gpg-wks-server (1) - Linux Man Pages

gpg-wks-server: Server for the Web Key Service


gpg-wks-server - Server for the Web Key Service


gpg-wks-server [COMMAND] [OPTIONS] [ARGS]


gpg-wks-server is a server for the Web Key Service. It can handle incoming mails with the --receive command.

See the EXAMPLES section for procmail and crontab configurations.

You also need a webserver configured to alias requests to /.well-known/openpgp/ and below to the /var/lib/gnupg/wks/<wkd-domain>/ directory.


Receive a submission or confirmation.
Run regular jobs.
List configured domains, and checks some file and directory permissions.
Show program version and some meta information.
-h, --help
Output a short usage information.
Print warranty information.
Dump all available options and commands.


-v, --verbose
Enable verbose output.
-q, --quiet
Be somewhat more quiet.
Send the mail using sendmail.
-o, --output FILE
Write the mail to FILE.
--from ADDR
Use ADDR as the default sender.
--header NAME=VALUE
Add "NAME: VALUE" as header to all mails.
Can be used to add a header for loop detections, see procmail example.
Set debugging flags. All flags are or-ed and flags may be given in C syntax (e.g. 0x0042) or as a comma separated list of flag names. To get a list of all supported flags the single word "help" can be used.
--gpg GPG
Use the specified command instead of gpg.


Contains a subdirectory for each domain to run the server for. Each subdirectory is supposed to contain what should show up on https://.../.well-known/openpgp/.
The user running gpg-wks-server needs write access to these subdirectories.



Store received emails in ~/Mail/ (create it manually first), uses From: key-submission [at] and X-WKS-Loop: as loop detection:

MAILDIR=$HOME/Mail LOGFILE=$HOME/Mail/from LOCKFILE=$HOME/Mail/.lockmail VERBOSE=yes # filter out FROM_DAEMON mails (bounces, ...) into separate mailbox :0 * ^FROM_DAEMON from-daemon/ # archive (copy!) all "normal" mails :0 c archive/ # if not in a loop: handle mails with gpg-wks-server :0 w * !^From: key-submission [at] * !^X-WKS-Loop: |gpg-wks-server -v --receive \ --header \ --from key-submission [at] --send # if handling failed: store in separate mailbox :0 e cruft/


In case procmail is not used automatically the following ~/.forward file might be useful:

"|exec /usr/bin/procmail || exit 75"

The double quotes are supposed to be included in the file!


You should run the --cron command once a day. Edit the crontab with

crontab -e

and append the following line:

42 3 * * * gpg-wks-server --cron


Please report bugs to <>.


Copyright © 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <>

This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

This manpage was written by Stefan B├╝hler for the Debian distribution (but may be used by others).


Latest draft for the Web Key Service protocol: <>
GnuPG on Web Key Service: <>