search

ProtonMail / WebClients

Monorepo hosting the proton web clients
GNU General Public License v3.0
4.27k stars 545 forks source link

ProtonMail does not look up public keys via WKD #245

Closed eloquence closed 2 years ago

eloquence commented 2 years ago

Describe the bug When emailing an address on our domain, ProtonMail does not look up the public key via WKD

To Reproduce

  1. Through the web app, draft an email to erik@freedom.press

Expected behavior ProtonMail automatically looks up public key via WKD

Expected behavior Key has to be uploaded manually

Additional context Import via gpg works just fine (gpg --locate-keys --auto-key-locate clear,nodefault,wkd erik@freedom.press), so I think our WKD implementation is solid, but I'd appreciate pointers if you notice a misconfiguration on our end.

wussler commented 2 years ago

Hi @eloquence, thank you for the bug report. After investigating I found out that the WKD server is returning non-compliant keys with the specification. In particular, the draft RFC states:

   The HTTP GET method MUST return the binary representation of the
   OpenPGP key for the given mail address.  
   [...]
   The server MUST NOT return an ASCII armored version of the key.

and running wget "https://freedom.press/.well-known/openpgpkey/hu/agk5kn8g6dnzi4z7szws1t9ns6xgw14y?l=erik returns the armoured key. Please refer to https://wiki.gnupg.org/WKDHosting to correctly export the keys for WKD.

eloquence commented 2 years ago

Thanks much @wussler for the quick & helpful feedback, we'll investigate on our end.