Skip to content

Jekyll plugin to generate an OpenPGP Web Key Directory

License

GPL-3.0, LGPL-3.0 licenses found

Licenses found

GPL-3.0
LICENSE
LGPL-3.0
LICENSE.LESSER
Notifications You must be signed in to change notification settings

fernzi/jekyll-wkd

Repository files navigation

Jekyll Web Key Directory

Gem Version License: LGPLv3+ CI

A Jekyll plugin to generate an OpenPGP Web Key Directory (WKD).

Web Key Directory is a standard and decentralized way of distributing OpenPGP keys without relying on the traditional public key servers, like SKS, which have proven increasingly unreliable and prone to abuse and impersonation.

Given a set of public keys, this plugin can generate either an "advanced" format directory, suitable for hosting under an openpgpkey subdomain e.g. https://openpgpkey.example.com; or a "direct" format directory, for hosting under a root or apex domain.

Installation

Add the plugin's gem to your site's Gemfile like so:

group :jekyll_plugins do
  gem "jekyll-wkd"
end

And install the newly added gem with the command:

bundle install

Older versions of Jekyll might not automatically activate the plugins under the :jekyll_plugins group. If so, you'll need to add it into your site's _config.yml file:

plugins:
  - jekyll-wkd

Usage

This plugin should work without any further configuration. Just place the public keys you wish to export under the keys directory within your site's source, and the plugin will export them into the .well-known/openpgpkey directory on the generated site.

By default, the exported key directory will be in the advanced format, with keys being placed on a folder corresponding to their domain, each with their own separate policy file. To use the direct format, meant to be served from the root of a domain, you'll need to change the mode option in your _config.yml file to direct, as shown further below.

The keys will still be regarded as static files by Jekyll, so they'll also be copied over to the generated side under the same directory they're in.

If you need to scan keys from a different directory, or change which file extensions are considered as key files, you can change these settings on your site's _config.yml file. The default settings are:

wkd:
  mode: 'advanced'
  exts: ['.asc', '.pub']
  path: 'keys'

Also note that if you change your site's baseurl, PGP tools might not be able to find your published keys, since the .well-known directory needs to be on the root of the URL.