Which keyserver should I use?

keys.openpgp.org is the recommended modern keyserver. It verifies email ownership before publishing the User ID, supports key updates and removal, and is the de facto default. Older SKS keyservers had no verification and have been largely deprecated due to abuse.

Can I delete my key from a keyserver?

On keys.openpgp.org, yes — request removal via the same email-verification flow. On older SKS-style keyservers, no — once uploaded, the key is permanent in the network. This is one of the main reasons keys.openpgp.org became the modern default.

Why use both keyservers AND WKD?

Different discovery paths. Keyservers serve user-initiated lookups. WKD is automatic — mail clients can pull your key from your domain without the user thinking about it. Both together maximize discoverability.

Do I need to re-publish after rotation?

Yes. Upload the new public key to keys.openpgp.org, update your WKD entry, and update your fingerprint wherever it's published. See the key-rotation guide.

// guide / publish-public-key

How to publish your PGP public key.

Five minutes to make your public key discoverable through the three standard channels: keys.openpgp.org for keyserver lookups, Web Key Directory for automatic discovery via your email domain, and direct fingerprint sharing for the personal touch.

~5 minutes PGPony + browser Email verification required

// at a glance

Export your public key (public only, ASCII armored)
Upload to keys.openpgp.org
Verify email ownership via the emailed link
(Optional) Set up WKD on your domain
Add fingerprint to email signature / website
Test discoverability from a different device

Prerequisites

A PGP key in PGPony
Access to the email address attached to the key
A web browser
Optional: control of your email domain for WKD setup

// step 01

Export your public key.

From PGPony, export the public half of your key as ASCII armored. Save the resulting .asc file to somewhere accessible — Files (iOS) or Downloads (Android). The file contains only public material and is safe to share through any channel.

Important Confirm the export is public only, not the secret key. Sharing a secret key would give anyone the ability to decrypt your encrypted messages and impersonate you.

// step 02

Upload to keys.openpgp.org.

Fastest path: from PGPony's Exchange tab → Show My Key, tap Upload. PGPony posts the public key to keys.openpgp.org via HKP. The keyserver responds with verification links sent to each email in your User IDs.

Alternative: open keys.openpgp.org in a browser, click Upload, and select the .asc file from Step 01. Same end result.

keys.openpgp.org doesn't publish the email-bound User IDs until you verify ownership of each address — this prevents anyone from uploading a fake key for someone else's email.

// step 03

Verify email ownership.

keys.openpgp.org sends a verification email to each address in the key\'s User IDs. Open the email and click the verification link. Repeat for each address if your key has multiple User IDs.

After verification, your User IDs become searchable by email — anyone can look up your@email.com and find your public key.

// step 04

(Optional) Set up WKD.

If you control the domain in your email address (e.g. you own yourname.com and your email is you@yourname.com), Web Key Directory makes your key discoverable automatically — no user-initiated keyserver search needed.

See Set up WKD for your domain for the full procedure.

// step 05

Share your fingerprint publicly.

Even with keyservers and WKD, having your fingerprint visible where people might encounter you matters:

Email signature. Add the 40-hex-character fingerprint.
Website / personal homepage. A "PGP key" or "Contact" section.
Social profiles. Bio or pinned post.
Business cards. If your card has contact info, the fingerprint can live there too.

Cross-channel fingerprint matching (your website + keys.openpgp.org + email sig all agree) is much harder to spoof than any single source.

// step 06

Test discoverability.

From a different device, open keys.openpgp.org and search for your email. Your key should appear with the correct fingerprint. If you set up WKD, also try a WKD lookup from gpg on desktop:

gpg --auto-key-locate=wkd --locate-keys you@yourdomain.com

Both lookups returning your key means you\'re published and discoverable.

Verify it worked.

keys.openpgp.org returns your key when you search by your email.
(If WKD set up) gpg --locate-keys returns your key.
Fingerprint matches what PGPony shows.
A friend can search your email and successfully encrypt a test message.

Common questions.

Which keyserver?

keys.openpgp.org. Verified email ownership, supports key updates and removal, modern default. Older SKS keyservers had no verification and are largely deprecated.

Can I delete from a keyserver?

On keys.openpgp.org, yes via the same email-verification flow. On older SKS keyservers, no — once uploaded, permanent.

Why both keyservers AND WKD?

Different discovery paths. Keyservers serve user-initiated lookups; WKD is automatic from mail clients. Together they maximize discoverability.

Fingerprint or key ID?

Always the full fingerprint (40 hex). Short key IDs are collision-prone and have been used in real key-impersonation attacks.

Re-publish after rotation?

Yes. Upload new key to keys.openpgp.org, update WKD, update fingerprint everywhere it\'s published.

Next steps.

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store

Get it on Google Play