jekyll-wkd

jekyll-wkd

Jekyll plugin to generate an OpenPGP Web Key Directory

Jekyll Web Key Directory

A Jekyll plugin to generate an OpenPGP Web Key Directory (WKD).

Web Key Directory is a standard and decentralized way of distributing OpenPGP keys without relying on the traditional public key servers, like SKS, which have proven increasingly unreliable and prone to abuse and impersonation.

Given a set of public keys, this plugin can generate either an "advanced" format directory, suitable for hosting under an openpgpkey subdomain e.g. https://openpgpkey.example.com; or a "direct" format directory, for hosting under a root or apex domain.

Installation

Add the plugin's gem to your site's Gemfile like so:

group :jekyll_plugins do
  gem "jekyll-wkd"
end

And install the newly added gem with the command:

bundle install

Older versions of Jekyll might not automatically activate the plugins under the :jekyll_plugins group. If so, you'll need to add it into your site's _config.yml file:

plugins:
  - jekyll-wkd

Usage

This plugin should work without any further configuration. Just place the public keys you wish to export under the keys directory within your site's source, and the plugin will export them into the .well-known/openpgpkey directory on the generated site.

By default, the exported key directory will be in the advanced format, with keys being placed on a folder corresponding to their domain, each with their own separate policy file. To use the direct format, meant to be served from the root of a domain, you'll need to change the mode option in your _config.yml file to direct, as shown further below.

The keys will still be regarded as static files by Jekyll, so they'll also be copied over to the generated side under the same directory they're in.

If you need to scan keys from a different directory, or change which file extensions are considered as key files, you can change these settings on your site's _config.yml file. The default settings are:

wkd:
  mode: 'advanced'
  exts: ['.asc', '.pub']
  path: 'keys'

Also note that if you change your site's baseurl, PGP tools might not be able to find your published keys, since the .well-known directory needs to be on the root of the URL.