PKS/Lookup

Confirms that a person's email address or a key ID fingerprint is valid for signing email, smart card, and other digital information. If the person has previously signed digital content, the Web Key Service (WKS) of the Code Signing Key Server retrieves matching GPG public key from a key store.

Requirements

None. The Code Signing Key Server does not require a separate installation. However, to sync public keys to the caller's machine, be sure to call POST API/GetGPGPublicKey from Key Server first.

cURL syntax

From a Bash command prompt, use a cURL command to confirm the signature based an email address or fingerprint.

Command:

curl -kL https://{domain}/pks/lookup?op=get&search={criteria}

Syntax:

{domain): The domain of the server that contains the HKP server.
{criteria}: One of the following:
- Email address: L=[email]. To get the email address, use a GPG Environment Email Address.
- Fingerprint: 0x[fingerprint of the keyID]. To get a Fingerprint, call POST API/GetGPGPublicKey from Key Server.

Example: Confirm the public key via an email address is trusted

Request (cURL)

curl -kL "https://mydomain.example/pks/lookup?op=get&search=smartcard@venafi.local"

Example: Confirm the public key via a key ID fingerprint is trusted

Request (cURL)

curl -kL "https://mydomain.example/pks/lookup?op=get&search=0xCA4194AEB03A174CE06896A9E32529693FE7723D"