key-examples: Difference between revisions
(draft with a couple of examples) |
m (Replace <entry-title> with {{DISPLAYTITLE:}}) |
||
(22 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{{ | {{DISPLAYTITLE:key examples}} | ||
This page documents existing real world publishing examples of public keys in the hope of analyzing them to see if / how to better fit existing publishing practices of public keys, either with [[hCard]]'s 'key' property, or possibly other solutions. | |||
Related: provide input to W3C Crypto API [http://www.w3.org/2012/webcrypto/track/issues/14 Issue 14: Representation of raw key material] | |||
Particularly interesting examples: [[key-examples#Nick_Doty|Nick Doty]] publishes his public key fingerprint as the 'key' property on his home page (linking to his public key at a separate URL), and [[key-examples#Wells_College|Prof. Adams of Wells College]] publishes his public key as the 'key' property of his [[hCard]] on his contact page. Both [[Operator]] and [[H2VX]] find the hCard key property and convert it to the key property in a vCard, importable into any Address Book that supports vCard's key property. | |||
== The Problem == | == The Problem == | ||
A user wants to share their public key on the web. What's the best way to do this? | |||
To answer that question, this page researches existing publishing practices to see if there are patterns or exemplary examples, or if we can use them to figure out a recommended way to publish public keys on web pages. | |||
== Use Cases == | |||
=== meeting someone and sending private messages === | |||
Two people meet and exchange their personal URLs in the hopes of communicating later, and encrypting said communications. | |||
* two people meet | |||
* they exchange personal URLs | |||
* each (perhaps later) browses the others' URL on their device | |||
* the page clearly has contact information (e.g. an [[hCard]]) and a visible public key on it | |||
* they bookmark each others URLs | |||
* they go to their messaging web app and create a new message, using their bookmarks for the URLs / to address | |||
* the web app retrieves the public key from the URL and uses it to encrypt the message before sending it. | |||
* each receives a message from the other and is able to use their messaging web app to decrypt and read it. | |||
==== possible threats ==== | |||
Implementations would need to be aware and careful about: | |||
===== fake key updates ===== | |||
* if the browser is going to offer to import contacts, particularly with keys, that the source and provenance of those keys is well understood. It's one thing to go to keyserver/directory, its another to be lead to phishme.example.com which attempts to update all of your contacts with keys held by evil-repressive-government.example.com - originally provided by rsleevi in #crypto on W3C IRC 2012-341. | |||
===== --- other threats --- ===== | |||
* ... | |||
== Real-World Examples == | == Real-World Examples == | ||
Real world publishing examples of public keys on public web pages. | |||
=== personal home page === | |||
==== Nick Doty ==== | |||
In the wild: | |||
* [http://npdoty.name/ Nick Doty] | |||
* … | |||
Note: the page has an [[hCard]] of the individual <em>with</em> a 'key' property containing a public key fingerprint: | |||
<source lang=html4strict> | |||
<a class="key" href="npdoty.asc"> | |||
EFAA 3954 C83F 20F2 0DF0 | |||
E0EA 4020 3EE9 0BBA B306 | |||
</a> | |||
</source> | |||
Whitespace added. | |||
The destination of the hyperlink "npdoty.asc" is a text file with a Base64 public key block: | |||
<source lang=text> | |||
-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
Version: GnuPG v1.4.9 (Darwin) | |||
mQENBErJM6oBCAC7NG5NZ5kiJg+KTTaIDjX9BU8bc7FI5a2zCYc3p9eikJfyyZYM | |||
... | |||
sWbckvcIjJRcAtRliKbAf+KjplbcEIzt+kxmweE5XeKvDFtzAD041FGAphIkKcuu | |||
IAzL+XcMWzc3DA== | |||
=+ojz | |||
-----END PGP PUBLIC KEY BLOCK----- | |||
</source> | |||
Ellipsed. | |||
==== Matthias Ries ==== | |||
In the wild: | |||
* [http://mad4milk.de/ Matthias Ries] | |||
* … | |||
Note: the page has an [[hCard]] of the individual, but no 'key' property. However, ''inside'' that hCard, there is the following: | |||
<source lang=html4strict> | |||
<div class="signature"> | |||
<pre> | |||
-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
Version: GnuPG v1.4.9 (GNU/Linux) | |||
mQGiBEl2HAgRBAC9IZGQE3NRWFoXV7CcVRbo7xMe+nGPRMTOocA0pcv9N67R6CAZ | |||
... | |||
-----END PGP PUBLIC KEY BLOCK----- | |||
</pre> | |||
</div> | |||
</source> | |||
Ellipsis added. | |||
* inside a <pre> inside a <div> with class name "signature | |||
If the author used the class name "key" instead of (or in addition to) the class name "signature", then it would be recognized as a plain text 'key' property value in his hCard. | |||
==== Ben Tremblay ==== | |||
In the wild: | |||
* http://bentrem.net/ | |||
* … | |||
Note: the page has three [[hCard]]s for the individual, but no 'key' property. Just after the last hCard, there is the following: | |||
<source lang=html4strict> | |||
<center> | |||
<div class="scrollbox" style="height: 7.5em;"> | |||
<pre> | |||
-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
Version: GnuPG v1.4.4 (MingW32) | |||
<font size="-6"> | |||
mQGiBESzvlsRBACzsDol94Pua0ggzSsLa35K9pQoPJHWg2YgpNp5wWC9/oruQaNF | |||
... | |||
</font> | |||
-----END PGP PUBLIC KEY BLOCK----- | |||
</pre> | |||
</div></center> | |||
</source> | |||
* inside a <pre> | |||
* BEGIN PGP header and Version are directly in the pre tag | |||
* actual base64 key text is inside a nested <font> tag | |||
=== profile page === | |||
Example(s) of a public key published on a profile page with other information, e.g. in a personal page at an institution or on a social network or other content hosting service. | |||
==== Wells College ==== | |||
In the wild: | |||
* http://eclipse.wells.edu/badams/contact/ | |||
* … | |||
Note: The page has an [[hCard]] of the individual ''with'' a 'key' property! | |||
<source lang=html4strict> | |||
<div id="hcard-Bryant-E-Adams" class="vcard"> | |||
<a class="url fn n" href="http://eclipse.wells.edu/badams"> <span class="given-name">Bryant</span> | |||
<span class="additional-name">E</span> | |||
<span class="family-name">Adams</span> | |||
</a> | |||
... | |||
<h2>GPG/GnuGP Public Key</h2> (<a href="../resources/badams_0F87773F.asc" rel="self">download</a>) <h3>For email sent to/from <a href=“mailto:badams.gpg+0x20”>bad ams.gpg+0x20 (at) gmail (dot com)</a></h3> | |||
<pre><tt> | |||
<span class="key"> | |||
-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
Version: GnuPG/MacGPG2 v2.0.17 (Darwin) | |||
Comment: GPGTools - http://gpgtools.org | |||
mQENBE4sjPMBCAC0ublKPnsdwD9B71bygmwVxn3hX6zw4H2Qlc6wPc0/OepjqVyq | |||
... | |||
-----END PGP PUBLIC KEY BLOCK----- | |||
</span> | |||
</tt></pre> | |||
</div> | |||
</source> | |||
Ellipses added. | |||
* profile info in [[hCard]] | |||
* link to downloadable .asc public key with <code>rel="self"</code> | |||
* entire visible public key including BEGIN PGP header inside a <nowiki><pre><tt><span class="key"></nowiki> | |||
==== claimID ==== | |||
In the wild: | |||
* [http://claimid.com/caedis claimID : Brandon B] | |||
* … | |||
Note: ClaimID has [[hcard-supporting-user-profiles]] and thus the page has an [[hCard]] of the individual, but no 'key' property. | |||
Note 2: Page has an abusive invisible content div (with visibility:hidden; position:absolute) aimed at crawlers (id="crawler_text"), presumably search engines in particular, since it abuses h1 tags: | |||
<source lang=html4strict> | |||
<div id="crawler_text" style="visibility:hidden; position:absolute;"> | |||
<h1>Brandon B</h1> <h1>Caedis, Caedis_Hax, CaedisHax, Cædis_Hax, Daedalus, DaedalusXero, Dædalus</h1> <h1>Texas</h1> <h2>"There are no coincidences, only the illusion of coincidence" | |||
The information below may be used to verify my signatures and encrypt communications to me. | |||
-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
Version: GnuPG v1.4.6 (GNU/Linux) | |||
mQGiBEgIJGYRBAC54vZVXjK5l4VRSiUC6XGMgEOjEFgWvruVr/PXBk0hbn...</h2> | |||
<h3>ClaimID is a simple way to manage your online identity. This is the claimID page of | |||
Brandon B. | |||
</h3> | |||
</div> | |||
</source> | |||
Ellipsis in original. | |||
And here's the complete and ''visible'' PGP PUBLIC KEY BLOCK: | |||
<source lang=html4strict> | |||
<p> | |||
The information below may be used to verify my signatures and encrypt communications to me. | |||
<p> | |||
<p> | |||
-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
Version: GnuPG v1.4.6 (GNU/Linux) | |||
<p> | |||
mQGiBEgIJGYRBAC54vZVXjK5l4VRSiUC6XGMgEOjEFgWvruVr/PXBk0hbnZ47D8j | |||
... | |||
-----END PGP PUBLIC KEY BLOCK-----</span></div> | |||
<div style="text-align:center;"> | |||
</source> | |||
Ellipsis added. | |||
Note: the <nowiki></span></div></nowiki> at the end are markup errors, and the <nowiki><div style="text-align:center;"></nowiki> auto-closes the p tag around the actual PGP public key block. | |||
It's not clear if the markup around the public key is added by the site, or was added by the user entering information in to a generic notes/info field, or if the p tags in particular were added by the site to represent blank lines entered by the user. | |||
* BEGIN PGP PUBLIC KEY BLOCK and Version header is in its own paragraph tag from the actual base64 test. | |||
* end of key is implied by an invalid close span tag. | |||
=== key on its own page === | |||
Separate page for a key, rather than inside or a part of a profile or contact information. | |||
==== armored OpenPGP in HTML ==== | |||
In the wild: | |||
* [http://futureboy.us/pgp.html PGP Public Key for Alan Eliasen] | |||
* [http://dropsafe.crypticide.com/pgp Alec Muffet] | |||
Typical markup: | |||
<source lang=html4strict> | <source lang=html4strict> | ||
<H2>Public Key</H2> | <H2>Public Key</H2> | ||
Line 40: | Line 252: | ||
</P> | </P> | ||
</source> | </source> | ||
Ellipsis added. | |||
* raw key in a PRE block | * raw key in a PRE block | ||
Line 46: | Line 260: | ||
* alternative key server for key (human search required at destination) | * alternative key server for key (human search required at destination) | ||
==== PGP PUBLIC KEY BLOCK ==== | ==== PGP PUBLIC KEY BLOCK in PRE ==== | ||
[http://www.folsoms.net/pubkey.shtml Folsom's Public Key] | In the wild: | ||
* [http://www.folsoms.net/pubkey.shtml Folsom's Public Key] | |||
* … | |||
Typical markup: | |||
<source lang=html4strict> | <source lang=html4strict> | ||
<pre> | <pre> | ||
Line 58: | Line 277: | ||
</pre> | </pre> | ||
</source> | </source> | ||
Ellipsis added. | |||
* raw key in a PRE block | * raw key in a PRE block | ||
=== | ==== Key in PRE with SPAN per line ==== | ||
In the wild: | |||
* http://yonkeltron.com/my-public-key/ | |||
Typical markup: | |||
<source lang=html4strict> | |||
<pre><code class=''><span class='line'>-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
</span><span class='line'>Version: GnuPG v1.4.10 (GNU/Linux) | |||
</span><span class='line'> | |||
</span><span class='line'>mQINBEur2SoBEAC3dtJdKEh+fmH4Lc4U69bq8GcDzyYqbSDHcMfADXpMJhOVOhwH | |||
</span> | |||
... | |||
<span class='line'>F5FOeTayIA== | |||
</span><span class='line'>=rqth | |||
</span><span class='line'>-----END PGP PUBLIC KEY BLOCK----- | |||
</span></code></pre> | |||
</source> | |||
* pre code elements enclosing the whole thing including BEGIN PGP and Version header | |||
* <span class='line'> element around every line | |||
==== Blog post with public key block ==== | |||
In the wild: | |||
* http://ask-leo.com/whats_your_public_key.html | |||
* … | |||
==== separate page inside university user account home dir ==== | |||
In the wild: | |||
* http://users.stargate.net/~rewilson/PGPClick/mykey.html | |||
Typical markup: | |||
<source lang=html4strict> | |||
<p><font face="Courier New" size=1>Type Bits/KeyID Date User ID<br> | |||
pub 1024/8559BF09 1995/10/09 Robert Elden Wilson <rewilson@ncinter.net><br><br> | |||
-----BEGIN PGP PUBLIC KEY BLOCK-----<br> | |||
Version: 2.6.3a<br> | |||
Comment: Processed by PGPClick 3.0<br> | |||
<br> | |||
mQCNAzB5ouMAAAEEAK/qLzp6NeqBIUxvZN3KUYjn6wnxw6D1R1QYHhi0AAmMLb4a<br> | |||
9uiip14moSIEPVSz8jal2YoJ3B3R3zhWPa/dasF8STA2uhNDz7/NHBLCd5tyNoTb<br> | |||
... | ... | ||
=o1W7<br> | |||
-----END PGP PUBLIC KEY BLOCK-----</font></p> | |||
</source> | |||
* uses font face Courier and br elements instead of a <pre> tag | |||
* type bits etc. included in addition to usual BEGIN PGP header | |||
==== plain text file linked from person site home page === | |||
Example URL: http://www.ufoot.org/ links to http://www.ufoot.org/ufoot.pub | |||
<source lang=text> | |||
-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
Version: GnuPG v1.0.6 (GNU/Linux) | |||
Comment: For info see http://www.gnupg.org | |||
mQGiBDxZRPIRBACxPI8ZYEtkIGUliwLanAlZbIqVCI38d/SONo8MS3VUZkO82XRo | |||
... | |||
8WS09vXAVscm06crf40AmQFxEIui1lRKOY7f/fRVkcA1TRyu | |||
=MZu7 | |||
-----END PGP PUBLIC KEY BLOCK----- | |||
</source> | |||
* no markup | |||
* just the BEGIN PGP and Version header and base64 key text | |||
* linked from top of personal site | |||
==== plain text file linked from institution profile page ==== | |||
Example URL: http://www.w3.org/People/Bos/bert-pubkey.txt | |||
<source lang=text> | |||
-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
Version: GnuPG v1.0.7 (GNU/Linux) | |||
mQGhBDppjAcRBAC7yYqRN+qeCgf20PoQYTtHO9ro/kHEADEpQPjlGRyrsQ/wttnm | |||
... | |||
=yaAL | |||
-----END PGP PUBLIC KEY BLOCK----- | |||
</source> | |||
* no markup | |||
* just the BEGIN PGP and Version header and base64 key text | |||
* linked from the parent directory - http://www.w3.org/People/Bos/ - with link text "GPG key" | |||
==== short name of example ==== | ==== short name of example ==== | ||
Line 76: | Line 379: | ||
Analysis of implied schema of example. | Analysis of implied schema of example. | ||
=== Institutions === | |||
Sites/pages of institutions which include multiple keys on a single page. | |||
==== ICAAN ==== | |||
Example URL: http://www.icann.org/en/contact/pgp-keys | |||
<source lang=html4strict> | |||
<div class="field field-name-body field-type-text-with-summary field-label-hidden clearfix"> | |||
<div class="field-items"> | |||
<div class="field-item even" property="content:encoded"><p><a name="MehmetAkcin" id="MehmetAkcin"></a><strong>Mehmet Akcin</strong></p> | |||
<p class="keys">-----BEGIN PGP PUBLIC KEY BLOCK-----<br /> | |||
Version: GnuPG v2.0.10 (Darwin) | |||
</p><p class="keys">mQINBEmlow4BEACag9QwKzm7RL5ULqew0XJbAipwy32Xb2RPVgbDVGqIsVzFCXD9<br /> | |||
ykGnwYm+CcyBj9Z1cGzQovRZU9cni0yf7YYciM6TTmjqROz3WWuxIseuLphEtNu2<br /> | |||
... | |||
=KgTO<br /> | |||
-----END PGP PUBLIC KEY BLOCK-----</p> | |||
... | |||
<p><a name="KentCrispin" id="KentCrispin"></a><strong>Kent Crispin (Office Key) <kent@icann.org>:</strong></p> | |||
<pre> | |||
-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
Version: GnuPG v1.2.4 (GNU/Linux) | |||
mQELBEE2SKkBCADMmf+17NnaXzYtSKvYNUjSKFGbKF50Utds2BK+AjUzFIORpJdU | |||
... | |||
=EsaL | |||
-----END PGP PUBLIC KEY BLOCK----- | |||
</pre> | |||
<p><strong><a name="dnssec-public" id="dnssec-public"></a><abbr title="DNS Security Extensions">DNSSEC</abbr> Public PGP Key</strong></p> | |||
<p class="keys">-----BEGIN PGP PUBLIC KEY BLOCK-----<br /> | |||
Version: GnuPG v1.4.5 (GNU/Linux)</p> | |||
<p class="keys">mQGiBEdQucgRBACuD4uIRQ9Or2yKfGZtqxSd7/yp20VoZaNafP85OlJfOs9yjgdN<br /> | |||
v8kSd3+2lBXGwJxgOzkssbgZ14O1U3au494WicvR0gF7cLRZBeqpdZetpm7gl5n2<br /> | |||
... | |||
=nIe5<br /> | |||
-----END PGP PUBLIC KEY BLOCK-----</p> | |||
</source> | |||
Ellipses added. | |||
* named anchor, full name | |||
* BEGIN PGP and Version header marked up with <nowiki><p class="keys">...</p></nowiki>. | |||
* separately, base64 key text marked up with <nowiki><p class="keys">...</p></nowiki> and lines terminated with <br />. | |||
* some full names parenthetically include email afterwards | |||
* some keys including header and base64 key text are marked up together inside a <pre> element | |||
== Common Practices == | == Common Practices == | ||
* one <pre> element wrapping the entire BEGIN PGP and base64 block | |||
* | |||
== Existing Practices == | == Existing Practices == | ||
* [[hCard]] with 'key' property in the [[#Wells_College|Wells College example]] seems like the best existing practice so far | |||
* [[key-formats]] - not sure what are the specific formats for publishing keys, i.e. where is the BEGIN PGP and base64 format described? | |||
* | |||
== Brainstorming == | == Brainstorming == | ||
* [[key-brainstorming]] - for now let's use [[hCard]] with the 'key' property and see how far we can get with that. | |||
* <code>[[rel-key|rel="key"]]</code> - might be useful for linking from a home page / personal contact page to a key published in a separate plain text file. | |||
* | |||
== See Also == | == See Also == | ||
* [[hCard]] | * [[hCard]] | ||
* [http://www.ephesus.com/Encryption/RetrieveKeys.html HOW TO RETRIEVE PGP PUBLIC KEYS] |
Latest revision as of 16:28, 18 July 2020
This page documents existing real world publishing examples of public keys in the hope of analyzing them to see if / how to better fit existing publishing practices of public keys, either with hCard's 'key' property, or possibly other solutions.
Related: provide input to W3C Crypto API Issue 14: Representation of raw key material
Particularly interesting examples: Nick Doty publishes his public key fingerprint as the 'key' property on his home page (linking to his public key at a separate URL), and Prof. Adams of Wells College publishes his public key as the 'key' property of his hCard on his contact page. Both Operator and H2VX find the hCard key property and convert it to the key property in a vCard, importable into any Address Book that supports vCard's key property.
The Problem
A user wants to share their public key on the web. What's the best way to do this?
To answer that question, this page researches existing publishing practices to see if there are patterns or exemplary examples, or if we can use them to figure out a recommended way to publish public keys on web pages.
Use Cases
meeting someone and sending private messages
Two people meet and exchange their personal URLs in the hopes of communicating later, and encrypting said communications.
- two people meet
- they exchange personal URLs
- each (perhaps later) browses the others' URL on their device
- the page clearly has contact information (e.g. an hCard) and a visible public key on it
- they bookmark each others URLs
- they go to their messaging web app and create a new message, using their bookmarks for the URLs / to address
- the web app retrieves the public key from the URL and uses it to encrypt the message before sending it.
- each receives a message from the other and is able to use their messaging web app to decrypt and read it.
possible threats
Implementations would need to be aware and careful about:
fake key updates
- if the browser is going to offer to import contacts, particularly with keys, that the source and provenance of those keys is well understood. It's one thing to go to keyserver/directory, its another to be lead to phishme.example.com which attempts to update all of your contacts with keys held by evil-repressive-government.example.com - originally provided by rsleevi in #crypto on W3C IRC 2012-341.
--- other threats ---
- ...
Real-World Examples
Real world publishing examples of public keys on public web pages.
personal home page
Nick Doty
In the wild:
Note: the page has an hCard of the individual with a 'key' property containing a public key fingerprint:
<a class="key" href="npdoty.asc">
EFAA 3954 C83F 20F2 0DF0
E0EA 4020 3EE9 0BBA B306
</a>
Whitespace added.
The destination of the hyperlink "npdoty.asc" is a text file with a Base64 public key block:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (Darwin)
mQENBErJM6oBCAC7NG5NZ5kiJg+KTTaIDjX9BU8bc7FI5a2zCYc3p9eikJfyyZYM
...
sWbckvcIjJRcAtRliKbAf+KjplbcEIzt+kxmweE5XeKvDFtzAD041FGAphIkKcuu
IAzL+XcMWzc3DA==
=+ojz
-----END PGP PUBLIC KEY BLOCK-----
Ellipsed.
Matthias Ries
In the wild:
Note: the page has an hCard of the individual, but no 'key' property. However, inside that hCard, there is the following:
<div class="signature">
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
mQGiBEl2HAgRBAC9IZGQE3NRWFoXV7CcVRbo7xMe+nGPRMTOocA0pcv9N67R6CAZ
...
-----END PGP PUBLIC KEY BLOCK-----
</pre>
</div>
Ellipsis added.
- inside a <pre> inside a <div> with class name "signature
If the author used the class name "key" instead of (or in addition to) the class name "signature", then it would be recognized as a plain text 'key' property value in his hCard.
Ben Tremblay
In the wild:
Note: the page has three hCards for the individual, but no 'key' property. Just after the last hCard, there is the following:
<center>
<div class="scrollbox" style="height: 7.5em;">
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.4 (MingW32)
<font size="-6">
mQGiBESzvlsRBACzsDol94Pua0ggzSsLa35K9pQoPJHWg2YgpNp5wWC9/oruQaNF
...
</font>
-----END PGP PUBLIC KEY BLOCK-----
</pre>
</div></center>
- inside a <pre>
- BEGIN PGP header and Version are directly in the pre tag
- actual base64 key text is inside a nested <font> tag
profile page
Example(s) of a public key published on a profile page with other information, e.g. in a personal page at an institution or on a social network or other content hosting service.
Wells College
In the wild:
Note: The page has an hCard of the individual with a 'key' property!
<div id="hcard-Bryant-E-Adams" class="vcard">
<a class="url fn n" href="http://eclipse.wells.edu/badams"> <span class="given-name">Bryant</span>
<span class="additional-name">E</span>
<span class="family-name">Adams</span>
</a>
...
<h2>GPG/GnuGP Public Key</h2> (<a href="../resources/badams_0F87773F.asc" rel="self">download</a>) <h3>For email sent to/from <a href=“mailto:badams.gpg+0x20”>bad ams.gpg+0x20 (at) gmail (dot com)</a></h3>
<pre><tt>
<span class="key">
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
mQENBE4sjPMBCAC0ublKPnsdwD9B71bygmwVxn3hX6zw4H2Qlc6wPc0/OepjqVyq
...
-----END PGP PUBLIC KEY BLOCK-----
</span>
</tt></pre>
</div>
Ellipses added.
- profile info in hCard
- link to downloadable .asc public key with
rel="self"
- entire visible public key including BEGIN PGP header inside a <pre><tt><span class="key">
claimID
In the wild:
Note: ClaimID has hcard-supporting-user-profiles and thus the page has an hCard of the individual, but no 'key' property.
Note 2: Page has an abusive invisible content div (with visibility:hidden; position:absolute) aimed at crawlers (id="crawler_text"), presumably search engines in particular, since it abuses h1 tags:
<div id="crawler_text" style="visibility:hidden; position:absolute;">
<h1>Brandon B</h1> <h1>Caedis, Caedis_Hax, CaedisHax, Cædis_Hax, Daedalus, DaedalusXero, Dædalus</h1> <h1>Texas</h1> <h2>"There are no coincidences, only the illusion of coincidence"
The information below may be used to verify my signatures and encrypt communications to me.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (GNU/Linux)
mQGiBEgIJGYRBAC54vZVXjK5l4VRSiUC6XGMgEOjEFgWvruVr/PXBk0hbn...</h2>
<h3>ClaimID is a simple way to manage your online identity. This is the claimID page of
Brandon B.
</h3>
</div>
Ellipsis in original.
And here's the complete and visible PGP PUBLIC KEY BLOCK:
<p>
The information below may be used to verify my signatures and encrypt communications to me.
<p>
<p>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (GNU/Linux)
<p>
mQGiBEgIJGYRBAC54vZVXjK5l4VRSiUC6XGMgEOjEFgWvruVr/PXBk0hbnZ47D8j
...
-----END PGP PUBLIC KEY BLOCK-----</span></div>
<div style="text-align:center;">
Ellipsis added.
Note: the </span></div> at the end are markup errors, and the <div style="text-align:center;"> auto-closes the p tag around the actual PGP public key block.
It's not clear if the markup around the public key is added by the site, or was added by the user entering information in to a generic notes/info field, or if the p tags in particular were added by the site to represent blank lines entered by the user.
- BEGIN PGP PUBLIC KEY BLOCK and Version header is in its own paragraph tag from the actual base64 test.
- end of key is implied by an invalid close span tag.
key on its own page
Separate page for a key, rather than inside or a part of a profile or contact information.
armored OpenPGP in HTML
In the wild:
Typical markup:
<H2>Public Key</H2>
<PRE>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQGiBD0ZXm4RBADS59M4Dy4aOBUA59mKkNg+bWqeKenYs+zTk7O8QKfqgKxLBNya
...
-----END PGP PUBLIC KEY BLOCK-----
</PRE>
<P>
This is also available in a <A HREF="pgp.txt">plaintext file</A>.
</P>
<H2>Importing My Key</H2>
<P>
The simplest way from an e-mail client (like Enigmail) is to simply e-mail
<A HREF="pgp.txt">the plaintext version of my key</A> to your own e-mail
address and choose the option like "Import PGP Key." My key is also
available from <A HREF="http://pgp.mit.edu/">pgp.mit.edu</A>
(interactively.)
</P>
Ellipsis added.
- raw key in a PRE block
- link to plain text version of key
- (human) discovery for an email client
- alternative key server for key (human search required at destination)
PGP PUBLIC KEY BLOCK in PRE
In the wild:
Typical markup:
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
mQGiBDheqqARBAD//2FUIkCc9ITtszMh70nFmTOj/YWWi3Kk4aumxuAhgGeEwAFX
...
-----END PGP PUBLIC KEY BLOCK-----
</pre>
Ellipsis added.
- raw key in a PRE block
Key in PRE with SPAN per line
In the wild:
Typical markup:
<pre><code class=''><span class='line'>-----BEGIN PGP PUBLIC KEY BLOCK-----
</span><span class='line'>Version: GnuPG v1.4.10 (GNU/Linux)
</span><span class='line'>
</span><span class='line'>mQINBEur2SoBEAC3dtJdKEh+fmH4Lc4U69bq8GcDzyYqbSDHcMfADXpMJhOVOhwH
</span>
...
<span class='line'>F5FOeTayIA==
</span><span class='line'>=rqth
</span><span class='line'>-----END PGP PUBLIC KEY BLOCK-----
</span></code></pre>
- pre code elements enclosing the whole thing including BEGIN PGP and Version header
- <span class='line'> element around every line
Blog post with public key block
In the wild:
separate page inside university user account home dir
In the wild:
Typical markup:
<p><font face="Courier New" size=1>Type Bits/KeyID Date User ID<br>
pub 1024/8559BF09 1995/10/09 Robert Elden Wilson <rewilson@ncinter.net><br><br>
-----BEGIN PGP PUBLIC KEY BLOCK-----<br>
Version: 2.6.3a<br>
Comment: Processed by PGPClick 3.0<br>
<br>
mQCNAzB5ouMAAAEEAK/qLzp6NeqBIUxvZN3KUYjn6wnxw6D1R1QYHhi0AAmMLb4a<br>
9uiip14moSIEPVSz8jal2YoJ3B3R3zhWPa/dasF8STA2uhNDz7/NHBLCd5tyNoTb<br>
...
=o1W7<br>
-----END PGP PUBLIC KEY BLOCK-----</font></p>
- uses font face Courier and br elements instead of a <pre> tag
- type bits etc. included in addition to usual BEGIN PGP header
= plain text file linked from person site home page
Example URL: http://www.ufoot.org/ links to http://www.ufoot.org/ufoot.pub
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDxZRPIRBACxPI8ZYEtkIGUliwLanAlZbIqVCI38d/SONo8MS3VUZkO82XRo
...
8WS09vXAVscm06crf40AmQFxEIui1lRKOY7f/fRVkcA1TRyu
=MZu7
-----END PGP PUBLIC KEY BLOCK-----
- no markup
- just the BEGIN PGP and Version header and base64 key text
- linked from top of personal site
plain text file linked from institution profile page
Example URL: http://www.w3.org/People/Bos/bert-pubkey.txt
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)
mQGhBDppjAcRBAC7yYqRN+qeCgf20PoQYTtHO9ro/kHEADEpQPjlGRyrsQ/wttnm
...
=yaAL
-----END PGP PUBLIC KEY BLOCK-----
- no markup
- just the BEGIN PGP and Version header and base64 key text
- linked from the parent directory - http://www.w3.org/People/Bos/ - with link text "GPG key"
short name of example
Linked full name of example
<div>
raw, unescaped markup of example
</div>
Analysis of implied schema of example.
Institutions
Sites/pages of institutions which include multiple keys on a single page.
ICAAN
Example URL: http://www.icann.org/en/contact/pgp-keys
<div class="field field-name-body field-type-text-with-summary field-label-hidden clearfix">
<div class="field-items">
<div class="field-item even" property="content:encoded"><p><a name="MehmetAkcin" id="MehmetAkcin"></a><strong>Mehmet Akcin</strong></p>
<p class="keys">-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.10 (Darwin)
</p><p class="keys">mQINBEmlow4BEACag9QwKzm7RL5ULqew0XJbAipwy32Xb2RPVgbDVGqIsVzFCXD9<br />
ykGnwYm+CcyBj9Z1cGzQovRZU9cni0yf7YYciM6TTmjqROz3WWuxIseuLphEtNu2<br />
...
=KgTO<br />
-----END PGP PUBLIC KEY BLOCK-----</p>
...
<p><a name="KentCrispin" id="KentCrispin"></a><strong>Kent Crispin (Office Key) <kent@icann.org>:</strong></p>
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (GNU/Linux)
mQELBEE2SKkBCADMmf+17NnaXzYtSKvYNUjSKFGbKF50Utds2BK+AjUzFIORpJdU
...
=EsaL
-----END PGP PUBLIC KEY BLOCK-----
</pre>
<p><strong><a name="dnssec-public" id="dnssec-public"></a><abbr title="DNS Security Extensions">DNSSEC</abbr> Public PGP Key</strong></p>
<p class="keys">-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p class="keys">mQGiBEdQucgRBACuD4uIRQ9Or2yKfGZtqxSd7/yp20VoZaNafP85OlJfOs9yjgdN<br />
v8kSd3+2lBXGwJxgOzkssbgZ14O1U3au494WicvR0gF7cLRZBeqpdZetpm7gl5n2<br />
...
=nIe5<br />
-----END PGP PUBLIC KEY BLOCK-----</p>
Ellipses added.
- named anchor, full name
- BEGIN PGP and Version header marked up with <p class="keys">...</p>.
- separately, base64 key text marked up with <p class="keys">...</p> and lines terminated with <br />.
- some full names parenthetically include email afterwards
- some keys including header and base64 key text are marked up together inside a <pre> element
Common Practices
- one <pre> element wrapping the entire BEGIN PGP and base64 block
Existing Practices
- hCard with 'key' property in the Wells College example seems like the best existing practice so far
- key-formats - not sure what are the specific formats for publishing keys, i.e. where is the BEGIN PGP and base64 format described?
Brainstorming
- key-brainstorming - for now let's use hCard with the 'key' property and see how far we can get with that.
rel="key"
- might be useful for linking from a home page / personal contact page to a key published in a separate plain text file.