Where to publish your PGP key

Background (The Old (Bad) Ways)

You may have heard of SKS key servers, they’re called that way because the software they use is equally named “SKS”.

For a long time, SKS key servers were the default. The special thing about SKS key servers is that they federate, so if you publish your key to one server, you publish them to all.

This is of course convenient because this means your key can easily be found and fetched from any SKS keyserver, without having to know where a person published their key.

But there are many problems with SKS…

  • Keys are not verified in any way: Anyone can upload a key for anyone
  • The full key is published, including all signatures: While this means the web of trust works, it also means it leaks your social graph. Further, there is an attack where you add a ridiculous number of signatures to the point that your key is too big to even import or deal with. The signatures cannot ever be removed, your key broke.
  • Keys cannot ever be deleted. There is no way to delete a key from an SKS keyserver, not on the network, nor on single servers. This has privacy implications, since your email address is publicly visible, and you can’t remove it.
  • It is possible to search the SKS key servers for partial matches. Just enter “steve” in the search, and you get all the email addresses (or names) containing Steve! In one case, there’s even a picture of some Steve’s face! It’s incredibly easy to scrape SKS keyservers for email addresses, and abuse it for spam or doxxing.
  • Because of the mentioned privacy issues, it’s questionable whether SKS key servers are GDPR-compliant and therefore potentially illegal in the EU.

The possibly best known SKS key server is sks-keyservers.net, or rather, [was]. They were aware of the problems, and they first deprecated the service, to then shut it down entirely after they received too many GDPR takedown requests:

“This service is deprecated. This means it is no longer maintained, and new HKPS certificates will not be issued. Service reliability should not be expected. Due to even more GDPR takedown requests, the DNS records for the pool will no longer be provided at all.”

sks-keyservers.net before going down

In short: Because of all the mentioned problems, the death of the big server, and only a few servers remaining, SKS key servers are considered obsolete. You should not use them.

The New Era of Key Servers

So, what now? Well…

Because of all the problems with SKS key servers, there are now new key servers that do things differently:

  • They only publish non-identity information (i.e. only crypto), unless you consent by verification email. In some cases, nothing is published without verification email (depends on the key server’s policy).
  • The signatures are stripped, meaning no social graph is leaked, and the signature attack won’t work.
  • They don’t federate, meaning there’s more control over the submitted data.
  • They allow you to delete the key (or identity information, depending on the server), with a verification email.

Of course, the downside is that the WoT (web of trust) doesn’t work this way, but that’s probably OK, since email ownership is verified. And the plus is that the social graph isn’t leaked.

The downside is, that without federation, people need to know where you published your key, or you publish it to several places and maintain your keys on all those places.

Some Good PGP Key Servers

keys.openpgp.org

This key server is very popular and has gotten a lot of attention after SKS became unfavorable. At the time of writing, this server has about 300k verified addresses! And that’s not even counting all the non-verified crypto-only addresses. If you’re talking to someone who’s active in the FOSS community or hacker scene, there’s probably a good chance they know of this server and maybe even use it.

keys.mailvelope.com

This key server is provided by the Mailvelope extension, a well-known and popular extension to get PGP in the browser. It is unknown how many keys there are on this server, but at the time of this writing, the extension has over 100k installs on Google Chrome, and over 40k installs on Firefox.

keyserver.pgp.com

This key server has a bit of a dodgy website, but it’s been around since 2011 it seems! It might actually be one of the first verifying key servers with control over your keys, way before people moved away from SKS, but perhaps there are earlier, more obscure ones. This server is actually well-known too, probably because it’s been around so long (and look at that domain!). The downside is, it doesn’t seem to support Curve25519 keys, and just throws an error, thinking you’re using a V3 key (which is too old and not supported). But if you’re still using RSA, this server might be worth a shot.

WKD

Last but not least, WKD, not a key server but a technique to publish your key. It works by publishing your key over HTTPS on the domain of the email address. So, if you use email with your own domain, I definitely recommend setting this up [see my guide here].

Conclusion

Stop using SKS, publish your keys on some good key servers instead, and set up WKD if you use email with your own domain.

I run this blog in my free time, if I helped you out, consider donating a coffee. (: