TildeClub/site
TildeClub
/
site
mirror of https://github.com/tildeclub/site.git
1
1
Fork 1
Code Issues Packages Projects Releases Wiki Activity
site/wiki/source/wks.md

80 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Publish your PGP key via WKS (tilde.club)
author: deepend
category: security
---
# Publish your OpenPGP key so mail apps can auto-discover it using **WKD/WKS** on `openpgpkey.tilde.club`.
## What youll do
1. Create (or reuse) a modern PGP key for your `@tilde.club` address.
2. Submit a publish request (the script does this for you).
3. Confirm the request from **mutt** (one click/command).
4. Verify lookups work.
---
## 1) Create & submit (one command)
The script will:
* generate **ed25519** + **cv25519** (or **nistp256** on FIPS),
* set safe GnuPG options,
* send the WKS request via Postfixs `sendmail`.
```bash
# if your script lives elsewhere, adjust the path
pgp-setup-and-submit.sh --name "Your Name" --email yourlogin@tilde.club
```
Youll be prompted for a passphrase. If a key already exists for that email, it will be reused and only the request is sent.
---
## 2) Confirm from mutt
Youll receive a “confirm your key publication” email.
### Option A — quick pipe (no config)
Open the message in mutt and press `|`, then type:
```bash
gpg-wks-client --read | /usr/sbin/sendmail -t
```
Enter your keys passphrase if prompted. Thats it.
### Option B — one-time mutt integration (nicer UX)
In mutt: open the email → press `v` (view parts) → select the `application/vnd.gnupg.wks` part → Enter. Done.
---
## 3) Verify publication
After a minute, test WKD discovery:
```bash
gpgconf --kill all
gpg --auto-key-locate clear,wkd --locate-external-keys yourlogin@tilde.club
# or:
curl -s "$(gpg-wks-client --print-wkd-url yourlogin@tilde.club)" | gpg --show-keys
```
You should see your public key.
---
## Troubleshooting
* **“sending mail is not supported in this build”**
Use the pipe form: `gpg-wks-client --read | /usr/sbin/sendmail -t`.
* **Pinentry/TTY issues (no prompt / permission denied)**
In your shell:
`echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.conf`
`echo pinentry-mode\ loopback >> ~/.gnupg/gpg.conf`
`gpgconf --kill gpg-agent; export GPG_TTY=$(tty); gpg-connect-agent updatestartuptty /bye`
Thats it—once confirmed, mail clients can auto-fetch your key from `openpgpkey.tilde.club` with zero copy-paste.
Reference in New Issue View Git Blame Copy Permalink