$ cd posts/

$ cat wkd-zbase32.md

Generating a z-base-32 SHA1 hash for WKD

This describes how to generate a z-base-32 formatted SHA1 hash for WKD.

When publishing a PGP public key via Web Key Directory, you need to generate a z-base-32 formatted SHA1 hash of the user ID. It seems the process should be done as follows.

Distributing PGP public keys with Web Key Directory

  1. Convert to lowercase (Joe.Doe → joe.doe)
  2. Take the SHA1 hash (joe.doe → a83ee94be89c48a11ed25ab44cfdc848833c8b6e)
  3. Encode the hashed value (binary) with Z-Base32 (a83ee94be89c48a11ed25ab44cfdc848833c8b6e → iy9q119eutrkn8s1mk4r39qejnbu3n5q)

When running this from the CLI, I managed to do it like this. The z-base-32 crate is very helpful.

$ cargo install --features cli z-base-32
$ zbase32 <(echo -n joe.doe | sha1sum | awk '{printf $1}' | xxd -r -p)
iy9q119eutrkn8s1mk4r39qejnbu3n5q

If you already have the key itself, you can also check it like this.

$ gpg --with-wkd-hash -k name@address