We have implemented version 21 of the OpenPGP WKDWeb Key Directory Internet-Draft published by the IETF. A proposed standardised secure method for publishing and discovering OpenPGP public keys via a user’s email domain over HTTPS, the secure version of HTTP, that utilises SSL/TLS certificates to encrypt data sent between a web browser and a website. This proposal offers two methods for retrieving OpenPGP public keys:

1. Direct Method
   This method retrieves keys by directly querying the local-part of a domain.

2. Advanced Method
   This method allows fetching keys from a dedicated sub-domain named openpgpkey.

The Web Key Directory Validator can be used to verify if keys are correctly published and accessible, following the proposed guidelines.

PKA is not standardised by a dedicated IETF RFC, but it is often associated with the use of DNS CERT records defined in RFC 4398 or via specific TXT records to locate public keys. We use the later method using the format:

• <local-part>._pka.iper.uk
  The local-part of an email address appears before the @ symbol.

When queried, a response is returned with the following information:

• v=pka1;
  Contains the version of the PKA record format.

• fpr=<fingerprint>;
  Contains the full key fingerprint, made up of 40 hexadecimal characters.

• uri=https://iper.uk/OpenPGP/Keys/<KeyId>.asc
  Contains the locations where the key can be downloaded from. The file extension .asc indicates an ASCII-armoured text file that is used to store keys, or digital signatures.