TransWikia.com

What is the standard way, if any, to announce via e-mail that you have a public PGP key and what it is?

Information Security Asked by J. Tukes on December 19, 2021

I’m making an e-mail system/client. I’m trying to correctly detect incoming e-mails which can be replied to with PGP encryption. This means finding out their public PGP key. I currently do:

  • Parse the e-mail body for a PGP public key block.

I suspect that these could be done:

  • Check for attachments with some kind of standard file name?
  • Check for a special hidden header which either spells out the public PGP key directly, or links to an external resource where it can be fetched?

Thanks in advance for clarifying how one properly detects/sends PGP public keys in e-mail context for maximum support.

One Answer

There's no one particular way to do this. Just signing all outgoing mail is one way people advertise that they support PGP provided their key is on a public keyserver.

Enigmail (Thunderbird plugin) has an option to include a public key as an attachment in all outgoing mail. It has a type of application/pgp-keys and the name is 0x<KEYID>.asc where <KEYID> is the key ID in hex.

There are several clients which support Autocrypt, a protocol for opportunistic encryption by storing public keys in headers.

Answered by smithkm on December 19, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP