{{#> layout }}
Hagrid implements both the legacy HKP interface, as well as our native interface, VKS.
Hagrid has its own URL scheme to fetch keys.
GET /vks/v1/by-fingerprint/<FINGERPRINT>
Retrieves the key with the
given Fingerprint. Fingerprint may refer to the
primary key, or any subkey. Hexadecimal digits MUST be uppercase,
and MUST NOT be prefixed with 0x
. The returned key
is ASCII Armored.
GET /vks/v1/by-keyid/<KEY-ID>
Retrieves the key with the given
long KeyID. KeyID may refer to the primary key,
or any subkey. Hexadecimal digits MUST be uppercase, and MUST NOT
be prefixed with 0x
. returned key is ASCII
Armored.
GET /vks/v1/by-email/<URL-encoded user ID>
Retrieves the key with the given User ID. Only exact matches are accepted. Lookup by User ID requires opt-in by the key's owner. The returned key is ASCII Armored.
Hagrid implements a subset of the HKP protocol so that tools like GnuPG and OpenKeychain can use it without modification.
GET /pks/lookup?op=get&options=mr&search=<QUERY>
Returns an ASCII Armored key matching the query. Query may be:
localpart@example.org
.069C0C348DD82C19
, optionally prefixed by 0x
).
8E8C33FA4626337976D97978069C0C348DD82C19
,
optionally prefixed by 0x
).
Note that while the hexadecimal digits may use either case, using upper case letters is more efficient with Hagrid.
GET /pks/lookup?op=index&options=mr&search=<QUERY>
Returns a machine-readable list of keys matching the query. Query may have the forms detailed above. Hagrid always returns either one or no keys at all.
POST /pks/add
Keys may be submitted using a POST request
to /pks/add
, the body of the request being
a application/x-www-form-urlencoded
query.
keytext
must be the key to submit, either ASCII
Armored or not.
By design, Hagrid cannot (or intentionally chooses not to) implement, the full HKP protocol. The main limitations are:
op=vindex
,exact=on
is
always assumed),fingerprint
variable is ignored,nm
option is ignored,op=index
returns either one or no keys,