Adding support for fetching GPG key using WKD protocol
wiktor at metacode.biz
Wed Jul 4 21:27:23 UTC 2018
I would like to extend mutt to add fetching GPG keys over Web Key
(I've previously created an issue on gitlab  but I'll summarize the
thing here for the broader audience).
Web Key Directory is a new scheme for GPG key discovery. It converts the
e-mail address to HTTPS URL and fetches the key from there. It is
already supported by some e-mail clients (EnigMail, GpgOL).
For example kernel.org has it enabled and Linus' key is at:
As GnuPG 2 has it enabled by default "gpg --locate-key
torvalds at kernel.org" will fetch that key.
I've been exploring mutt's source code and the change would mostly be
enabling external lookup for keys that are not locally present  when
encryption is explicitly turned on (gpgme backend).
That raises some privacy issues, the same was discussed on gnupg-devel
ML  (gpg by default will fetch the key via WKD when encrypting to a
recipient but will *not* fetch the key when verifying signatures).
The question is how to do it well. Maybe ask the user if they want to
search for the key using WKD if it's not locally present?
An option would be the first choice but I worry about it not being used
at all (as people rarely enable non-standard features ).
Thank you for your consideration!
More information about the Mutt-dev