key examples

Jump to: navigation, search


This page documents existing real world publishing examples of public keys in the hope of analyzing them to see if / how to better fit existing publishing practices of public keys, either with hCard's 'key' property, or possibly other solutions.

Related: provide input to W3C Crypto API Issue 14: Representation of raw key material

Particularly interesting examples: Nick Doty publishes his public key fingerprint as the 'key' property on his home page (linking to his public key at a separate URL), and Prof. Adams of Wells College publishes his public key as the 'key' property of his hCard on his contact page. Both Operator and H2VX find the hCard key property and convert it to the key property in a vCard, importable into any Address Book that supports vCard's key property.

Contents

The Problem

A user wants to share their public key on the web. What's the best way to do this?

To answer that question, this page researches existing publishing practices to see if there are patterns or exemplary examples, or if we can use them to figure out a recommended way to publish public keys on web pages.

Use Cases

meeting someone and sending private messages

Two people meet and exchange their personal URLs in the hopes of communicating later, and encrypting said communications.

possible threats

Implementations would need to be aware and careful about:

fake key updates
--- other threats ---

Real-World Examples

Real world publishing examples of public keys on public web pages.

personal home page

Nick Doty

In the wild:

Note: the page has an hCard of the individual with a 'key' property containing a public key fingerprint:

<a class="key" href="npdoty.asc">
EFAA&nbsp;3954&nbsp;C83F&nbsp;20F2&nbsp;0DF0 
E0EA&nbsp;4020&nbsp;3EE9&nbsp;0BBA&nbsp;B306
</a>

Whitespace added.

The destination of the hyperlink "npdoty.asc" is a text file with a Base64 public key block:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (Darwin)
 
mQENBErJM6oBCAC7NG5NZ5kiJg+KTTaIDjX9BU8bc7FI5a2zCYc3p9eikJfyyZYM
...
sWbckvcIjJRcAtRliKbAf+KjplbcEIzt+kxmweE5XeKvDFtzAD041FGAphIkKcuu
IAzL+XcMWzc3DA==
=+ojz
-----END PGP PUBLIC KEY BLOCK-----

Ellipsed.

Matthias Ries

In the wild:

Note: the page has an hCard of the individual, but no 'key' property. However, inside that hCard, there is the following:

<div class="signature">
 <pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
 
mQGiBEl2HAgRBAC9IZGQE3NRWFoXV7CcVRbo7xMe+nGPRMTOocA0pcv9N67R6CAZ
...
-----END PGP PUBLIC KEY BLOCK-----
 </pre>
</div>

Ellipsis added.

If the author used the class name "key" instead of (or in addition to) the class name "signature", then it would be recognized as a plain text 'key' property value in his hCard.

Ben Tremblay

In the wild:

Note: the page has three hCards for the individual, but no 'key' property. Just after the last hCard, there is the following:

<center>
<div class="scrollbox" style="height: 7.5em;">
<pre>
 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.4 (MingW32)
 
<font size="-6">
mQGiBESzvlsRBACzsDol94Pua0ggzSsLa35K9pQoPJHWg2YgpNp5wWC9/oruQaNF
...
 
</font>
-----END PGP PUBLIC KEY BLOCK-----
</pre>
</div></center>


profile page

Example(s) of a public key published on a profile page with other information, e.g. in a personal page at an institution or on a social network or other content hosting service.

Wells College

In the wild:

Note: The page has an hCard of the individual with a 'key' property!

<div id="hcard-Bryant-E-Adams" class="vcard">
<a class="url fn n" href="http://eclipse.wells.edu/badams">  <span class="given-name">Bryant</span>
  <span class="additional-name">E</span>
  <span class="family-name">Adams</span>
</a>
...
<h2>GPG/GnuGP Public Key</h2> (<a href="../resources/badams_0F87773F.asc" rel="self">download</a>) <h3>For email sent to/from <a href=&ldquo;mailto:badams.gpg+0x20&rdquo;>bad ams.gpg+0x20 (at) gmail (dot com)</a></h3>
  <pre><tt>
  <span class="key">
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
 
mQENBE4sjPMBCAC0ublKPnsdwD9B71bygmwVxn3hX6zw4H2Qlc6wPc0/OepjqVyq
...
-----END PGP PUBLIC KEY BLOCK-----
</span>
</tt></pre>
</div>

Ellipses added.

claimID

In the wild:

Note: ClaimID has hcard-supporting-user-profiles and thus the page has an hCard of the individual, but no 'key' property.

Note 2: Page has an abusive invisible content div (with visibility:hidden; position:absolute) aimed at crawlers (id="crawler_text"), presumably search engines in particular, since it abuses h1 tags:

<div id="crawler_text" style="visibility:hidden; position:absolute;">
          <h1>Brandon B</h1>      <h1>Caedis, Caedis_Hax, CaedisHax, Cædis_Hax, Daedalus, DaedalusXero, Dædalus</h1>      <h1>Texas</h1>        <h2>"There are no coincidences, only the illusion of coincidence"
 
 
The information below may be used to verify my signatures and encrypt communications to me.
 
 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (GNU/Linux)
 
mQGiBEgIJGYRBAC54vZVXjK5l4VRSiUC6XGMgEOjEFgWvruVr/PXBk0hbn...</h2>
    <h3>ClaimID is a simple way to manage your online identity.  This is the claimID page of 
           Brandon B.     
    </h3> 
  </div>

Ellipsis in original.

And here's the complete and visible PGP PUBLIC KEY BLOCK:

<p>
The information below may be used to verify my signatures and encrypt communications to me.
<p>
<p>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (GNU/Linux)
<p>
mQGiBEgIJGYRBAC54vZVXjK5l4VRSiUC6XGMgEOjEFgWvruVr/PXBk0hbnZ47D8j
...
-----END PGP PUBLIC KEY BLOCK-----</span></div>
 
 
  <div style="text-align:center;">

Ellipsis added.

Note: the </span></div> at the end are markup errors, and the <div style="text-align:center;"> auto-closes the p tag around the actual PGP public key block.

It's not clear if the markup around the public key is added by the site, or was added by the user entering information in to a generic notes/info field, or if the p tags in particular were added by the site to represent blank lines entered by the user.

key on its own page

Separate page for a key, rather than inside or a part of a profile or contact information.

armored OpenPGP in HTML

In the wild:

Typical markup:

<H2>Public Key</H2>
  <PRE>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
 
mQGiBD0ZXm4RBADS59M4Dy4aOBUA59mKkNg+bWqeKenYs+zTk7O8QKfqgKxLBNya
...
 
-----END PGP PUBLIC KEY BLOCK-----
  </PRE>
 
  <P>
   This is also available in a <A HREF="pgp.txt">plaintext file</A>.
  </P>
 
  <H2>Importing My Key</H2>
  <P>
   The simplest way from an e-mail client (like Enigmail) is to simply e-mail
   <A HREF="pgp.txt">the plaintext version of my key</A> to your own e-mail
   address and choose the option like "Import PGP Key."  My key is also
   available from <A HREF="http://pgp.mit.edu/">pgp.mit.edu</A>
   (interactively.)
  </P>

Ellipsis added.

PGP PUBLIC KEY BLOCK in PRE

In the wild:

Typical markup:

<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.8 for non-commercial use &lt;http://www.pgp.com&gt;
 
mQGiBDheqqARBAD//2FUIkCc9ITtszMh70nFmTOj/YWWi3Kk4aumxuAhgGeEwAFX
...
-----END PGP PUBLIC KEY BLOCK-----
</pre>

Ellipsis added.

Key in PRE with SPAN per line

In the wild:

Typical markup:

<pre><code class=''><span class='line'>-----BEGIN PGP PUBLIC KEY BLOCK-----
</span><span class='line'>Version: GnuPG v1.4.10 (GNU/Linux)
</span><span class='line'>
</span><span class='line'>mQINBEur2SoBEAC3dtJdKEh+fmH4Lc4U69bq8GcDzyYqbSDHcMfADXpMJhOVOhwH
</span>
...
<span class='line'>F5FOeTayIA==
</span><span class='line'>=rqth
</span><span class='line'>-----END PGP PUBLIC KEY BLOCK-----
</span></code></pre>

Blog post with public key block

In the wild:

separate page inside university user account home dir

In the wild:

Typical markup:

<p><font face="Courier New" size=1>Type Bits/KeyID&nbsp; &nbsp; Date&nbsp; &nbsp; &nbsp;  User ID<br>
pub&nbsp; 1024/8559BF09 1995/10/09 Robert Elden Wilson &lt;rewilson@ncinter.net&gt;<br><br>
-----BEGIN PGP PUBLIC KEY BLOCK-----<br>
Version: 2.6.3a<br>
Comment: Processed by PGPClick 3.0<br>
<br>
mQCNAzB5ouMAAAEEAK/qLzp6NeqBIUxvZN3KUYjn6wnxw6D1R1QYHhi0AAmMLb4a<br>
9uiip14moSIEPVSz8jal2YoJ3B3R3zhWPa/dasF8STA2uhNDz7/NHBLCd5tyNoTb<br>
...
=o1W7<br>
-----END PGP PUBLIC KEY BLOCK-----</font></p>

= plain text file linked from person site home page

Example URL: http://www.ufoot.org/ links to http://www.ufoot.org/ufoot.pub

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
 
mQGiBDxZRPIRBACxPI8ZYEtkIGUliwLanAlZbIqVCI38d/SONo8MS3VUZkO82XRo
...
8WS09vXAVscm06crf40AmQFxEIui1lRKOY7f/fRVkcA1TRyu
=MZu7
-----END PGP PUBLIC KEY BLOCK-----

plain text file linked from institution profile page

Example URL: http://www.w3.org/People/Bos/bert-pubkey.txt

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
mQGhBDppjAcRBAC7yYqRN+qeCgf20PoQYTtHO9ro/kHEADEpQPjlGRyrsQ/wttnm
...
=yaAL
-----END PGP PUBLIC KEY BLOCK-----

short name of example

Linked full name of example

<div>
raw, unescaped markup of example
</div>

Analysis of implied schema of example.

Institutions

Sites/pages of institutions which include multiple keys on a single page.

ICAAN

Example URL: http://www.icann.org/en/contact/pgp-keys

<div class="field field-name-body field-type-text-with-summary field-label-hidden clearfix">
    <div class="field-items">
          <div class="field-item even" property="content:encoded"><p><a name="MehmetAkcin" id="MehmetAkcin"></a><strong>Mehmet Akcin</strong></p>
<p class="keys">-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
	Version: GnuPG v2.0.10 (Darwin)
</p><p class="keys">mQINBEmlow4BEACag9QwKzm7RL5ULqew0XJbAipwy32Xb2RPVgbDVGqIsVzFCXD9<br />
	ykGnwYm+CcyBj9Z1cGzQovRZU9cni0yf7YYciM6TTmjqROz3WWuxIseuLphEtNu2<br />
...
	=KgTO<br />
	-----END PGP PUBLIC KEY BLOCK-----</p>
...
<p><a name="KentCrispin" id="KentCrispin"></a><strong>Kent Crispin (Office Key) &lt;kent@icann.org&gt;:</strong></p>
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
mQELBEE2SKkBCADMmf+17NnaXzYtSKvYNUjSKFGbKF50Utds2BK+AjUzFIORpJdU
...
=EsaL
-----END PGP PUBLIC KEY BLOCK-----
</pre>
<p><strong><a name="dnssec-public" id="dnssec-public"></a><abbr title="DNS Security Extensions">DNSSEC</abbr> Public PGP Key</strong></p>
<p class="keys">-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p class="keys">mQGiBEdQucgRBACuD4uIRQ9Or2yKfGZtqxSd7/yp20VoZaNafP85OlJfOs9yjgdN<br />
v8kSd3+2lBXGwJxgOzkssbgZ14O1U3au494WicvR0gF7cLRZBeqpdZetpm7gl5n2<br />
...
=nIe5<br />
-----END PGP PUBLIC KEY BLOCK-----</p>

Ellipses added.

Common Practices

Existing Practices

Brainstorming

See Also

key examples was last modified: Monday, October 7th, 2013

Views