Generating a z-base-32 SHA1 hash for WKD
This describes how to generate a z-base-32 formatted SHA1 hash for WKD.
When publishing a PGP public key via Web Key Directory, you need to generate a z-base-32 formatted SHA1 hash of the user ID. It seems the process should be done as follows.
Distributing PGP public keys with Web Key Directory
- Convert to lowercase (Joe.Doe → joe.doe)
- Take the SHA1 hash (joe.doe → a83ee94be89c48a11ed25ab44cfdc848833c8b6e)
- Encode the hashed value (binary) with Z-Base32 (a83ee94be89c48a11ed25ab44cfdc848833c8b6e → iy9q119eutrkn8s1mk4r39qejnbu3n5q)
When running this from the CLI, I managed to do it like this. The z-base-32 crate is very helpful.
$ cargo install --features cli z-base-32
$ zbase32 <(echo -n joe.doe | sha1sum | awk '{printf $1}' | xxd -r -p)
iy9q119eutrkn8s1mk4r39qejnbu3n5q
If you already have the key itself, you can also check it like this.
$ gpg --with-wkd-hash -k name@address