--- title: Generating a z-base-32 SHA1 hash for WKD description: This describes how to generate a z-base-32 formatted SHA1 hash for WKD. date: '2026-07-13 00:03' updated: '2026-07-13 00:03' tags: - cli - shell lang: en draft: false --- When publishing a PGP public key via Web Key Directory, you need to generate a z-base-32 formatted SHA1 hash of the user ID. It seems the process should be done as follows. [Distributing PGP public keys with Web Key Directory](https://zkat.hatenablog.com/entry/2022/09/30/212425) > 1. Convert to lowercase (Joe.Doe → joe.doe) > 2. Take the SHA1 hash (joe.doe → a83ee94be89c48a11ed25ab44cfdc848833c8b6e) > 3. Encode the hashed value (binary) with Z-Base32 (a83ee94be89c48a11ed25ab44cfdc848833c8b6e → iy9q119eutrkn8s1mk4r39qejnbu3n5q) When running this from the CLI, I managed to do it like this. The [z-base-32 crate](https://crates.io/crates/z-base-32) is very helpful. ```bash $ cargo install --features cli z-base-32 $ zbase32 <(echo -n joe.doe | sha1sum | awk '{printf $1}' | xxd -r -p) iy9q119eutrkn8s1mk4r39qejnbu3n5q ``` If you already have the key itself, you can also check it like this. ```bash $ gpg --with-wkd-hash -k name@address ```