OpenPGP Web Key Directory Explained
Written by Jiří Keresteš on 2019-08-01
pgpIf you ever tried to send an encrypted e-mail to someone you haven't met before, you know that getting the right public key can be a quite challenging task. Traditional OpenPGP key servers[1] are usually everything but useful in this case. In this post, we'll see how OpenPGP Web Key Directory[2] tries to solve this situation.
Imagine that you've discovered an exploitable vulnerability in your favourite software, web service, or whatever. Because you are a good person, you want to follow the responsible disclosure[3] procedure and alert the company's security contact via an encrypted e-mail. You might get lucky and find proper public key on the company's website accessible over HTTPS[4], which makes the key reasonably trustworthy. But most likely you won't find any keys on the website. Next option is public OpenPGP key server query. Chances are that you'll either find a bunch of public keys, or none at all. That's not particularly helpful, as you still need to pick the right key, and most importantly, verify the key owner identity via a secure channel. Now you have even more problems and wish you never wanted to report anything.
This is where OpenPGP Web Key Directory (WKD)[2] steps in. It shifts part of the traditional key server's responibility towards the recipient's mail provider, who now provides public keys for mailboxes in its domain via HTTPS[4].
Let's say you want to send an encrypted message to fred.tangerine@trustica.cz using an e-mail client with WKD[2] support. Client takes the local part of the recipient address ("fred.tangerine"), hashes it with SHA-1 and encodes the result into 32B string. Then it retrieves the right public key over HTTPS at well-defined URI[5] https://openpgpkey.trustica.cz/.well-known/openpgpkey/trustica.cz/hu/7sp833cuw54w8nbkdyrk3bmjkcztk1kb?l=fred.tangerine, as defined in WKD draft[6]. This solution is still not bulletproof, but much better than previously discussed alternatives. Key can be published either manually by mail service provider, or via a related Web Key Service.
Web Key Service
Web Key Service (WKS)[7] is an update protocol for WKD[2]. Users can submit their keys to the mail provider by sending and encrypted e-mail to submission address defined by WKD draft[6]. Public key for this address is retrievable via WKD[2] service. The mail provider will send an encrypted confirmation e-mail after receiving the key, to prevent submitting malicious keys. This e-mail contains a cryptographic nonce[8]. User decrypts the e-mail and sends the nonce back in a signed and encrypted e-mail, which completes the key submission process.
Conclusion
WKD does not deprecate traditional key servers entirely. These are still perfectly good for some applications (e.g. distribution of revoked keys). However, it greatly reduces amount of effort needed to fetch a valid key.
Be responsible!
References
- Wikipedia contributors. (2019, July 10). Key server (cryptographic). In Wikipedia, The Free Encyclopedia. Retrieved 15:56, July 31, 2019, from https://en.wikipedia.org/w/index.php?title=Key_server_(cryptographic)&oldid=905594897
- OpenPGP Web Key Directory. https://wiki.gnupg.org/WKD
- Wikipedia contributors. (2019, January 3). Responsible disclosure. In Wikipedia, The Free Encyclopedia. Retrieved 16:01, July 31, 2019, from https://en.wikipedia.org/w/index.php?title=Responsible_disclosure&oldid=876587989
- Wikipedia contributors. (2019, July 22). HTTPS. In Wikipedia, The Free Encyclopedia. Retrieved 16:03, July 31, 2019, from https://en.wikipedia.org/w/index.php?title=HTTPS&oldid=907361828
- Wikipedia contributors. (2019, July 27). Uniform Resource Identifier. In Wikipedia, The Free Encyclopedia. Retrieved 16:02, July 31, 2019, from https://en.wikipedia.org/w/index.php?title=Uniform_Resource_Identifier&oldid=908067205
- OpenPGP Web Key Directory Internet Draft. draft-koch-openpgp-webkey-service-08. https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/
- OpenPGP Web Key Service. https://wiki.gnupg.org/WKS
- Wikipedia contributors. (2019, March 27). Cryptographic nonce. In Wikipedia, The Free Encyclopedia. Retrieved 16:01, July 31, 2019, from https://en.wikipedia.org/w/index.php?title=Cryptographic_nonce&oldid=889767479