Setting up WKD with lighttpd

Web Key Directory is an approach for simple distribution of public PGP keys. The idea is that a mail client checks for a needed key automatically and the user can simply encrypt a mail, without further interaction (no searching on a keyserver or manual downloading and importing into GnuPG).

The first site you find searching for it is GnuPG's WKD wiki page. But – just speaking of me – this page is quite confusing, and setting up WKD seems to be quite complicated. Happily, it isn't ;-)

A nice blog post describes what has to be done when you want to setup WKD. Just in case the linked blog post is removed: Providing PGP keys via WKD using the "direct" method (there's also an "advanced" method I didn't use) strips down to:

Finally, you need to tell the HTTP server to deliver the correct MIME type for the key file(s). As usual, the article only contains configuration examples for Apache and nginx. As a lighttpd user, you're used to that ;-)

To make life a bit easier for the lighttpd users out there wanting to setup WKD, here's the snippet you need to make lighttpd deliver the correct MIME type and HTTP headers:

$HTTP["url"] =~ "^/.well-known/openpgpkey/hu/" {
    mimetype.assign = ( "" => "application/octet-stream" )
    setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )

You can validate your setup to be correct using some WKD validator as e. g. provided by

Now go and make the world a bit better by setting up WKD ;-)