Documentation

EN

Getting started

Verifying profiles

Verifying an OpenPGP profile

Fingerprint identifier

OpenPGP profiles are typically identified by a cryptographic key's fingerprint. The fingerprint — as the name suggests — uniquely identifies the key. Here's an example of a fingerprint:

3637202523e7c1309ab79e99ef2dc5827b445f4b

Go to the keyoxide.org/3637202523e7c1309ab79e99ef2dc5827b445f4b page. The website will automatically find the public key for you and start the identity verification process.

Email address identifier

A different identifier is the email address associated with the OpenPGP key.

Go to the keyoxide.org/hkp/test@doip.rocks page. The website will automatically find the public key for you and start the identity claims verification process.

An email address identifier can also be used to obtain a public key not via keyservers but the so-called Web Key Directory protocol, used to fetch public keys directly from private domains.

Go to the keyoxide.org/test@doip.rocks page. The website will automatically find the public key for you and start the identity verification process.

Keyoxide URLs specify how the website should fetch the key: keyoxide.org/hkp/… will use keyservers, keyoxide.org/wkd/… will use the WKD protocol. If no protocol is specified, a keyserver will be used for fingerprints. For email addresses, it will first try the WKD protocol and fall back to the keyserver.

Verifying a signature profile

Here's what a signature profile looks like:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hey there! Here's a signature profile with proofs related to the DOIP project (https://doip.rocks).

Verify this profile at https://keyoxide.org/sig

proof=dns:doip.rocks
proof=https://fosstodon.org/@keyoxide
-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEENjcgJSPnwTCat56Z7y3FgntEX0sFAl/7L0MQHHRlc3RAZG9p
cC5yb2NrcwAKCRDvLcWCe0RfS3iYC/0QQqz2lzSNrkApdIN9OJFfd/sP2qeGr/uH
98YHa+ucwBxer6yrAaTYYuBJg1uyzdxQhqF2jWno7FwN4crnj15AN5XGemjpmqat
py9wG6vCVjC81q/BWMIMZ7RJ/m8F8Kz556xHiU8KbqLNDqFVcT35/PhJsw71XVCI
N3HgrgD7CY/vIsZ3WIH7mne3q9O7X4TJQtFoZZ/l9lKj7qk3LrSFnL6q+JxUr2Im
xfYZKaSz6lmLf+vfPc59JuQtV1z0HSNDQkpKEjmLeIlc+ZNAdSQRjkfi+UDK7eKV
KGOlkcslroJO6rT3ruqx9L3hHtrM8dKQFgtRSaofB51HCyhNzmipbBHnLnKQrcf6
o8nn9OkP7F9NfbBE6xYIUCkgnv1lQbzeXsLLVuEKMW8bvZOmI7jTcthqnwzEIHj/
G4p+zPGgO+6Pzuhn47fxH+QZ0KPA8o2vx0DvOkZT6HEqG+EqpIoC/a7wD68n789c
K2NLCVb9oIGarPfhIdPV3QbrA5eXRRQ=
=QyNy
-----END PGP SIGNATURE-----

Go to the keyoxide.org/sig page, copy and paste the signature in the field and press the button to view the Keyoxide profile and verify its associated identity claims.

Content licensed under CC BY-NC-SA 4.0.
Last updated: 2023-10-07 10:57 UTC