Version 1.4

The comp.security.pgp FAQ


8. Public Key Servers


8.1 What are the Public Key Servers?

Public Key Servers exist for the purpose of making your public key available in a common database where everybody can have access to it for the purpose of encrypting messages to you. Anyone who wants to write you a message, or to check a signature on a message from you, can get your key from the keyserver, so he doesn't have to bother you with it.

While a number of key servers exist, it is only necessary to send your key to one of them. The key server will take care of the job of sending your key to all other known servers.

8.2 What public key servers are available?

There is now a clean interface to key servers. The pgp.net domain was founded for this purpose, and offers an easy and fast way to obtain people's public keys.

You can access the keyserver in e-mail, by sending mail to pgp-public-keys@keys.pgp.net with the command (see 8.3 below) in the Subject line of your message. This message will be sent to one of the keyservers at random, which ensures that an individual server will not be overloaded.

If you have WWW access, you can also use the WWW interface at http://www.uk.pgp.net/pgpnet/pks-commands.html.

FOUR11 no longer certifies keys. Version 1.3 of the FAQ incorrectly claimed that pobox.com certified keys, but Pobox customer service says they don't.

8.3 What is the syntax for the key server commands?

The key server expects to see one of the following commands placed in the subject field. Note that only the ADD command uses the body of the message.
ADD           Your PGP public key (key to add is body of msg) (-ka)
INDEX         List all PGP keys the server knows about (-kv)
VERBOSE INDEX List all PGP keys, verbose format (-kvv)
GET           Get the whole public key ring (-kxa *), in multiple messages
GET <userid>  Get just that one key (-kxa <userid>)
MGET <userid> Get all keys which match regular expression <userid>
LAST <n>      Get all keys uploaded during last <n> days

Note that instead of a user ID, you can also use a key ID. In this case, you should put "0x" in front of it. By using a key ID rather than a user ID, name or e-mail address, you ensure that you get exactly the key you want. Please see question 4.5 for more information on how to use key IDs. Examples for the MGET command:

MGET michael            Gets all keys which have "michael" in them
MGET iastate            All keys which contain "iastate"
MGET bill.*@msn.com     All keys from MSN with usernames starting with "bill"
MGET E8F605A5|5F3E38F5  Those two keyid's

Note that in the MGET command, you don't have to use the "0x" prefix if you want specific keys.

One word about regexps: These are not the same as the wildcards Unix shells and MSDOS uses. a * isn't ``match anything'' it means ``match zero or more of the previous character'' like:

        a.*  matches anything beginning with an a
        ab*c matches ac, abc, abbc, etc.

If you wish to get the entire key ring and have access to FTP, it would be a lot more efficient to use FTP rather than e-mail. Download an entire keyring from ftp://ftp.pgp.net/pub/pgp/keys/README.html

[ Previous | Next | Table of Contents | About this FAQ | Glossary ]


Copyright © 1996 by Arnoud Engelfriet.
Last updated: 17 Dec 1997.
Comments, additions and suggestions can be sent to <faq-admin@mail.pgp.net>.
This FAQ was generated by Orb v1.3 for OS/2.