru a localiza cheia unui utilizator, după adresa de e-mail:<blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>Pentru a reîmprospăta toate cheile dvs. (de exemplu, noile certificate de revocare și subchei):<blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
<h4 id="gnupg-upload"><a href="#gnupg-upload">Încărcarea cheii dumneavoastră</a></h4>
    <p>Cheile pot fi încărcate cu GnuPG's <tt>--send-keys</tt> comanda, dar
       informațiile privind identitatea nu pot fi verificate în acest mod pentru a face cheia
        să poată fi căutată după adresa de e-mail (<a href="/about">ce înseamnă acest lucru?</a>).</p>
    <ul>
<li>Puteți încerca această comandă rapidă pentru încărcarea cheii, care produce următoarele rezultate
            un link direct către pagina de verificare:<blockquote>gpg --export your_address@example.net | curl -T - {{ base_uri }}</blockquote>
        </li>
        <li>Alternativ, le puteți exporta într-un fișier
            și să selectați fișierul respectiv în pagina de <a href="/upload" target="_blank">încărcare</a>:<blockquote>gpg --export your_address@example.net &gt; my_key.pub</blockquote>
        </li>
    </ul>
<h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">Depanare</a></h4>
    <ul>
<li>Unele fișiere vechi <tt>~/gnupg/dirmngr.conf</tt> conțin o linie ca aceasta:<blockquote>hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem</blockquote>
            <p>Această configurație nu mai este necesară,
                dar împiedică funcționarea certificatelor obișnuite.
                Se recomandă să eliminați pur și simplu această linie din configurație.</p>
        </li>
        <li>În timpul reîmprospătării cheilor, este posibil să apară erori de tipul celor de mai jos:<blockquote>gpg: key A2604867523C7ED8: niciun ID de utilizator</blockquote>
            Aceasta este <a href="https://dev.gnupg.org/T4393" target="_blank">o problemă cunoscută în GnuPG</a>.
            Aceasta este o problemă cunoscută în GnuPG.
            Lucrăm cu echipa GnuPG pentru a rezolva această problemă.
        </li>
    </ul>
<h4 id="gnupg-tor"><a href="#gnupg-tor">Utilizare prin Tor</a></h4>
    <p>Pentru utilizatorii care doresc să fie foarte atenți,
        <span class="brand">keys.openpgp.org</span> poate fi accesat în mod anonim ca un
        <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion service</a>.
        Dacă aveți
        <a href="https://www.torproject.org/" target="_blank">Tor</a>
        instalat, utilizați următoarea configurație:</p>
<blockquote>keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</blockquote>
    
    <h2 style="padding-left: 3%;" id="wkd-as-a-service"><a href="#wkd-as-a-service">WKD ca Serviciu</a></h2>
    <p>Web Key Directory (WKD) este un standard pentru descoperirea cheilor OpenPGP în funcție de adresa de e-mail, prin intermediul domeniului furnizorului său de e-mail.
        Acesta este utilizat pentru a descoperi chei necunoscute în unii clienți de e-mail, cum ar fi <a href="https://www.gpg4win.de/about.html" target="_blank">GpgOL</a>.</p>
<p><span class="brand">keys.openpgp.org</span> poate fi utilizat ca serviciu WKD gestionat pentru orice domeniu.
        Pentru a face acest lucru, domeniul are nevoie pur și simplu de o înregistrare <tt>CNAME</tt> care deleagă  <tt>openpgpkey</tt> subdomeniul său către <tt>wkd.keys.openpgp.org</tt>.
        Acest lucru ar trebui să fie posibil de realizat în interfața web a oricărui hoster DNS.</p>
<p>Odată activat pentru un domeniu, adresele verificate ale acestuia vor fi disponibile automat pentru căutare prin WKD.</p>
<p>Acest <tt>CNAME</tt> ar trebui să arate în felul următor:</p>
<blockquote>$ drill openpgpkey.example.org<br>
        ...<br>
        openpgpkey.example.org.       300     IN      CNAME   wkd.keys.openpgp.org.</blockquote>
    <p>Există un simplu verificator de stare pentru testarea serviciului:</p>
<blockquote>$ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>
        CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>
</blockquote>
    <p>Pentru testarea recuperării cheilor:</p>
<blockquote>$ gpg  --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org<br>
</blockquote>
    <h2 style="padding-left: 3%;">API</h2>
    <p>Oferim un API pentru suport integrat în aplicațiile OpenPGP. Verificați
       documentația noastră <a href="/about/api">API</a>.</p>
    <h2 style="padding-left: 3%;">Alții</h2>
    <p>Îți lipsește un ghid pentru implementarea ta preferată?  Acest site este
        un site în curs de dezvoltare și încercăm să îl îmbunătățim. Trimiteți-ne un mesaj la
        <span class="email">support at keys dot openpgp dot org</span> dacă
        doriți să ne ajutați!</p>
</div>
							
							
							
						
@@ -1,30 +0,0 @@
<div class="about">
    <center><h2>О сервисе| <a href="/about/news">Новости</a> | <a href="/about/usage">Использование</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Статистика</a> | <a href="/about/privacy">Конфиденциальность</a>
</h2></center>
    <p>Сервер<tt>keys.openpgp.org</tt> является общедоступной службой для распространения и поиска OpenPGP-совместимых ключей, обычно называемый "keyserver".</p>
    <p><strong>Для инструкций смотрите наше <a href="/about/usage">руководство пользования</a>.</strong></p>
    <h3>Принцип работы</h3>
    <p>OpenPGP ключ содержит два типа информации:</p>
    <ul>
<li>
<strong>Идентификационная информация</strong> является частью ключа идентифицируещая его владельца, также известная как "идентификаторы пользавателя". Идентификатор пользователя обычно содержит имя и адрес электронной почты.</li>
        <li>
<strong>Неидентификационная информация</strong> — это все технические данные о самом ключе. Они включают в себя большие числа, используемые для проверки подписей и шифрования сообщений. А также метаданные, такие как дата создания, некоторые даты истечения срока действия и статус отзыва.</li>
    </ul>
<p>Традиционно эта информация распространялась вместе. На <span class="brand">keys.openpgp.org</span> с ней обращаются по-другому. Притом, что каждый может загрузить все части любого OpenPGP ключа на <span class="brand">keys.openpgp.org</span>, наш keyserver сохранит и опубликует только определённые части при определённых условиях:</p>
    <p>Любая <strong>неидентификационная информация</strong> будет храниться и беспрепятственно распространяться, если пройдет криптографическую проверку на целостность. Любой человек может загрузить эти части в любое время, так как они содержат только технические данные, которые не могут быть использованы для непосредственной идентификации человека. Хорошие OpenPGP программы могут использовать <span class="brand">keys.openpgp.org</span> для поддержания этой информации в актуальном состоянии для любого, им известного, ключа. Это помогает пользователям OpenPGP поддерживать безопасную и надежную связь.</p>
    <p><strong>Идентификационная информация</strong> в ключе OpenPGP распространяется только с согласия. Она содержит персональные данные и не является строго необходимой для шифрования или проверки подписи. После того, как владелец дает согласие, проверив свой адрес электронной почты, ключ можно найти при помощи поиска по адресу.</p>
    <h3 id="community">Сообщество и платформа</h3>
    <p>Этот сервис существует на общественных началах. Вы можете связаться с нами в канале #hagrid на Freenode IRC, а также в канале #hagrid:stratum0.org на Matrix. Конечно, вы также можете воспользаваться электронной почтой по адресу <tt>support эт keys пункт openpgp пункт org</tt>. Люди, запустившие этот сервис, пришли из различных OpenPGP проектов, таких как Sequoia-PGP, OpenKeychain и Enigmail.</p>
    <p>Технически, <tt>keys.openpgp.org</tt> работает на <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a> софте, который базируется на <a href="https://sequoia-pgp.org">Sequoia-PGP</a>. Мы работаем на хостинговой платформе <a href="https://eclips.is" target="_blank">eclips.is</a>, ориентированной на Internet Freedom проекты, под управлением <a href="https://greenhost.net/" target="_blank">Greenhost</a>.</p>
</div>
							
							
							
						
@@ -1,67 +0,0 @@
<div class="about">
    <center><h2>Om | <a href="/about/news">Nyheter</a> | <a href="/about/usage">Använda</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistik</a> | <a href="/about/privacy">Integritet</a>
</h2></center>
    <p>Servern <span class="brand">keys.openpgp.org</span> är publik tjänst för att
        distribuera och hitta OpenPGP-kompatibla nycklar, allmänt
        känt som en "nyckelserver".</p>
    <p><strong>För instruktioner, se vår <a href="/about/usage">användarguide</a>.</strong></p>
    <h3>Hur det fungerar</h3>
    <p>En OpenPGP-nyckel består av två typer av information:</p>
    <ul>
<li>
<strong>Identitetsinformation</strong> beskriver de delarna av
            en nyckel som identifierar dess ägare, även kända som "användar-ID:n".
            Ett användar-ID innehåller typiskt sett ett namn och en e-postadress.</li>
        <li>
<strong>Icke-identifierbar information</strong> är all den tekniska
            informationen om nyckeln i sig. Detta omfattar de stora tal
            som används för att verifiera signaturer och kryptera meddelanden.
            Det omfattar också metadata så som skapelsedatum, vissa
            utgångsdatum, samt återkallelsestatus.</li>
    </ul>
<p>Traditionellt sett har dessa delar av information alltid distribuerats
        tillsammans. På <span class="brand">keys.openpgp.org</span> behandlas
        de annorlunda. Även om vem som helst kan ladda upp alla delar hos en OpenPGP-nyckel
        till <span class="brand">keys.openpgp.org</span> kommer vår nyckelserver
        endast behålla och publicera vissa delar under vissa
        förhållanden:</p>
    <p>All <strong>icke-identifierbar information</strong> kommer att lagras och
        distribueras på nytt, om den passerar en kryptografisk integritetskontroll.
        Alla kan ladda ned dessa delar när som helst eftersom de endast består
        av tekniska data som inte kan användas för att identifiera en person direkt.
        Bra OpenPGP-mjukvara kan använda <span class="brand">keys.openpgp.org</span>
        för att hålla den här informationen uppdaterad för alla de nycklar programmet känner till.
        Detta hjälper OpenPGP-användare att upprätthålla en säker och pålitlig kommunikation.</p>
    <p><strong>Identitetsinformationen</strong> i en OpenPGP-nyckel
        distribueras endast med samtycke.
        Den innehåller personlig information och är strikt sett inte nödvändig
        för en nyckel som ska användas för kryptering och signaturverifiering.
        När ägaren har gett sitt samtycke genom att verifiera sin e-postadress
        kommer nyckeln att kunna hittas i en sökning via adress.</p>
    <h3 id="community">Community och plattform</h3>
    <p>Den här tjänsten drivs av dess community.
        Du kan prata med oss i
        #hagrid på OFTC IRC,
        också nåbar som #hagrid:stratum0.org på Matrix.
        Självklart kan du också nå oss via e-post,
        på <tt>support at keys dot openpgp dot org</tt>.
        Personerna som driver detta kommer
        från olika projekt inom OpenPGP-ekosystemet,
        inklusive Sequoia-PGP, OpenKeychain och Enigmail.</p>
    <p>Vad gäller den tekniska biten,
        så körs <span class="brand">keys.openpgp.org</span> på nyckelservermjukvaran <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a>,
        som baseras på <a href="https://sequoia-pgp.org">Sequoia-PGP</a>.
        Vi körs på <a href="https://eclips.is" target="_blank">eclips.is</a>,
        en hostingplattform fokuserad på projekt för frihet på internet
        och som hanteras av <a href="https://greenhost.net/" target="_blank">Greenhost</a>.</p>
</div>
							
							
							
						
@@ -1,158 +0,0 @@
<div class="about usage">
    <center><h2>
<a href="/about">Om</a> | <a href="/about/news">Nyheter</a> | Använda | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Statistik</a> | <a href="/about/privacy">Integritet</a>
</h2></center>
    <p>På den här sidan samlar vi information om hur att använda
        <span class="brand">keys.openpgp.org</span> med olika
        OpenPGP-program.<br>
        Vi håller fortfarande på att lägga till fler. Om du saknar något, vänligen
        skriv till oss så kan vi försöka lägga till det.</p>
    <h2 id="web" style="padding-left: 3%;"><a href="#web">Webbgränssnitt</a></h2>
    <p>Webbgränssnittet på <span class="brand">keys.openpgp.org</span> låter dig:</p>
    <p>
        </p>
<ul>
<li>
<a href="/">Söka</a> efter nycklar manuellt, via fingeravtryck eller e-postadress.</li>
            <li>
<a href="/upload">Ladda upp</a> nycklar manuellt, och verifiera dem efter uppladdning.</li>
            <li>
<a href="/manage">Hantera</a> dina nycklar, och ta bort publicerade identiteter.</li>
        </ul>
<h2 id="enigmail">
        <div><img src="/assets/img/enigmail.svg"></div>
        <a href="#enigmail">Enigmail</a>
    </h2>
    <p><a href="https://enigmail.net" target="_blank">Enigmail</a> för Thunderbird
        använder <span class="brand">keys.openpgp.org</span> som förval sedan
        version 2.0.12.</p>
    <p>Fullständigt stöd är tillgängligt sedan Enigmail 2.1
        (för <a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> eller nyare):</p>
<ul>
<li>Nycklar hålls uppdaterade automatiskt.</li>
            <li>När en nyckel skapas kan du ladda upp och verifiera din nyckel.</li>
            <li>Nycklar kan hittas via e-postadress.</li>
        </ul>
<h2 id="gpg-suite">
        <div><img src="/assets/img/gpgtools.png"></div>
        <a href="#gpg-suite">GPG Suite</a>
    </h2>
    <p><a href="https://gpgtools.org/">GPG Suite</a> för macOS
        använder <span class="brand">keys.openpgp.org</span> som förval
        sedan augusti 2019.</p>
    <h2 id="openkeychain">
        <div><img src="/assets/img/openkeychain.svg"></div>
        <a href="#openkeychain">OpenKeychain</a>
    </h2>
    <p><a href="https://www.openkeychain.org/">OpenKeychain</a> för Android
        använder <span class="brand">keys.openpgp.org</span> som förval
        sedan juli 2019.</p>
<ul>
<li>Nycklar hålls uppdaterade automatiskt.</li>
            <li>Nycklar kan hittas via e-postadress.</li>
        </ul>
<p>Observera att det ännu inte finns något inbyggt stöd för att ladda upp nycklar eller verifiera e-postadresser.</p>
    <h2 id="pignus">
        <div><img src="/assets/img/pignus.png"></div>
        <a href="#pignus">Pignus</a>
    </h2>
    <p><a href="https://www.frobese.de/pignus/">Pignus</a> för iOS
        använder <span class="brand">keys.openpgp.org</span> som förval
        sedan november 2019.</p>
<ul>
<li>Dina nycklar kan laddas upp när som helst.</li>
            <li>Nycklar kan hittas via e-postadress.</li>
        </ul>
<h2 id="gnupg">
        <div><img src="/assets/img/gnupg.svg"></div>
        <a href="#gnupg">GnuPG</a>
    </h2>
    <p>För att ställa in <a href="https://gnupg.org">GnuPG</a>
        att använda <span class="brand">keys.openpgp.org</span> som nyckelserver,
        lägg till den här raden i filen <tt>gpg.conf</tt>:</p>
<blockquote>keyserver hkps://keys.openpgp.org</blockquote>
    
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">Ta emot nycklar</a></h4>
    <ul>
<li>För att hitta en användares nyckel, via e-postadress:<blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>För att uppdatera alla dina nycklar (t.ex. nya återkallelsecertifikat och undernycklar):<blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
<h4 id="gnupg-upload"><a href="#gnupg-upload">Ladda upp din nyckel</a></h4>
    <p>Nycklar kan laddas upp med GnuPG:s kommando <tt>--send-keys</tt>, men
        identitetsinformation kan inte verifieras på det sättet för att göra nyckeln
        sökbar via e-postadress (<a href="/about">vad betyder detta?</a>).</p>
    <ul>
<li>Du kan testa den här genvägen för att ladda upp din nyckel, som kommer att visa
            en direktlänk till verifieringssidan:<blockquote>gpg --export your_address@example.net | curl -T - {{ base_uri }}</blockquote>
        </li>
        <li>Ett annat alternativ är att exportera dem till en fil
            och välja den filen på sidan för <a href="/upload" target="_blank">uppladdning</a>:<blockquote>gpg --export your_address@example.net &gt; my_key.pub</blockquote>
        </li>
    </ul>
<h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">Felsökning</a></h4>
    <ul>
<li>Vissa äldre <tt>~/gnupg/dirmngr.conf</tt>-filer innehåller en rad som denna:<blockquote>hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem</blockquote>
            <p>Denna konfiguration är inte längre nödvändig,
                men förhindrar vissa vanliga certifikat från att fungera.
                Det rekommenderas att denna rad helt enkelt tas bort från konfigurationen.</p>
        </li>
        <li>När du uppdaterar nycklar kan du se följande felmeddelande:<blockquote>gpg: key A2604867523C7ED8: no user ID</blockquote>
            Det finns ett <a href="https://dev.gnupg.org/T4393" target="_blank">känt problem i GnuPG</a>.
            Vi jobbar med GnuPG-teamet för att lösa detta problem.
        </li>
    </ul>
<h4 id="gnupg-tor"><a href="#gnupg-tor">Använda via Tor</a></h4>
    <p>För användare som vill vara extra försiktiga
        så kan <span class="brand">keys.openpgp.org</span> nås anonymt som en
        <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion-tjänst</a>.
        Om du har
        <a href="https://www.torproject.org/" target="_blank">Tor</a>
        installerat, använd följande konfiguration:</p>
<blockquote>keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</blockquote>
    
    <h2 style="padding-left: 3%;" id="wkd-as-a-service"><a href="#wkd-as-a-service">WKD as a Service</a></h2>
    <p>Web Key Directory (WKD) är en standard för att upptäcka OpenPGP-nycklar efter deras e-postadress, via domänen hos dess e-postleverantör.
        Det används för att upptäcka okända nycklar i vissa e-postklienter, som <a href="https://www.gpg4win.de/about.html" target="_blank">GpgOL</a>.</p>
<p><span class="brand">keys.openpgp.org</span>kan användas som en hanterad  WKD-tjänst för en domän.
        För att göra så behöver domänen endast en <tt>CNAME</tt>-post som delegerar sin <tt>openpgpkey</tt>-underdomän till <tt>wkd.keys.openpgp.org</tt>.
        Det bör vara möjligt att göra detta i webbgränssnittet hos vilken DNS-värdtjänst som helst.</p>
<p>När det väl har aktiverats för en domän kommer dess verifierade adresser att automatiskt bli tillgängliga för sökning via WKD.</p>
<p><tt>CNAME</tt>-posten ska se ut så här:</p>
<blockquote>$ drill openpgpkey.example.org<br>
        ...<br>
        openpgpkey.example.org.       300     IN      CNAME   wkd.keys.openpgp.org.</blockquote>
    <p>Det finns ett enkelt statusverktyg för att testa tjänsten:</p>
<blockquote>$ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>
        CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>
</blockquote>
    <p>För att testa hämtning av nyckel:</p>
<blockquote>$ gpg  --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org<br>
</blockquote>
    <h2 style="padding-left: 3%;">API</h2>
    <p>Vi erbjuder ett API för integrerat stöd i OpenPGP-program. Kolla in
        vår <a href="/about/api">API-dokumentation</a>.</p>
    <h2 style="padding-left: 3%;">Övriga</h2>
    <p>Saknar du en guide för din favoritimplementering?  Den här sidan är
        under uppbyggnad och vi vill förbättra den. Skriv till oss på
        <span class="email">support at keys dot openpgp dot org</span> om du
        vill hjälpa till!</p>
</div>
							
							
							
						
@@ -1,46 +0,0 @@
<div class="about">
    <center><h2>Hakkında | <a href="/about/news">Haberler</a> | <a href="/about/usage">Kullanım</a> | <a href="/about/faq">SSS</a> | <a href="/about/stats">İstatistikler</a> | <a href="/about/privacy">Mahremiyet</a>
</h2></center>
    <p><span class="brand">keys.openpgp.org</span> sunucusu OpenPGP uyumlu
        anahtarların dağıtımı ve keşfi için, çoğunlukla "anahtar sunucusu"
        olarak adlandırılan, kamuya açık bir hizmettir. </p>
    <p><strong>Yönergeler için, <a href="/about/usage">kullanma kılavuzumuza</a> bakabilirsiniz.</strong></p>
    <h3>Nasıl çalışıyor</h3>
    <p>OpenPGP anahtarı iki tür bilgi içerir:</p>
    <ul>
<li>
<strong>Kimlik bilgisi </strong> anahtarın sahibini tanımlayan, "Kullanıcı ID" olarak da bilinen kısımları tarif eder. Bir kullanıcı ID genellikle bir isim ve bir e-posta adresi içerir.</li>
        <li>
<strong>Kimlik olmayan bilgi</strong> anahtarın kendisiyle ilgili olan bütün teknik bilgidir. Bu imzaları ve şifrelenmiş mesajları doğrulamak için kullanılan büyük sayıları içerir. Ayrıca yaratılma tarihi, bazı zaman aşımı tarihleri ve fesih durumu gibi üst veriyi de içerir. </li>
    </ul>
<p>Geleneksel olarak, bu bilgi parçaları her zaman birlikte dağıtılır. <span class="brand">keys.openpgp.org</span> üzerindeyse bu parçalara farklı davranılıyor. Her ne kadar insanlar herhangi bir OpenPGP anahtarının tüm kısımlarını <span class="brand">keys.openpgp.org</span>'a yükleyebilse de, anahtar sunucumuz sadece belirli kısımlarını belirli koşullar altında saklar ve yayınlar:</p>
    <p>Her bir <strong>kimlik olmayan bilgi</strong>, kriptografik sağlamlık denetimini geçmesi durumunda saklanacak ve özgürce dağıtılacaktır. Herhangi bir kişi bu kısımları, bir kişiyi doğrudan tanımlamak amacıyla kullanılamayacak teknik bilgileri içerdiği için, istediği zaman indirebilecektir. İyi OpenPGP yazılımları <span class="brand">keys.openpgp.org</span>hizmetini, bilgi sahibi olduğu anahtarların bu bilgisini güncel tutmak için kullanabilir. Bu OpenPGP kullanıcılarının güvenli ve güvenilir iletişimi sürdürmesine yardımcı olur.</p>
    <p>Bir OpenPGP anahtarındaki <strong>Kimlik bilgisi</strong> sadece rızaya dayalı olarak dağıtılmaktadır. Kişisel veriyi içerir ve bir anahtarın şifreleme veya imza doğrulaması için kullanılması için mutlaka gerekli değildir. Anahtar sahibi, e-posta adresini doğrulayarak rıza verdiğinde, anahtar adresle aramayla bulunabilir.</p>
    <h3 id="community">Topluluk ve platform</h3>
    <p>Bu hizmet bir topluluk çabasıyla yürütülmektedir.
        Bizimle OFTC IRC üzerinde 
        #hagrid kanalında konuşabilirsiniz,
        ayrıca Matrix üzerinde #hagrid:stratum0.org
        olarak erişebilirsiniz. 
        Elbette bize e-posta aracılığıyla da
        <tt>support at keys dot openpgp dot org</tt>    
        adresinden ulaşabilirsiniz.
        Bu hizmeti yürüten insanlar OpenPGP ekosistemindeki, 
        Sequoia-PGP, OpenKeychain ve Enigmail'i de içeren
        farklı projelerden geliyorlar.</p>
    <p>Teknik olarak <span class="brand">keys.openpgp.org</span> <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a> anahtar sunucusu yazılımı üzerinde çalışıyor.
         Bu sunucu <a href="https://sequoia-pgp.org">Sequoia-PGP</a> tabanlıdır.
         İnternet Özgürlüğü projelerine odaklanmış ve
         <a href="https://greenhost.net/" target="_blank">Greenhost</a> tarafından yönetilen bir barındırma 
         platformu olan <a href="https://eclips.is" target="_blank">eclips.is</a> üzerinde barındırılıyor.</p>
</div>
							
							
							
						
@@ -1,182 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Hakkında</a> | <a href="/about/news">Haberler</a> | <a href="/about/usage">Kullanım</a> | SSS | <a href="/about/stats">İstatistikler</a> | <a href="/about/privacy">Mahremiyet</a>
</h2></center>
    <p><strong>Yönergeler için, <a href="/about/usage">kullanma kılavuzumuza</a> bakabilirsiniz.</strong></p>
    <h3 id="sks-pool"><a href="#sks-pool">Bu sunucu "SKS" havuzunun bir parçası mı?</a></h3>
    <p>Hayır. SKS havuzunun federasyon modeli güvenilirlik, istismar direnci, mahremiyet ve kullanışlık bağlamında bazı sorunlar içeriyor. Ona benzer bir şey yapabiliriz ama <span class="brand">keys.openpgp.org</span>
hiç bir zaman SKS havuzunun bir parçası olmayacaktır.</p>
    <h3 id="federation"><a href="#federation">keys.openpgp.org  federe mi? Bir örneğini çalıştırarak yardımcı olabilir miyim?</a></h3>
    <p>Şu an değil. 
Bir noktada<span class="brand">keys.openpgp.org</span>'u
ademi merkeziyetçi yapmak istiyoruz.
Bağımsız işleticiler tarafından çalıştırılan
bir çok sunucuyla, umuyoruz ki
hizmetin güvenilirliğini daha da geliştirmeyi
yapabiliriz.</p>
    <p>Bir çok insan "Hagrid sunucu örneği çalıştırma"
konusunda yardımcı olmayı önerdi.
Öneriyi takdirle karşılıyoruz ancak
hiç bir zaman SKS gibi, insanların bir örnek çalıştırdığı ve bir "havuzun" parçası olduğu "açık" bir federasyon modeline sahip
olacağımızı düşünmüyoruz. Bunun iki nedeni var:</p>
    <ol>
<li>Açık katılımla federasyon bütün verinin kamuya açık olmasını gerektirir.
Bu kaydadeğer bir şekilde kullanıcıların mahremiyetini etkileyecektir, çünkü her isteyen kişinin e-posta adreslerini elde etmesini sağlar.</li>
        <li>Sunucular, güvenilirlik ve başarım standartlarımızı karşılamayan plansız yöneticiler tarafından bir hobi olarak çalıştırılırlar.</li>
    </ol>
<h3 id="non-email-uids"><a href="#non-email-uids">E-posta adresi olmayan kimlikler neden desteklenmiyor?</a></h3>
    <p>Kimlik bilgisinin dağıtımı için açık bir rızaya ihtiyacımız var.
E-posta adresi olmayan kimlik bilgisi, örneğin resim veya website URL'leri, bu rızayı talep etme konusunda zorluklar çıkarır.</p>
    <p>Not: Bazı OpenPGP yazılımları anahtarları doğru bir şekilde biçimlenmemiş e-posta adresleriyle yaratıyor. Bu adresler <span class="brand">keys.openpgp.org</span> üzerinde doğru bir şekilde tanımlanamayabilir.</p>
    <h3 id="verify-multiple"><a href="#verify-multiple">Aynı e-posta adresi için birden fazla anahtarı doğrulayabilir miyim?</a></h3>
    <p>Bir e-posta adresi ancak tek bir anahtarla eşlenebilir. Eğer bir adres yeni bii ranahtar için doğrulandığında, daha önce doğrulandığı hiç bir anahtarla birlikte listelenmez. <a href="/about">Kimlik bilgisi olmayan kısımlar</a>bütün anahtarlar için dağıtılmaya devam edecektir.</p>
    <p>Bunun anlamı, e-posta adesiyle yapılan aramanın, bir çok seçenek değil, sadece bir anahtar döndüreceğidir. Bu kullanıcı için mümkün olmayan ("Acaba hangi anahtar doğrusuydu?") seçimi ortadan kaldırır ve e-posta ile anahtar keşfini oldukça elverişli kılar.</p>
    <h3 id="email-protection"><a href="#email-protection">Dışa giden doğrulama e-postalarını korumak için ne yapıyorsunuz?</a></h3>
    <p>Doğrulama e-postalarının güvenli bir şekilde gönderildiğinden emin olmak için EFF'nin <a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a> ile birlikte <a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a> adı verilen modern bir standart kullanıyoruz. Böylece teslimat sırasında gizli dinleme ve önlemeye karşı koruma sağlanıyor.</p>
    <p>MTA-STS yöntemi ancak alıcının e-posta hizmeti sağlayıcısı destekliyorsa çalışır.
        Desteklenmiyorsa e-postalar olağan şekilde iletilecektir.
         <a href="https://www.hardenize.com/">Bu testi çalıştırıp</a>
        e-posta hizmeti sağlayıcınızın destekleyip desteklemediğine bakabilirsiniz.
        Eğer "MTA-STS" girdisinin solunda yeşil onay imi yoksa,
        lütfen sağlayıcınızdan yapılandırmalarını güncellemelerini isteyin.</p>
    <h3 id="third-party-signatures"><a href="#third-party-signatures">"Üçüncü parti imzaları" dağıtıyor musunuz?</a></h3>
    <p>Kısaca: hayır.</p>
    <p>"Üçüncü parti imza" bir anahtardaki başka
  bir anahtar tarafından yapılan bir imzadır.
  Çoğunlukla,
  bu imzalar "başkasının anahtarını imzalarken" üretilmiştir,
  bu işlem "<a href="https://en.wikipedia.org/wiki/Web_of_trust" target="_blank">Güven Ağı</a>"nın temelidir.
  Çeşitli nedenlerden dolayı,
  bu imzalar şimdilik <span class="brand">keys.openpgp.org</span>
  üzerinden dağıtılmıyor.</p>
    <p>En önemli neden <strong>spam</strong>.
        Üçüncü parti imzaları herhangi bir kimsenin anahtarına keyfi veri eklenmesine olanak sağlar.
        Böylece kötü niyetli bir kimsenin megabaytlarca yığını bir anahtara eklemesini
        ve böylece onu kullanışsızlaştırmasını
        engelleyecek hiç bir imkan yoktur.
        Daha da kötüsü,
        saldırgan veya yasadışı içerik de ekleyebilirler.</p>
    <p>Bu sorunu çözmeye yönelik fikirler var.
        Örneğin, imzalar, imza sahibi yerine sahibi onaylayan
        imzacıyla birlikte dağıtılabilir.
        Alternatif olarak, dağıtımdan önce imza sahibinden
        <a href="https://wiki.debian.org/caff" target="_blank">caff türü</a> iş akışını desteklemek için
        çapraz imzalama
        istenebilir.
        Eğer yeterli bir ilgi varsa,
        OpenPGP projeleriyle birlikte bir çözüm üzerinde
        çalışmaya açığız.</p>
    <h3 id="no-sign-verified"><a href="#no-sign-verified">Neden anahtarlar doğrulama
sonrası imzalanmıyor?</a></h3>
    <p><span class="brand">keys.openpgp.org</span> hizmeti anahtar dağımı ve
        keşfi içindir, fiili bir onay kurumu değildir.
        Doğrulanmış iletişim sağlamak isteyen istemci gerçekleştirimleri
        kendi güven modeline dayanmalıdır.</p>
    <h3 id="revoked-uids"><a href="#revoked-uids">İptal edilen kimilkler neden bu
            şekilde dağıtılmıyor?</a></h3>
    <p>Bir OpenPGP anahtarı kimliklerinden birini iptal edilmiş
olarak işaretlediğinde, bu kimlik artık anahtar için geçerli
olarak kabul edilmemeli ve bu bilgi, halihazırda bu yeni
iptal edilmiş kimliğe ilişkin bilgiye sahip tüm OpenPGP
istemcilerine dağıtılmalıdır.</p>
    <p>Maalesef, iptalleri dağıtmaya ilişkin, iptal edilen kimliğin
kendisini de açığa vurmayan iyi bir yöntem yok. İptal edilmiş
kimlikleri dağıtmak istemiyoruz, dolayısıyla kimliğin kendisini
hiç dağıtamayız.</p>
    <p>Kimliğin kendisini açığa vurmadan iptallerin dağıtımına olanak
sağlayacak bazı yöntemler öneriliyor. Ancak henüz bitmiş bir
belirtim veya OpenPGP yazılımında destek yok. Yakın gelecekte
bir çözümün ortaya konulacağını düşünüyoruz ve  öyle bir durumda
<span class="brand">keys.openpgp.org</span>tarafından da mümkün
olduğunca çabuk destek eklenecektir.</p>
    <h3 id="search-substring"><a href="#search-substring">Neden alan adında yapabildiğimiz gibi e-posta adresinin bir kısmıyla arama yapamıyoruz?</a></h3>
    <p>Bazı anahtar sunucuları e-posta adresinin bir kısmıyla anahtar aramasına izin veriyor.
        Bu sadece anahtarların değil, ayrıca "adres at gmail nokta com anahtarları" gibi bir sorguyla, adreslerin de bulunmasına yol açar.
        Bu etkin olarak bu anahtar sunucusundaki tüm anahtarların adreslerini bir bakıma herkese açık hale getirir.</p>
    <p><span class="brand">keys.openpgp.org</span> üzerinde e-posta adresiyle aramalar ancak tam eşleştiği e-posta adresinin anahtarını geri döndürür.
        Böylece, normal bir kullanıcı halihazırda bildiği herhangi bir adresle ilişkili anahtarı keşfedebilirken, yeni e-posta adreslerini keşfedemez.
        Bu, kötü niyetli kullanıcıların veya spamcıların sunucu üzerindeki tüm e-posta adreslerinin bir listesini edinmesini önler.</p>
    <p>Bu kısıtlamayı <a href="/about/privacy">gizlilik politikamızın</a> bir parçası yaptık,
        böylece kullanıcıların rızasını almadan bu kısıtlamayı değiştiremeyiz.</p>
    <h3 id="tor"><a href="#tor">Tor destekliyor musunuz?</a></h3>
    <p>Elbette!
        Eğer Tor kuruluysa,
        <span class="brand">keys.openpgp.org</span> adresine anonim olarak
        bir
        <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion hizmeti</a> şeklinde erişebilirsiniz:
        <br><a href="http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion">zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</a></p>
    <h3 id="encrypt-verification-emails"><a href="#encrypt-verification-emails">
            Neden doğrulama e-postalarını şifrelemiyorsunuz?</a></h3>
    Çeşitli nedenler:
    <ol>
<li>Çok daha karmaşıktır, hem kullanıcılar hem de bizim için.</li>
        <li>Saldırıları engellemiyor, bir saldırganın, erişimi olmadığı
            bir anahtarı yüklemekten bir kazancı olmuyor.</li>
        <li>Silme anahtar kaybolduğunda bile mümkün olacaktır.</li>
        <li>Sadece imzalamaya yarayan anahtarları yüklemek, farklı (ve çok daha 
karışık) bir yöntem gerektirecektir.</li>
    </ol>
<h3 id="older-gnupg"><a href="#older-gnupg">
GnuPG ile bazı anahtarları güncellemekte sorun yaşıyorum, bu bir hata mıdır?
</a></h3>
    <p>GnuPG kimlik bilgisi içermeyen anahtarları geçersiz olarak kabul eder ve onları içe aktarmayı reddeder.
      Ancak, <a href="/about">doğrulanmış e-posta adresleri</a> içermeyen bir anahtar da yararlı bir bilgi içerebilir.
      Özellikle anahtarın hükümsüz olup olmadığını denetlemek mümkündür.</p>
    <p>2019 yılı Haziran ayında, <span class="brand">keys.openpgp.org</span> ekibi GnuPG'nin kimlik bilgisi içermeyen anahtarlardan güncelleme almasını sağlayan bir yama oluşturdu.
      Bu yama GnuPG'nin bir çok alt sürümünde (Debian, Fedora, NixOS ve macOS için GPG Suite) çabucak kullanılmaya başlandı.</p>
    <p>2020 yılı Mart ayında GnuPG ekibi yamayı reddetti ve hata kaydının durumunu "Düzeltilmeyecek" olarak güncelledi.
      Bunun anlamı <strong>yamalanmamış GnuPG sürümlerinin, doğrulanmış herhangi bir e-posta adresi içermeyen anahtarlar için <span class="brand">keys.openpgp.org</span> sitesinden güncelleme alamayacağıdır</strong>.
      Bu karar hakkında daha fazla bilgiyi, GnuPG hata takip sistemindeki <a href="https://dev.gnupg.org/T4393#133689">T4393</a> hata kaydında okuyabilirsiniz.</p>
    <p>GnuPG sürümünüzün etkilenip etkilenmediğini aşağıdaki yönergelerle denetleyebilirsiniz:</p>
    <blockquote>
<span style="font-size: larger;">Deneme anahtarını içe aktarın:</span><br><br>
      $ curl https://keys.openpgp.org/assets/uid-test.pub.asc | gpg --import<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" imported<br>
      gpg: Total number processed: 1<br>
      gpg:               imported: 1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">Yamayla, yerel olarak biliniyorsa anahtar güncellenmektedir:</span><br><br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" not changed<br>
      gpg: Total number processed: 1<br>
      gpg:              unchanged: 1<br><br>
</blockquote>
    <blockquote>
<span style="font-size: larger;">Yama olmadan, kimlik bilgisine sahip olmayan bir anahtar her zaman reddedilmektedir:</span><br><br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key EB85BB5FA33A75E15E944E63F231550C4F47E38E: no user ID<br>
</blockquote>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">Hakkında</a> | <a href="/about/news">Haberler</a> | <a href="/about/usage">Kullanım</a> | <a href="/about/faq">SSS</a> | İstatistikler | <a href="/about/privacy">Mahremiyet</a>
</h2></center>
    <h3>Doğrulanmış e-posta adresleri</h3>
    <p>Mevcut doğrulanmış toplam e-posta adresi sayısını gösteren basit bir istatistik. 📈</p>
    <p>
      </p>
<center><img src="/about/stats/month.png"></center>
    
    <p>
      </p>
<center><img src="/about/stats/year.png"></center>
    
    <h3>Yük Ortalaması</h3>
    <p>"Yük ortalaması" bir sunucunun ne kadar meşgul olduğunu gösteren bir istatistiktir. Basitçe söylersek:</p>
<ul>
<li>0.0 <span class="brand">keys.openpgp.org</span> sunucusunun tamamen boşta olduğunu gösteriyor.</li>
        <li>1.0 tamamen meşgul olduğunu</li>
        <li>4.0 ve üzeri de bayağı meşgul olduğunu 🔥</li>
      </ul>
<p>
      </p>
<center><img src="/about/stats/load_week.png"></center>
    
</div>
							
							
							
						
@@ -1,129 +0,0 @@
<div class="about usage">
    <center><h2>
<a href="/about">Hakkında</a> | <a href="/about/news">Haberler</a> | Kullanım | <a href="/about/faq">SSS</a> | <a href="/about/stats">İstatistikler</a> | <a href="/about/privacy">Mahremiyet</a>
</h2></center>
    <p>Bu sayfada, <span class="brand">keys.openpgp.org</span> hizmetinin farklı OpenPGP yazılım ürünleriyle birlikte nasıl kullanıldığına ilişkin bilgiyi topluyoruz.<br>
Daha fazla bilgi eklemeye devam ediyoruz. Eğer eklemeyi unuttuğumuzu düşündüğünüz bir şey varsa
bize yazın ve biz de eklemeye çalışalım.</p>
    <h2 id="web" style="padding-left: 3%;"><a href="#web">Web Arayüzü</a></h2>
    <p><span class="brand">keys.openpgp.org</span> adresindeki web arayüzü sayesinde aşağıdakileri yapabilirsiniz:</p>
    <p>
        </p>
<ul>
<li>Manuel olarak, parmak iziyle veya e-posta adresiyle anahtar <a href="/">arama</a>.</li>
            <li>Manuel olarak anahtar<a href="/upload">yükleme</a> ve yüklemeden sonra doğrulama.</li>
            <li>Anahtarlarınızı <a href="/manage">yönetme</a> ve yayınlanmış kimlikleri kaldırma.</li>
        </ul>
<h2 id="enigmail">
        <div><img src="/assets/img/enigmail.svg"></div>
        <a href="#enigmail">Enigmail</a>
    </h2>
    <p>Thunderbird eklentisi <a href="https://enigmail.net" target="_blank">Enigmail</a>, 2.0.12 sürümünden beri <span class="brand">keys.openpgp.org</span> varsayılan olarak kullanıyor.</p>
    <p>Enigmain 2.1'den (<a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> veya daha yeni için) beri tamamen destekleniyor:</p>
<ul>
<li>Anahtarlar otomatik olarak güncel tutulur.</li>
            <li>Anahtar oluşturma sırasında, anahtarınızı yükleyebilir ve doğrulayabilirsiniz.</li>
            <li>E-posta adresiyle anahtarları bulabilirsiniz.</li>
        </ul>
<h2 id="gpg-suite">
        <div><img src="/assets/img/gpgtools.png"></div>
        <a href="#gpg-suite">GPG Takımı</a>
    </h2>
    <p>macOS için <a href="https://gpgtools.org/">GPG Suite</a> araç takımı da <span class="brand">keys.openpgp.org</span> hizmetini Ağustos 2019'dan beri varsayılan olarak kullanıyor.</p>
    <h2 id="openkeychain">
        <div><img src="/assets/img/openkeychain.svg"></div>
        <a href="#openkeychain">OpenKeychain</a>
    </h2>
    <p>Android için <a href="https://www.openkeychain.org/">OpenKeychain</a>, <span class="brand">keys.openpgp.org</span> hizmetini Temmuz 2019'dan beri varsayılan olarak kullanıyor.</p>
<ul>
<li>Anahtarlar otomatik olarak güncel tutulur.</li>
            <li>E-posta adresiyle anahtarları bulabilirsiniz.</li>
        </ul>
<p>Yükleme ve e-posta adresi doğrulama için henüz gömülü bir destek olmadığını unutmayın.</p>
    <h2 id="pignus">
        <div><img src="/assets/img/pignus.png"></div>
        <a href="#pignus">Pignus</a>
    </h2>
    <p>iOS için <a href="https://www.frobese.de/pignus/">Pignus</a> 
        Kasım 2019'dan beri varsayılan olarak
<span class="brand">keys.openpgp.org</span> kullanıyor.</p>
<ul>
<li>Anahtarlarınız istediğiniz zaman yüklenebilir.</li>
            <li>E-posta adresiyle anahtarları bulabilirsiniz.</li>
        </ul>
<h2 id="gnupg">
        <div><img src="/assets/img/gnupg.svg"></div>
        <a href="#gnupg">GnuPG</a>
    </h2>
    <p><a href="https://gnupg.org">GnuPG</a>'nin <span class="brand">keys.openpgp.org</span> hizmetini anahtar sunucusu olarak kullanacak şekilde yapılandırmak için, aşağıdaki satırı <tt>gpg.conf</tt> dosyasına ekleyin: </p>
<blockquote>keyserver hkps://keys.openpgp.org</blockquote>
    
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">Anahtarları indirmek</a></h4>
    <ul>
<li>Bir kullanıcının anahtarını, e-posta adresiyle bulmak için:<blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>Bütün anahtarlarınızı yenilemek için (örn. fesih sertifikaları ve alt anahtarlar için):<blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
<h4 id="gnupg-upload"><a href="#gnupg-upload">Anahtarınızı yüklemek</a></h4>
    <p>Anahtarlar GnuPG'nin <tt>--send-keys</tt> komutuyla gönderilebilr, ancak anahtarı e-posta adresiyle aranabilir yapmak için kimlik bilgisini bu şekilde doğrulamak mümkün değildir (<a href="/about">bunun anlamı nedir?</a>).</p>
    <ul>
<li>Anahtarınızı yüklemek için şu kısayolu kullanabilirsiniz, doğrulama sayfasına doğrudan yönlendiren bir bağlantıyı görüntüleyecektir:<blockquote>gpg --export your_address@example.net | curl -T - {{ base_uri }}</blockquote>
        </li>
        <li>Alternatif olarak, bir dosyaya kaydedebilir ve <a href="/upload" target="_blank">yükleme</a> sayfasında bu dosyayı seçebilirsiniz:<blockquote>gpg --export your_address@example.net &gt; my_key.pub</blockquote>
        </li>
    </ul>
<h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">Sorun Giderme</a></h4>
    <ul>
<li>Bazı eski <tt>~/gnupg/dirmngr.conf</tt> dosyaları aşağıdaki gibi bir satır içeriyor:<blockquote>hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem</blockquote>
            <p>Bu yapılandırmaya artık ihtiyaç yok, ancak düzenli sertifikaların çalışmasını engeller. Sadece bu satırın yapılandırma dosyasından kaldırılmasını öneriyoruz.</p>
        </li>
        <li>Anahtarları yenilerken, aşağıdaki gibi hatalarla karşılaşabilirsiniz:<blockquote>gpg: key A2604867523C7ED8: no user ID</blockquote>
            Bu <a href="https://dev.gnupg.org/T4393" target="_blank">GnuPG'de bilinen bir sorun</a>.
Bu sorunu çözmek için GnuPG ekibiyle birlikte çalışıyoruz.
        </li>
    </ul>
<h4 id="gnupg-tor"><a href="#gnupg-tor">Tor ile Kullanım</a></h4>
    <p>Daha dikkatli olmak isteyen kullanıcılar, <span class="brand">keys.openpgp.org</span> sitesine <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion hizmeti</a> olarak da erişebilirler. <a href="https://www.torproject.org/" target="_blank">Tor</a> kurmuşsanız aşağıdaki yapılandırmayı kullanabilirsiniz:</p>
<blockquote>keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</blockquote>
    
    <h2 style="padding-left: 3%;" id="wkd-as-a-service"><a href="#wkd-as-a-service">Hizmet olarak WKD</a></h2>
    <p>Web Anahtar Dizini (WKD) OpenPGP anahtarlarınız e-posta, alan adı veya e-posta sağlayıcısı ile bulunabilmesi için bir standarttır. 
 <a href="https://www.gpg4win.de/about.html" target="_blank">GpgOL</a> gibi bazı e-posta istemcilerinde bilinmeyen anahtarları bulmak için kullanılır.</p>
<p><span class="brand">keys.openpgp.org</span> herhangi bir alan adı için yönetilen WKD hizmeti olarak kullanılabilir.
    Bunu yapmak için, alan adının sadece <tt>openpgpkey</tt> alt alan adını <tt>wkd.keys.openpgp.org</tt> adresine devreden bir <tt>CNAME</tt> sahasına ihtiyacı var.
    Bu herhangi bir DNS barındırma hizmetinin web arayüzünde yapılabiliyor olmalıdır.</p>
<p>Bir alan adı için etkinleştirildiğinde, doğrulanmış adresleri otomatik olarak WKD aracılığıyla arama için kullanıma hazır olacaktır.</p>
<p><tt>CNAME</tt> kaydı şu şekilde olmalıdır:</p>
<blockquote>$ drill openpgpkey.example.org<br>
        ...<br>
        openpgpkey.example.org.       300     IN      CNAME   wkd.keys.openpgp.org.</blockquote>
    <p>Hizmeti denemek için kullanılabilecek basit bir durum denetleyici var:</p>
<blockquote>$ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>
        CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>
</blockquote>
    <p>Anahtar bulup getirmeyi sınamak için:</p>
<blockquote>$ gpg  --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org<br>
</blockquote>
    <h2 style="padding-left: 3%;">API</h2>
    <p>OpenPGP uygulamalarında bütünleşik bir destek sunmak amacıyla bir API sağlıyoruz. <a href="/about/api">API belgemizi</a>inceleyebilirsiniz.</p>
    <h2 style="padding-left: 3%;">Diğer</h2>
    <p>Gözde gerçekleştiriminizde nasıl kullanılacağına ilişkin rehber yok mu? Sorun değil. Bu site henüz yapım aşamasında ve geliştirmeye çalışıyoruz. Yardımcı olmak istiyorsanız <span class="email">support at keys dot openpgp dot org</span> e-posta adresimize mesaj gönderebilirsiniz.</p>
</div>
							
							
							
						
@@ -1,55 +0,0 @@
<div class="about">
    <center><h2>关于 | <a href="/about/news">新闻</a> | <a href="/about/usage">使用</a> | <a href="/about/faq">常见问题</a> | <a href="/about/stats">统计资料</a> | <a href="/about/privacy">隐私</a>
</h2></center>
    <p><tt>keys.openpgp.org</tt>服务是一个公共服务，
用于发行和寻找兼容 OpenPGP 的密钥。
通常被人们称呼为“密钥服务器”。</p>
    <p><strong>若需要指导，请查阅我们的<a href="/about/usage">用户指南</a>。</strong></p>
    <h3>它是如何工作的</h3>
    <p>一个 OpenPGP 密钥包含两种类型的信息</p>
    <ul>
<li>
<strong>身份信息</strong>描述了能识别其所有者的部分
也被叫做 “用户ID”。
一个用户ID通常包含一个名字和一个电子邮件地址。</li>
        <li>
<strong>非身份信息</strong>是有关密钥本身的所有技术信息。 
这包括用于验证签名和加密消息的大数字。 
它还包括元数据，例如创建日期，
过期日期和吊销状态。</li>
    </ul>
<p>传统上，这些信息一直都被同时分发
但在<span class="brand">keys.openpgp.org</span>，这些信息会被区别对待。
当用户上传完整的 OpenPGP 密钥到<span class="brand">keys.openpgp.org</span>的时候，
我们的密钥服务器只会在特定条件下保留和发布特定的部分：</p>
    <p>一旦通过了密码完整性检查，任何<strong>无身份信息</strong>的部分都将被存储并自由传播。
由于不含有可以直接确认持有者身份的信息，
任何人都可以在任何时间下载这些部分。
优秀的 OpenPGP 软件可以利用<span class="brand">keys.openpgp.org</span>来使本地已知的密钥信息保持最新。
这有助于 OpenPGP用户保持安全有效的通信。</p>
    <p>OpenPGP密钥中包含的<strong>身份信息</strong>仅在获得许可的情况下分发。
密钥包含个人数据，但这些数据对于加密和签名并不是必须的。
当持有者验证了他们的邮件地址之后，密钥便可以使用邮件地址搜索到。</p>
    <h3 id="community">社区和平台</h3>
    <p>此服务是社区的一项工作。
你可以在
Freenode IRC 的 #hagrid 标签下
或者 Matrix 的 #hagrid:stratum0.org 标签下与我们交流
当然你也可以发送电子邮件到<tt>support@keys.openpgp.org</tt>。
运行此程序的人员来自 OpenPGP 生态系统中的多个项目。
包括Sequoia-PGP，OpenKeychain和Enigmail。</p>
    <p>从技术上讲，<tt>keys.openpgp.org</tt>在基于
<a href="https://sequoia-pgp.org">Sequoia-PGP</a>的
<a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a>密钥服务器软件上运行。我们将网站托管在<a href="https://eclips.is" target="_blank">eclips.is</a>平台上，
该平台由主机服务商<a href="https://greenhost.net/" target="_blank">Greenhost</a>运营，专注于 互联网自由（Internet Freedom） 项目的托管。</p>
</div>
							
							
							
						
@@ -1,32 +0,0 @@
<div class="about">
    <center><h2>
<a href="/about">关于</a> | <a href="/about/news">新闻</a> | <a href="/about/usage">使用</a> | <a href="/about/faq">常见问题</a> | 统计资料 | <a href="/about/privacy">隐私</a>
</h2></center>
    <h3>已验证邮箱地址</h3>
    <p>当前已验证的电子邮件地址的简单统计信息📈</p>
    <p>
      </p>
<center><img src="/about/stats/month.png"></center>
    
    <p>
      </p>
<center><img src="/about/stats/year.png"></center>
    
    <h3>平均负载</h3>
    <p>“平均负载”是描述服务器有多忙碌的统计信息。
简单地说：</p>
<ul>
<li>0.0 意味着<span class="brand">keys.openpgp.org</span>主机完全闲置</li>
        <li>1.0 意味着相当忙</li>
        <li>4.0 及以上意味着它“着火”了🔥</li>
      </ul>
<p>
      </p>
<center><img src="/about/stats/load_week.png"></center>
    
</div>
							
							
							
						
@@ -1,105 +0,0 @@
<div class="about usage">
    <center><h2>
<a href="/about">关于</a> | <a href="/about/news">新闻 </a>| 使用 | <a href="/about/faq">常见问题</a> | <a href="/about/stats">统计资料</a> | <a href="/about/privacy">隐私</a>
</h2></center>
    <p>在此页面，我们收集不同OpenPGP软件上使用
<span class="brand">keys.openpgp.org</span>的信息
我们仍在努力添加更多的支持。如果你发现有一些缺失
请写给我们，我们会尝试添加对它的支持。</p>
    <h2>
        <div><img src="/assets/img/enigmail.svg"></div>
        Enigmail
    </h2>
    <p>Thunderbird 组件<a href="https://enigmail.net" target="_blank">Enigmail</a>从版本 2.0.12 开始默认使用<span class="brand">keys.openpgp.org </span></p>
    <p>从 Enigmail 2.1 开始有完整的支持
（<a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a>或更高版本）：</p>
<ul>
<li>密钥将会自动保持更新</li>
            <li>在生成密钥的过程中，你可以上传并验证你的密钥。</li>
            <li>密钥可以通过电子邮件地址搜索到。</li>
        </ul>
<h2>
        <div><img src="/assets/img/gpgtools.png"></div>
        GPG Suite
    </h2>
    <p>Mac系统 <a href="https://gpgtools.org/">GPG Suite</a>
从2019年8月开始默认使用<span class="brand">keys.openpgp.org</span>。</p>
    <h2>
        <div><img src="/assets/img/openkeychain.svg"></div>
        OpenKeychain
    </h2>
    <p>安卓系统<a href="https://www.openkeychain.org/">OpenKeychain</a>
从2019年9月开始默认使用<span class="brand">keys.openpgp.org</span>。</p>
<ul>
<li>密钥将会自动保持更新</li>
            <li>密钥可以通过电子邮件地址搜索到。</li>
        </ul>
<p>注意，目前并不支持程序内置的，上传并验证电子邮件的操作。</p>
    <h2>
        <div><img src="/assets/img/gnupg.svg"></div>
        GnuPG
    </h2>
    <p>要配置<a href="https://gnupg.org">GnuPG</a>使用
<span class="brand">keys.openpgp.org</span>作为密钥服务器
在<tt>gpg.conf</tt>文件里添加如下行：</p>
<blockquote>keyserver hkps://keys.openpgp.org</blockquote>
    
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">检索密钥</a></h4>
    <ul>
<li>使用邮件地址检索用户密钥：<blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>要刷新你的所有密钥（例如：新吊销证书或者子密钥）<blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
<h4 id="gnupg-upload"><a href="#gnupg-upload">上传你的密钥</a></h4>
    <p>密钥可以通过GnuPG的<tt>--send-keys</tt>命令上传，
但是通过此方法不能证明身份信息。
即，你不能让此密钥通过电子邮件地址被搜索到（<a href="/about">那是什么？</a>）。</p>
    <ul>
<li>您可以尝试以下快捷方式来上传密钥，
该快捷方式会直接输出链接到验证页面：<blockquote>gpg --export your_address@example.net | curl -T - {{ base_uri }}</blockquote>
        </li>
        <li>或者，您可以将它们导出到文件中，
然后在<a href="/upload" target="_blank">上传</a>界面选中该文件：<blockquote>gpg --export your_address@example.net &gt; my_key.pub</blockquote>
        </li>
    </ul>
<h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">解决问题</a></h4>
    <ul>
<li>某些旧版的<tt>~/gnupg/dirmngr.conf</tt>文件包含以下行：<blockquote>hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem</blockquote>
            <p>这些配置已经没有必要了，
反而会让某些证书无法运行。
推荐直接在配置文件中删除这一行。</p>
        </li>
        <li>在刷新密钥时，你可能会看到类似的错误：<blockquote>gpg: key A2604867523C7ED8: no user ID</blockquote>
            这是<a href="https://dev.gnupg.org/T4393" target="_blank">GnuPG的已知问题</a>。
我们正与 GnuPG 团队合作来解决这个问题。
        </li>
    </ul>
<h4 id="gnupg-tor"><a href="#gnupg-tor">通过 Tor 使用</a></h4>
    <p>对于需要额外安全性的用户，
<span class="brand">keys.openpgp.org</span>也可以通过
<a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">洋葱服务</a>匿名访问。
如果你安装了<a href="https://www.torproject.org/" target="_blank">洋葱浏览器</a>，
则使用如下配置：</p>
<blockquote>keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</blockquote>
    
    <h2 style="margin-left: 3%;">API</h2>
    <p>我们提供API以方便在 OpenPGP 应用程序中开发集成支持。
查阅我们的<a href="/about/api">API 文档</a>。</p>
    <h2 style="margin-left: 3%;">其他</h2>
    <p>缺少您最喜欢的实施指南？ 该网站正在开发中，
我们正在寻求改进。 
如果你想帮助我们，请发送邮件到<span class="email">support@keys.openpgp.org</span></p>
</div>
							
							
							
						
@@ -1,83 +0,0 @@
<div class="about">
    <center><h2>About | <a href="/about/news">News</a> | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | <a href="/about/privacy">Privacy</a></h2></center>
    <p>
        The <span class="brand">keys.openpgp.org</span> server is a public service for the
        distribution and discovery of OpenPGP-compatible keys, commonly
        referred to as a "keyserver".
    </p>
    <p>
        <strong>For instructions, see our <a href="/about/usage">usage guide</a>.</strong>
    </p>
    <h3>How it works</h3>
    <p>
        An OpenPGP key contains two types of information:
    </p>
    <ul>
        <li><strong>Identity information</strong> describes the parts of
            a key that identify its owner, also known as "User IDs".
            A User ID typically includes a name and an email address.
        </li>
        <li><strong>Non-identity information</strong> is all the technical
            information about the key itself. This includes the large numbers
            used for verifying signatures and encrypting messages.
            It also includes metadata like date of creation, some expiration
            dates, and revocation status.
        </li>
    </ul>
    <p>
        Traditionally, these pieces of information have always been distributed
        together. On <span class="brand">keys.openpgp.org</span>, they are
        treated differently.  While anyone can upload all parts of any OpenPGP key
        to <span class="brand">keys.openpgp.org</span>, our keyserver
        will only retain and publish certain parts under certain
        conditions:
    </p>
    <p>
        Any <strong>non-identity information</strong> will be stored and freely
        redistributed, if it passes a cryptographic integrity check.
        Anyone can download these parts at any time as they contain only
        technical data that can't be used to directly identify a person.
        Good OpenPGP software can use <span class="brand">keys.openpgp.org</span>
        to keep this information up to date for any key that it knows about.
        This helps OpenPGP users maintain secure and reliable communication.
    </p>
    <p>
        The <strong>identity information</strong> in an OpenPGP key
        is only distributed with consent.
        It contains personal data, and is not strictly necessary for
        a key to be used for encryption or signature verification.
        Once the owner gives consent by verifying their email address,
        the key can be found via search by address.
    </p>
    <h3 id="community">Community and platform</h3>
    <p>
        This service is run as a community effort.
        You can talk to us in
        #hagrid on OFTC IRC,
        also reachable as #hagrid:stratum0.org on Matrix.
        Of course you can also reach us via email,
        at <tt>support at keys dot openpgp dot org</tt>.
        The folks who are running this come
        from various projects in the OpenPGP ecosystem,
        including Sequoia-PGP, OpenKeychain, and Enigmail.
    </p>
    <p>
        Technically,
        <span class="brand">keys.openpgp.org</span> runs on the <a href="https://gitlab.com/keys.openpgp.org/hagrid" target="_blank">Hagrid</a> keyserver software,
        which is based on <a href="https://sequoia-pgp.org">Sequoia-PGP</a>.
        We are running on <a href="https://eclips.is" target="_blank">eclips.is</a>,
        a hosting platform focused on Internet Freedom projects,
        which is managed by <a href="https://greenhost.net/" target="_blank">Greenhost</a>.
    </p>
</div>
							
							
							
						
@@ -1,274 +0,0 @@
<div class="about">
    <center><h2><a href="/about">About</a> | <a href="/about/news">News</a> | <a href="/about/usage">Usage</a> | FAQ | <a href="/about/stats">Stats</a> | <a href="/about/privacy">Privacy</a></h2></center>
    <p>
        <strong>For instructions, see our <a href="/about/usage">usage guide</a>.</strong>
    </p>
    <h3 id="sks-pool"><a href="#sks-pool">Is this server part of the "SKS" pool?</a></h3>
    <p>
        No. The federation model of the SKS pool has various problems in terms
        of reliability, abuse-resistance, privacy, and usability. We might do
        something similar to it, but <span class="brand">keys.openpgp.org</span>
        will never be part of the SKS pool itself.
    </p>
    <h3 id="federation"><a href="#federation">Is keys.openpgp.org federated? Can I help by running an instance?</a></h3>
    <p>
        For the moment, no.
        We do plan to decentralize <span class="brand">keys.openpgp.org</span>
        at some point.
        With multiple servers
        run by independent operators,
        we can hopefully improve the reliability
        of this service even further.
    </p>
    <p>
        Several folks offered to help out
        by "running a Hagrid server instance".
        We very much appreciate the offer,
        but we will probably never have an "open" federation model like SKS,
        where everyone can run an instance and become part of a "pool".
        This is for two reasons:
    </p>
    <ol>
        <li>
            Federation with open participation requires all data to be public.
            This significantly impacts the privacy of our users, because it
            allows anyone to scrape a list of all email addresses.
        </li>
        <li>
            Servers run as a hobby by casual administrators do not meet our
            standards for reliability and performance.
        </li>
    </ol>
    <h3 id="non-email-uids"><a href="#non-email-uids">Why is there no support
            for identities that aren't email addresses?</a></h3>
    <p>
        We require explicit consent to distribute identity information.
        Identities that aren't email addresses, such as pictures or website
        URLs, offer no simple way for us to acquire this consent.
    </p>
    <p>
        Note: Some OpenPGP software creates keys with incorrectly formatted
        email addresses.  These addresses might not be recognized correctly on
        <span class="brand">keys.openpgp.org</span>.
    </p>
    <h3 id="verify-multiple"><a href="#verify-multiple">Can I verify more than
            one key for some email address?</a></h3>
    <p>
        An email address can only be associated with a single key.
        When an address is verified for a new key,
        it will no longer appear in any key
        for which it was previously verified.
        <a href="/about">Non-identity information</a> will still be distributed
        for all keys.
    </p>
    <p>
        This means a search by email address
        will only return a single key,
        not multiple candidates.
        This eliminates an impossible choice for the user
        ("Which key is the right one?"),
        and makes key discovery by email much more convenient.
    </p>
    <h3 id="email-protection"><a href="#email-protection">What do you do to
            protect outgoing verification emails?</a></h3>
    <p>
        We use a modern standard called
        <a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a>,
        combined with
        <a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a>
        by the EFF,
        to make sure verification emails are sent out securely.
        This protects against eavesdropping and interception during delivery.
    </p>
    <p>
        The MTA-STS mechanism only works if supported by the recipient's email
        provider. Otherwise, emails will be delivered as usual.
        You can <a href="https://www.hardenize.com/">run this test</a>
        to see if your email provider supports it.
        If the "MTA-STS" entry on the left isn't a green checkmark,
        please ask your provider to update their configuration.
    </p>
    <h3 id="third-party-signatures"><a href="#third-party-signatures">
            Do you distribute "third party signatures"?</a></h3>
    <p>
        Short answer: No.
    </p>
    <p>
        A "third party signature" is a signature on a key
        that was made by some other key.
        Most commonly,
        those are the signatures produced when "signing someone's key",
        which are the basis for
        the "<a href="https://en.wikipedia.org/wiki/Web_of_trust" target="_blank">Web of Trust</a>".
        For a number of reasons,
        those signatures are not currently distributed
        via <span class="brand">keys.openpgp.org</span>.
    </p>
    <p>
        The killer reason is <strong>spam</strong>.
        Third party signatures allow attaching arbitrary data to anyone's key,
        and nothing stops a malicious user from
        attaching so many megabytes of bloat to a key
        that it becomes practically unusable.
        Even worse,
        they could attach offensive or illegal content.
    </p>
    <p>
        There are ideas to resolve this issue.
        For example, signatures could be distributed with the signer,
        rather than the signee.
        Alternatively, we could require
        cross-signing by the signee before distribution
        to support a
        <a href="https://wiki.debian.org/caff" target="_blank">caff-style</a>
        workflow.
        If there is enough interest,
        we are open to working with other OpenPGP projects
        on a solution.
    </p>
    <h3 id="no-sign-verified"><a href="#no-sign-verified">Why not sign keys
            after verification?</a></h3>
    <p>
        The <span class="brand">keys.openpgp.org</span> service is meant for key
        distribution and discovery, not as a de facto certification authority.
        Client implementations that want to offer verified communication should
        rely on their own trust model.
    </p>
    <h3 id="revoked-uids"><a href="#revoked-uids">Why are revoked identities not
            distributed as such?</a></h3>
    <p>
        When an OpenPGP key marks one of its identities as revoked, this
        identity should no longer be considered valid for the key, and this
        information should ideally be distributed to all OpenPGP clients that
        already know about the newly revoked identity.
    </p>
    <p>
        Unfortunately, there is currently no good way to distribute revocations,
        that doesn't also reveal the revoked identity itself.  We don't want to
        distribute revoked identities, so we can't distribute the identity at
        all.
    </p>
    <p>
        There are proposed solutions to this issue, that allow the distribution
        of revocations without also revealing the identity itself.  But so far
        there is no final specification, or support in any OpenPGP software.  We
        hope that a solution will be established in the near future, and will
        add support on <span class="brand">keys.openpgp.org</span> as soon as
        we can.
    </p>
    <h3 id="search-substring"><a href="#search-substring">Why isn't it possible to search by part of an email address, like just the domain?</a></h3>
    <p>
        Some keyservers support search for keys by part of an email address.
        This allows discovery not only of keys, but also of addresses, with a query like "keys for addresses at gmail dot com".
        This effectively puts the addresses of all keys on those keyservers into a public listing.
    </p>
    <p>
        A search by email address on <span class="brand">keys.openpgp.org</span> returns a key only if it exactly matches the email address.
        That way, a normal user can discover the key associated with any address they already know, but they cannot discover any new email addresses.
        This prevents a malicious user or spammer from easily obtaining a list of all email addresses on the server.
    </p>
    <p>
        We made this restriction a part of our <a href="/about/privacy">privacy policy</a>,
        which means we can't change it without asking for user consent.
    </p>
    <h3 id="tor"><a href="#tor">Do you support Tor?</a></h3>
    <p>
        Of course!
        If you have Tor installed,
        you can reach <span class="brand">keys.openpgp.org</span> anonymously
        as an
        <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion service</a>:
        <br />
        <a href="http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion">zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion</a>
    </p>
    <h3 id="encrypt-verification-emails"><a href="#encrypt-verification-emails">
            Why not encrypt verification emails?</a></h3>
    Various reasons:
    <ol>
        <li>It is more complicated, both for our users and for us.</li>
        <li>It doesn't prevent attacks - an attacker gains nothing from
            uploading a key they don't have access to.</li>
        <li>Deletion would still have to be possible even when a key is
            lost.</li>
        <li>It would require a different (and more complicated) mechanism to
            upload keys that can only sign.</li>
    </ol>
    <h3 id="older-gnupg"><a href="#older-gnupg">
      I have trouble updating some keys with GnuPG.  Is there a bug?
    </a></h3>
    <p>
      GnuPG considers keys that contain no identity information to be invalid, and refuses to import them.
      However, a key that has no <a href="/about">verified email addresses</a> may still contain useful information.
      In particular, it's still possible to check whether the key is revoked or not.
    </p>
    <p>
      In June 2019, the <span class="brand">keys.openpgp.org</span> team created a patch that allows GnuPG to process updates from keys without identity information.
      This patch was quickly included in several downstream distributions of GnuPG, including Debian, Fedora, NixOS, and GPG Suite for macOS.
    </p>
    <p>
      In March 2020 the GnuPG team rejected the patch, and updated the issue status to "Wontfix".
      This means that <strong>unpatched versions of GnuPG cannot receive updates from <span class="brand">keys.openpgp.org</span> for keys that don't have any verified email address</strong>.
      You can read about this decision in issue <a href="https://dev.gnupg.org/T4393#133689">T4393</a> on the GnuPG bug tracker.
    </p>
    <p>
      You can check if your version of GnuPG is affected with the following instructions.
    </p>
    <blockquote>
      <span style="font-size: larger;">Import test key:</span><br>
      <br>
      $ curl https://keys.openpgp.org/assets/uid-test.pub.asc | gpg --import<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" imported<br>
      gpg: Total number processed: 1<br>
      gpg:               imported: 1<br>
      <br>
    </blockquote>
    <blockquote>
      <span style="font-size: larger;">With patch, key will be updated if locally known:</span><br>
      <br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key F231550C4F47E38E: "Alice Lovelace &lt;alice@openpgp.example&gt;" not changed<br>
      gpg: Total number processed: 1<br>
      gpg:              unchanged: 1<br>
      <br>
    </blockquote>
    <blockquote>
      <span style="font-size: larger;">Without patch, a key without identity is always rejected:</span><br>
      <br>
      $ gpg --recv-keys EB85BB5FA33A75E15E944E63F231550C4F47E38E<br>
      gpg: key EB85BB5FA33A75E15E944E63F231550C4F47E38E: no user ID<br>
    </blockquote>
</div>
							
							
							
						
@@ -1,408 +0,0 @@
<div class="about">
    <center><h2><a href="/about">About</a> | News | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | <a href="/about/privacy">Privacy</a></h2></center>
    <h2 id="2023-04-28-governance">
      <div style="float: right; font-size: small; line-height: 2em;">2023-04-28 📅</div>
      <a style="color: black;" href="/about/news#2023-04-28-governance">keys.openpgp.org governance 📜</a>
    </h2>
    <p>
        It's been quite a while since the last update.
        Not a lot happened around <span class="brand">keys.openpgp.org</span> during this time, operationally. 😴
    <p>
        But no news is good news in this case:
        A few bugs were fixed, some software maintenance was perfomed to keep up with the ecosystem.
        There were no significant outages, we've had some steady growth of users, things are generally working as expected.
        Hurray!
    <p>
        There is, however, an important bit of news:
        <span class="brand">keys.openpgp.org</span> has a governance process now.
        In particular, there is now a written constitution for the service,
        which you can find <a href="https://gitlab.com/keys.openpgp.org/governance/-/blob/main/constitution.md">here</a>.
    <p>
        Most importantly, there is now a board, who were elected by a community of contributors to the OpenPGP ecosystem.
        This board currently consists of:
    <ul>
        <li>Daniel Huigens, from Proton</li>
        <li>Lukas Pitschl, from GPGTools</li>
        <li>Neal Walfield, from Sequoia-PGP</li>
        <li>Ola Bini</li>
        <li>Vincent Breitmoser</li>
    </ul>
    <p>
        The primary responsibility of the board is to make decisions on the future of <span class="brand">keys.openpgp.org</span>.
        Which features should go in, which not?
        We are having regular meetings at the moment, and progress is slow but steady.
        We'll be sure to let you know (via this news blog) when anything exciting happens!
    <p>
        You can find more info about governance in the <a href="https://gitlab.com/keys.openpgp.org/governance/">repository</a>.
        You can also reach the board via email at <tt>board</tt> <tt>at</tt> <tt>keys.openpgp.org</tt>.
    <p>
        That's all for now!
        <span style="font-size: x-large;">🙇</span>
    <hr style="margin-top: 2em; margin-bottom: 2em;" />
    <h2 id="2019-11-12-celebrating-100k">
      <div style="float: right; font-size: small; line-height: 2em;">2019-11-12 📅</div>
      <a style="color: black;" href="/about/news#2019-11-12-celebrating-100k">Celebrating 100.000 verified addresses! 📈</a>
    </h2>
    <p>
        Five months ago, we launched this service.
        And just today, we have reached a remarkable milestone:
    <center style="margin-top: 2em; margin-bottom: 2em;">
        <img src="/assets/img/stats-addresses-2019-11-12.png" style="padding: 1px; border: 1px solid gray;" /><br />
        <strong>One hundred thousand verified email addresses!</strong>
    </center>
    <p>
        Thanks to everyone using this service!
        And thanks especially to those who have provided us with feedback,
        translations, or even code contributions!
    <p>
        A few updates on things we've been working on:
    <ul>
        <li>
            This news page is now available as an <strong><a target="_blank" href="/atom.xml">atom feed <img src="/assets/img/atom.svg" style="height: 0.8em;" /></a></strong>.
        </li>
        <li>
            We have been working on
            a <strong><a target="_blank" href="https://gitlab.com/keys.openpgp.org/hagrid/issues/131">new mechanism to refresh keys</a></strong>
            that better protects the user's privacy.
        </li>
        <li>
            Work on <strong>localization</strong> is in full swing!
            we hope to have some languages ready for deployment soon.
        </li>
    </ul>
    <p>
        If you would like to see <span class="brand">keys.openpgp.org</span>
        translated into your native language,
        please <a target="_blank" href="https://www.transifex.com/otf/hagrid/">join the translation team</a>
        over on Transifex.
        We would appreciate help especially for <strong>Russian</strong>, <strong>Italian</strong>, <strong>Polish</strong> and <strong>Dutch</strong>.
    <p>
        That's all, keeping this one short!
        <span style="font-size: x-large;">👍️</span>
    <hr style="margin-top: 2em; margin-bottom: 2em;" />
    <h2 id="2019-09-12-three-months-later">
      <div style="float: right; font-size: small; line-height: 2em;">2019-09-12 📅</div>
      <a style="color: black;" href="/about/news#2019-09-12-three-months-later">Three months after launch ✨</a>
    </h2>
    <p>
        It has been three months now
        <a href="/about/news#2019-06-12-launch">since we launched</a>
        <span class="brand">keys.openpgp.org</span>.
        We are happy to report:
        It has been a resounding success!
        🥳
    <h4>Adoption in clients</h4>
    <p>
        The
        <span class="brand">keys.openpgp.org</span>
        keyserver has been received very well by users,
        and clients are adopting it rapidly.
        It is now used by default in
        <a href="https://gpgtools.org/" target="_blank">GPGTools</a>,
        <a href="https://enigmail.net/" target="_blank">Enigmail</a>,
        <a href="https://www.openkeychain.org/" target="_blank">OpenKeychain</a>,
        <a href="https://github.com/firstlookmedia/gpgsync" target="_blank">GPGSync</a>,
        Debian,
        NixOS,
        and others.
        Many tutorials have also been updated,
        pointing users our way.
    <p>
        At the time of writing,
        more than 70.000 email addresses
        have been verified.
    <center style="margin-top: 2em; margin-bottom: 2em;">
        <img src="/assets/img/stats-addresses-2019-09-12.png" style="padding: 1px; border: 1px solid gray;" /><br />
        <span style="font-size: smaller;">If that isn't a promising curve, I don't know what is :)</span>
    </center>
    <p>
        A special shout-out here goes to GPGTools for macOS.
        They implemented the update process so smoothly,
        the number of verified addresses completely exploded
        when they released their update.
    <h4>All's good in operations</h4>
    <p>
        There is not a lot to report operationally,
        and no news is good news in this case!
        Since launch,
        there was nearly zero downtime,
        only a single bug came up
        that briefly caused issues during upload,
        and support volume has been comfortably low.
    <p>
        Our traffic is currently
        at about ten requests per second
        (more during the day, less on the weekend),
        and we delivered roughly 100.000 emails
        in the last month.
        No sweat.
    <p>
        We made several small operational improvements
        including deployment of
        <a href="http://dnsviz.net/d/keys.openpgp.org/dnssec/" target="_blank">DNSSEC</a>,
        implementing some
        <a href="/about/api#rate-limiting" target="_blank">rate-limiting</a>,
        nailing down our
        <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP">content security policy</a>
        headers,
        and enabling
        <a href="https://blog.torproject.org/whats-new-tor-0298" target="_blank">single-hop</a>
        mode on our Tor Onion Service.
        You can find a more complete list
        <a href="https://gitlab.com/keys.openpgp.org/hagrid/merge_requests?scope=all&utf8=%E2%9C%93&state=merged" target="_blank">here</a>.
    <h4>Secure email delivery with MTA-STS</h4>
    <p>
        One improvement that deserves special mention is
        <a href="https://www.hardenize.com/blog/mta-sts">MTA-STS</a>,
        which improves the security of outgoing emails.
    <p>
        While HTTPS is deployed fairly universally these days,
        that sadly isn't the case for email.
        Many servers don't do encryption at all,
        or use a self-signed certificate
        instead of a proper one (e.g. from Let's Encrypt).
        But delivery failures upset customers more
        than reduced security,
        and many emails are still delivered without encryption.
    <p>
        With MTA-STS, domain operators can indicate
        (via HTTPS)
        that their email server <em>does</em> support encryption.
        When a secure connection can't be established
        to such a server,
        message delivery will be postponed
        or eventually bounce,
        instead of proceeding insecurely.
    <p>
        This is extremely useful for service like
        <span class="brand">keys.openpgp.org</span>.
        If encryption isn't reliable,
        attackers can intercept verification emails relatively easily.
        But for providers who have MTA-STS deployed,
        we can be sure that
        every message is delivered securely,
        and to the right server.
    <p>
        You can <a href="https://aykevl.nl/apps/mta-sts/" target="_blank">run a check</a>
        to find out whether your email provider
        supports MTA-STS.
        If they don't,
        please drop them a message and tell them
        to step up their security game!
    <h4>Work in progress</h4>
    <p>
        We are working on two features:
    <p>
        The first is <strong>localization</strong>.
        Most people do not speak English,
        but so far that is the only language we support.
        To make this service more accessible,
        we are working with the OTF's
        <a href="https://www.opentech.fund/labs/localization-lab/" target="_blank">Localization Lab</a>
        to make the website and outgoing emails
        available in several more languages.
    <p>
        The second is to bring back
        <strong>third-party signatures</strong>.
        As <a href="/about/faq#third-party-signatures">mentioned in our FAQ</a>,
        we currently don't support these due to spam and potential for abuse.
        The idea is to require
        <a href="https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/20/diffs" target="_blank">cross-signatures</a>,
        which allow each key to choose for itself
        which signatures from other people it wants to distribute.
        Despite this extra step,
        this is fairly compatible with existing software.
        It also nicely stays out of the way of users
        who don't care about signatures.
    <p>
        Although work is in progress for both of those features,
        neither have a planned time of release yet.
    <p>
        Regarding the "<tt>no user ID</tt>" issue with GnuPG
        (mentioned in our
        <a href="/about/news#2019-06-12-launch-challenges">last news post</a>
        and our
        <a href="/about/faq#older-gnupg" target="_blank">FAQ</a>),
        a patch that fixes this problem is now carried by Debian,
        as well as GPGTools for macOS.
        GnuPG upstream has not merged the patch so far.
    <p>
        That's it!
        Thanks for your interest!
        <span style="font-size: x-large;">👋</span>
    <hr style="margin-top: 2em; margin-bottom: 2em;" />
    <h2 id="2019-06-12-launch">
      <div style="float: right; font-size: small; line-height: 2em;">2019-06-12 📅</div>
      <a href="/about/news#2019-06-12-launch" style="color: black;">Launching a new keyserver! 🚀</a>
    </h2>
    <p>
    From a community effort by
    <a href="https://enigmail.net" target="_blank">Enigmail</a>,
    <a href="https://openkeychain.org" target="_blank">OpenKeychain</a>,
    and <a href="https://sequoia-pgp.org">Sequoia PGP</a>,
    we are pleased to announce
    the launch of the new public OpenPGP keyserver
    <span class="brand">keys.openpgp.org</span>!
    Hurray! 🎉
    <h4>Give me the short story!</h4>
    <ul>
      <li>Fast and reliable. No wait times, no downtimes, no inconsistencies.</li>
      <li>Precise. Searches return only a single key, which allows for easy key discovery.</li>
      <li>Validating. Identities are only published with consent,
        while non-identity information is freely distributed.</li>
      <li>Deletable. Users can delete personal information with a simple email confirmation.</li>
      <li>Built on Rust, powered by <a href="https://sequoia-pgp.org" target="_blank">Sequoia PGP</a> - free and open source, running AGPLv3.</li>
    </ul>
    Get started right now by <a href="/upload">uploading your key</a>!
    <h4>Why a new keyserver?</h4>
    <p>
      We created <span class="brand">keys.openpgp.org</span>
      to provide an alternative to the SKS Keyserver pool,
      which is the default in many applications today.
      This distributed network of keyservers has been struggling with
      <a target="_blank" href="https://medium.com/@mdrahony/are-sks-keyservers-safe-do-we-need-them-7056b495101c">abuse</a>,
      <a target="_blank" href="https://en.wikipedia.org/wiki/Key_server_(cryptographic)#Problems_with_keyservers">performance</a>,
      as well as <a href="http://www.openwall.com/lists/oss-security/2017/12/10/1">privacy issues</a>,
      and more recently also
      <a target="_blank" href="http://nongnu.13855.n7.nabble.com/SKS-apocalypse-mitigation-td228252.html">GDPR</a>
      compliance questions.
      Kristian Fiskerstrand has done a stellar job maintaining the pool for
      <a target="_blank" href="https://blog.sumptuouscapital.com/2016/12/10-year-anniversary-for-sks-keyservers-net/">more than ten years</a>,
      but at this point development activity seems to have
      <a target="_blank" href="https://bitbucket.org/skskeyserver/sks-keyserver/pull-requests/60/clean-build-with-405">mostly ceased</a>.
    <p>
    We thought it time to consider a fresh approach to solve these problems.
    <h4>Identity and non-identity information</h4>
    <p>
    The <span class="brand">keys.openpgp.org</span> keyserver splits up
    identity and non-identity information in keys.
    You can find more details on our <a href="/about" target="_blank">about page</a>:
    The gist is that non-identity information (keys, revocations, and so on)
    is freely distributed,
    while identity information
    is only distributed with consent
    that can also be revoked at any time.
    <p>
    If a new key is verified for some email address,
    it will replace the previous one.
    This way,
    every email address is only associated with a single key at most.
    It can also be removed from the listing
    at any time by the owner of the address.
    This is very useful for key discovery:
    if a search by email address returns a key,
    it means this is the single key
    that is currently valid for the searched email address.
    <h4>Support in Enigmail and OpenKeychain</h4>
    <p>
    The <span class="brand">keys.openpgp.org</span> keysever
    will receive first-party support in upcoming releases of
    <a href="https://enigmail.net" target="_blank">Enigmail</a> for Thunderbird,
    as well as
    <a href="https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain&hl=en">OpenKeychain</a> on Android.
    This means users of those implementations will
    benefit from the faster response times,
    and improved key discovery by email address.
    We hope that this will also give us some momentum
    to build this project into a bigger community effort.
    <h4 id="2019-06-12-launch-challenges">Current challenges</h4>
    <p>
    Privacy-preserving techniques in keyservers are still new,
    and sadly there are still a few compatibility issues
    caused by splitting out identity information.
    <p>
    In particular, when GnuPG (as of this writing, version 2.2.16) encounters
    an OpenPGP key without identities,
    it throws an error "no user ID"
    and does not process new non-identity information
    (like revocation certificates)
    even if it is cryptographically valid.
    We are actively engaged in
    providing fixes for these issues.
    <h4>The future</h4>
    <p>
    Privacy-preserving techniques in keyservers are still new,
    and we have more ideas for reducing the metadata.
    But for now, our plan is only to
    keep <span class="brand">keys.openpgp.org</span> reliable and fast 🐇,
    fix any upcoming bugs 🐞,
    and <a href="/about#community">listen to feedback</a> from the community. 👂
    <p>
    For more info, head on over to
    our <a target="_blank" href="/about">about page</a>
    and <a target="_blank" href="/about/faq">FAQ</a> pages.
    You can get started right away
    by <a href="/upload" target="_blank">uploading your your key</a>!
    Beyond that there is more cool stuff to discover,
    like our <a target="_blank" href="/about/api">API</a>,
    and an <a target="_blank" href="/about/faq#tor">Onion Service</a>!
    <p>
    Cheers!
    <span style="font-size: x-large;">🍻</span>
</div>
							
							
							
						
@@ -1,102 +0,0 @@
<div class="about">
    <center><h2><a href="/about">About</a> | <a href="/about/news">News</a> | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | Privacy</h2></center>
    <h3>Name and contact details</h3>
    <p>
        <span class="brand">keys.openpgp.org</span> is a community effort.
        You can find more information about us, and our contact, details <a href="https://keys.openpgp.org/about">here</a>.
    </p>
    <h3>How we process data</h3>
    <p>
        The public keyserver running on <span class="brand">keys.openpgp.org</span> processes, stores, and distributes OpenPGP certificate data.
        The specific way in which data is processed differs by type as follows:
    </p>
    <ul>
        <li>
            <h4>Email Addresses</h4>
            <p>
                Email addresses of individuals contained in <abbr title="Packet Tag 13">User IDs</abbr> are personal data.
                Special care is taken to make sure they are used only with consent, which you can withdraw at any time:
            </p>
            <ul>
                <li>Publishing requires double opt-in validation, to prove ownership of the email address in question.</li>
                <li>Addresses are searchable by exact email address, but not by associated name.</li>
                <li>Enumeration of addresses is not possible.</li>
                <li>Deletion of addresses is possible via simple proof of ownership in an automated fashion, similar to publication, using the <a href="https://keys.openpgp.org/manage">“manage“ tool</a>. To unlist an address where this isn't possible, write to support at keys dot openpgp dot org.</li>
            </ul>
            <p>
                This data is never handed collectively (“as a dump“) to third parties.
            </p>
        </li>
        <li>
            <h4>Public Key Data</h4>
            <p>
                We process the cryptographic content of OpenPGP certificates - such as public key material, self-signatures, and revocation signatures – for the legitimate interest of providing the service.
            </p>
            <p>
                This data is not usually collectively available (“as a dump“), but may be handed upon request to third parties for purposes of development or research.
            </p>
            <p>
                If you upload your OpenPGP certificates to the service, you are the source of this data.
                It is also possible for anyone who has your public OpenPGP certificate to upload them to this service – for example, if you have published them somewhere else, or sent them to someone. This does not include publication of Email Addresses, which are only used with explicit consent as described above.
            </p>
        </li>
        <li>
            <h4>Other User ID data</h4>
            <p>
                An OpenPGP certificate may contain personal data other than email addresses, such as User IDs that do not contain email addresses, or image attributes.
                This data is stripped during upload and never stored, processed, or distributed in any way.
            </p>
            <p>
                OpenPGP packet types that were not specifically mentioned above are stripped during upload and never stored, processed or distributed in any way.
            </p>
        </li>
    </ul>
    <p>
        Data is never relayed to third parties outside of what is available from the public API interfaces, and what is described in this policy and on our <a href="https://keys.openpgp.org/about">about page</a>.
    </p>
    <p>
        This service is available on the Internet, so anyone, anywhere in the world, can access it and retrieve data from it.
    </p>
    <h3>Retention periods</h3>
    <p>
        We will retain your email address linked with your OpenPGP certificates until you remove it.
        We will remove your Public Key Data if you wish, but note that anyone can re-upload it to the service, in keeping with the “public” nature of this key material.
    </p>
    <p>
        All incoming requests are logged for a period of 30 days, and only used as necessary for operation of the service.
        IP addresses are anonymized for storage.
    </p>
    <h3>Your rights</h3>
    <p>
        You can withdraw consent to the processing of your email address at any time, or erase your email addresses, using the <a href="https://keys.openpgp.org/manage">“manage“ tool</a>.
    </p>
    <p>
        You can obtain access to the personal data we process about you by viewing your OpenPGP certificates, or searching for your certificates using your email addresses, using this service.
    </p>
    <p>
        You can delete your OpenPGP certificates by emailing support at keys dot openpgp dot org, but note that anyone can upload them again. If you object to having your certificate re-uploaded, email support at keys dot openpgp dot org and we will banlist your keys.
    </p>
    <p>
        To exercise the right of portability, you can download your OpenPGP certificate using this service.
    </p>
    <p>
        If you are in the EEA or UK, you also have the right to lodge a complaint with a supervisory authority, such as your local data protection authority.
    </p>
</div>
							
							
							
						
@@ -1,31 +0,0 @@
<div class="about">
    <center><h2><a href="/about">About</a> | <a href="/about/news">News</a> | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | Stats | <a href="/about/privacy">Privacy</a></h2></center>
    <h3>Verified email addresses</h3>
    <p>
      A simple statistic of the total number of email addresses that are currently verified. 📈
    </p>
    <p>
      <center><img src="/about/stats/month.png" /></center>
    </p>
    <p>
      <center><img src="/about/stats/year.png" /></center>
    </p>
    <h3>Load Average</h3>
    <p>
      The "load average" of a server is a statistic of how busy it is. Simply put:
      <ul>
        <li>0.0 means the <span class="brand">keys.openpgp.org</span> host is completely idle</li>
        <li>1.0 is fairly busy</li>
        <li>4.0 and above means it's on fire 🔥</li>
      </ul>
    </p>
    <p>
      <center><img src="/about/stats/load_week.png" /></center>
    </p>
</div>
							
							
							
						
@@ -1 +0,0 @@
{{#> layout }}
							
							
							
						
@@ -1 +0,0 @@
{{/layout}}
							
							
							
						
@@ -1,221 +0,0 @@
<div class="about usage">
    <center><h2><a href="/about">About</a> | <a href="/about/news">News</a> | Usage | <a href="/about/faq">FAQ</a> | <a href="/about/stats">Stats</a> | <a href="/about/privacy">Privacy</a></h2></center>
    <p>
        On this page, we collect information on how to use
        <span class="brand">keys.openpgp.org</span> with different OpenPGP
        software products.<br />
        We are still in the process of adding more. If you are missing some, please
        write to us and we'll try to add it.
    </p>
    <h2 id="web" style="padding-left: 3%;">
        <a href="#web">Web Interface</a>
    </h2>
    <p>
        The web interface on <span class="brand">keys.openpgp.org</span> allows you to:
    </p>
    <p>
        <ul>
            <li><a href="/">Search</a> for keys manually, by fingerprint or email address.</li>
            <li><a href="/upload">Upload</a> keys manually, and verify them after upload.</li>
            <li><a href="/manage">Manage</a> your keys, and remove published identities.</li>
        </ul>
    </p>
    <h2 id="enigmail">
        <div><img src="/assets/img/enigmail.svg"></div>
        <a href="#enigmail">Enigmail</a>
    </h2>
    <p>
        <a href="https://enigmail.net" target="_blank">Enigmail</a> for Thunderbird
        uses <span class="brand">keys.openpgp.org</span> by default since
        version 2.0.12.
    </p>
    <p>Full support is available since Enigmail 2.1
        (for <a href="https://www.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/" target="_blank">Thunderbird 68</a> or newer):
        <ul>
            <li>Keys will be kept up to date automatically.</li>
            <li>During key creation, you can upload and verify your key.</li>
            <li>Keys can be discovered by email address.</li>
        </ul>
    </p>
    <h2 id="gpg-suite">
        <div><img src="/assets/img/gpgtools.png"></div>
        <a href="#gpg-suite">GPG Suite</a>
    </h2>
    <p>
        <a href="https://gpgtools.org/">GPG Suite</a> for macOS
        uses <span class="brand">keys.openpgp.org</span> by default
        since August 2019.
    </p>
    <h2 id="openkeychain">
        <div><img src="/assets/img/openkeychain.svg"></div>
        <a href="#openkeychain">OpenKeychain</a>
    </h2>
    <p>
        <a href="https://www.openkeychain.org/">OpenKeychain</a> for Android
        uses <span class="brand">keys.openpgp.org</span> by default
        since July 2019.
        <ul>
            <li>Keys will be kept up to date automatically.</li>
            <li>Keys can be discovered by email address.</li>
        </ul>
    </p>
    <p>
        Note that there is no built-in support for upload and email address verification so far.
    </p>
    <h2 id="pignus">
        <div><img src="/assets/img/pignus.png"></div>
        <a href="#pignus">Pignus</a>
    </h2>
    <p>
        <a href="https://www.frobese.de/pignus/">Pignus</a> for iOS
        uses <span class="brand">keys.openpgp.org</span> by default
        since November 2019.
        <ul>
            <li>Your keys can be uploaded at any time.</li>
            <li>Keys can be discovered by email address.</li>
        </ul>
    </p>
    <h2 id="gnupg">
        <div><img src="/assets/img/gnupg.svg" /></div>
        <a href="#gnupg">GnuPG</a>
    </h2>
    <p>
        To configure <a href="https://gnupg.org">GnuPG</a>
        to use <span class="brand">keys.openpgp.org</span> as keyserver,
        add this line to your <tt>gpg.conf</tt> file:
        <blockquote>
            keyserver hkps://keys.openpgp.org
        </blockquote>
    </p>
    <h4 id="gnupg-retrieve"><a href="#gnupg-retrieve">Retrieving keys</a></h4>
    <ul>
        <li>
            To locate the key of a user, by email address:
            <blockquote>gpg --auto-key-locate keyserver --locate-keys user@example.net</blockquote>
        </li>
        <li>To refresh all your keys (e.g. new revocation certificates and subkeys):
            <blockquote>gpg --refresh-keys</blockquote>
        </li>
    </ul>
    <h4 id="gnupg-upload"><a href="#gnupg-upload">Uploading your key</a></h4>
    <p>
        Keys can be uploaded with GnuPG's <tt>--send-keys</tt> command, but
        identity information can't be verified that way to make the key
        searchable by email address (<a href="/about">what does this mean?</a>).
    </p>
    <ul>
        <li>
            You can try this shortcut for uploading your key, which outputs
            a direct link to the verification page:
            <blockquote>
                gpg --export your_address@example.net | curl -T - {{ base_uri }}
            </blockquote>
        </li>
        <li>
            Alternatively, you can export them to a file
            and select that file in the <a href="/upload" target="_blank">upload</a> page:
            <blockquote>
                gpg --export your_address@example.net &gt; my_key.pub
            </blockquote>
        </li>
    </ul>
    <h4 id="gnupg-troubleshooting"><a href="#gnupg-troubleshooting">Troubleshooting</a></h4>
    <ul>
        <li>
            Some old <tt>~/gnupg/dirmngr.conf</tt> files contain a line like this:
            <blockquote>
                hkp-cacert ~/.gnupg/sks-keyservers.netCA.pem
            </blockquote>
            <p>
                This configuration is no longer necessary,
                but prevents regular certificates from working.
                It is recommended to simply remove this line from the configuration.
            </p>
        </li>
        <li>
            While refreshing keys, you may see errors like the following:
            <blockquote>gpg: key A2604867523C7ED8: no user ID</blockquote>
            This is a <a href="https://dev.gnupg.org/T4393" target="_blank">known problem in GnuPG</a>.
            We are working with the GnuPG team to resolve this issue.
        </li>
    </ul>
    <h4 id="gnupg-tor"><a href="#gnupg-tor">Usage via Tor</a></h4>
    <p>
        For users who want to be extra careful,
        <span class="brand">keys.openpgp.org</span> can be reached anonymously as an
        <a href="https://support.torproject.org/onionservices/#onionservices-2" target="_blank">onion service</a>.
        If you have
        <a href="https://www.torproject.org/" target="_blank">Tor</a>
        installed, use the following configuration:
        <blockquote>
            keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion
        </blockquote>
    </p>
    <h2 style="padding-left: 3%;" id="wkd-as-a-service">
        <a href="#wkd-as-a-service">WKD as a Service</a>
    </h2>
    <p> The Web Key Directory (WKD) is a standard for discovery of OpenPGP keys by email address, via the domain of its email provider.
        It is used to discover unknown keys in some email clients, such as <a href="https://www.gpg4win.de/about.html" target="_blank">GpgOL</a>.
    <p> <span class="brand">keys.openpgp.org</span> can be used as a managed WKD service for any domain.
        To do so, the domain simply needs a <tt>CNAME</tt> record that delegates its <tt>openpgpkey</tt> subdomain to <tt>wkd.keys.openpgp.org</tt>.
        It should be possible to do this in the web interface of any DNS hoster.
    <p> Once enabled for a domain, its verified addresses will automatically be available for lookup via WKD.
    <p> The <tt>CNAME</tt> record should look like this:
    <blockquote>
        $ drill openpgpkey.example.org<br>
        ...<br>
        openpgpkey.example.org.       300     IN      CNAME   wkd.keys.openpgp.org.
    </blockquote>
    <p> There is a simple status checker for testing the service:
    <blockquote>
        $ curl 'https://wkd.keys.openpgp.org/status/?domain=openpgpkey.example.org'<br>
        CNAME lookup ok: openpgpkey.example.org resolves to wkd.keys.openpgp.org<br>
    </blockquote>
    <p> For testing key retrieval:
    <blockquote>
        $ gpg  --locate-keys --auto-key-locate clear,nodefault,wkd address@example.org<br>
    </blockquote>
    <h2 style="padding-left: 3%;">API</h2>
    <p>
        We offer an API for integrated support in OpenPGP applications. Check
        out our <a href="/about/api">API documentation</a>.
    </p>
    <h2 style="padding-left: 3%;">Others</h2>
    <p>
        Missing a guide for your favorite implementation?  This site is
        a work-in-progress, and we are looking to improve it. Drop us a line at
        <span class="email">support at keys dot openpgp dot org</span> if you
        want to help out!
    </p>
</div>