Publish your PGP key via WKS (tilde.club)
authors:
table of contents
Publish
your OpenPGP key so mail apps can auto-discover it using
WKD/WKS on openpgpkey.tilde.club. §
What you’ll do §
- Create (or reuse) a modern PGP key for your
@tilde.clubaddress. - Submit a publish request (the script does this for you).
- Confirm the request from mutt (one click/command).
- Verify lookups work.
1) Create & submit (one command) §
The script will:
- generate ed25519 + cv25519 (or nistp256 on FIPS),
- set safe GnuPG options,
- send the WKS request via Postfix’s
sendmail.
# if your script lives elsewhere, adjust the path
pgp-setup-and-submit.sh --name "Your Name" --email yourlogin@tilde.clubYou’ll be prompted for a passphrase. If a key already exists for that email, it will be reused and only the request is sent.
2) Confirm from mutt §
You’ll receive a “confirm your key publication” email.
Option A — quick pipe (no config) §
Open the message in mutt and press |, then type:
gpg-wks-client --read | /usr/sbin/sendmail -tEnter your key’s passphrase if prompted. That’s it.
Option B — one-time mutt integration (nicer UX) §
In mutt: open the email → press v (view parts) → select
the application/vnd.gnupg.wks part → Enter. Done.
3) Verify publication §
After a minute, test WKD discovery:
gpgconf --kill all
gpg --auto-key-locate clear,wkd --locate-external-keys yourlogin@tilde.club
# or:
curl -s "$(gpg-wks-client --print-wkd-url yourlogin@tilde.club)" | gpg --show-keysYou should see your public key.
Troubleshooting §
- “sending mail is not supported in this build” Use
the pipe form:
gpg-wks-client --read | /usr/sbin/sendmail -t. - Pinentry/TTY issues (no prompt / permission denied)
In your shell:
echo allow-loopback-pinentry >> ~/.gnupg/gpg-agent.confecho pinentry-mode\ loopback >> ~/.gnupg/gpg.confgpgconf --kill gpg-agent; export GPG_TTY=$(tty); gpg-connect-agent updatestartuptty /bye
That’s it—once confirmed, mail clients can auto-fetch your key from
openpgpkey.tilde.club with zero copy-paste.