TildeClub/site
TildeClub
/
site
mirror of https://github.com/tildeclub/site.git
1
1
Fork 1
Code Issues Packages Projects Releases Wiki Activity

Add guide for publishing PGP key via WKS 

This document provides a step-by-step guide on how to publish an OpenPGP key using WKS on tilde.club, including key creation, submission, confirmation, and verification.
This commit is contained in:
deepend-tildeclub 2025-10-27 14:08:44 -06:00 committed by GitHub
parent 812da56ff2
commit 05a8ad4b71
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 79 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
wiki/source/wks.md Normal file
View File

@ -0,0 +1,79 @@
---
title: Publish your PGP key via WKS (tilde.club)
author: deepend
category: security
---
# Publish your OpenPGP key so mail apps can auto-discover it using **WKD/WKS** on `openpgpkey.tilde.club`.
## What youll do
1. Create (or reuse) a modern PGP key for your `@tilde.club` address.
2. Submit a publish request (the script does this for you).
3. Confirm the request from **mutt** (one click/command).
4. Verify lookups work.
---
## 1) Create & submit (one command)
The script will:
* generate **ed25519** + **cv25519** (or **nistp256** on FIPS),
* set safe GnuPG options,
* send the WKS request via Postfixs `sendmail`.
```bash
# if your script lives elsewhere, adjust the path
pgp-setup-and-submit.sh --name "Your Name" --email yourlogin@tilde.club
```
Youll be prompted for a passphrase. If a key already exists for that email, it will be reused and only the request is sent.
---
## 2) Confirm from mutt
Youll receive a “confirm your key publication” email.
### Option A — quick pipe (no config)
Open the message in mutt and press `|`, then type:
```bash
gpg-wks-client --read | /usr/sbin/sendmail -t
```
Enter your keys passphrase if prompted. Thats it.
### Option B — one-time mutt integration (nicer UX)
In mutt: open the email → press `v` (view parts) → select the `application/vnd.gnupg.wks` part → Enter. Done.
---
## 3) Verify publication
After a minute, test WKD discovery:
```bash
gpgconf --kill all
gpg --auto-key-locate clear,wkd --locate-external-keys yourlogin@tilde.club
# or:
curl -s "$(gpg-wks-client --print-wkd-url yourlogin@tilde.club)" | gpg --show-keys
```
You should see your public key.
---
## Troubleshooting
* **“sending mail is not supported in this build”**
Use the pipe form: `gpg-wks-client --read | /usr/sbin/sendmail -t`.
* **Pinentry/TTY issues (no prompt / permission denied)**
In your shell:
`echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf`
`echo pinentry-mode\ loopback >> ~/.gnupg/gpg.conf`
`gpgconf --kill gpg-agent; export GPG_TTY=$(tty); gpg-connect-agent updatestartuptty /bye`
Thats it—once confirmed, mail clients can auto-fetch your key from `openpgpkey.tilde.club` with zero copy-paste.