(Get your PGP key signed! Sign up at http://www.biglumber.com/ now and BeFound(TM).)

Stuck behind a fascist firewall? Access the kjsl.com keyserver via port 80. Also, add "keyserver hkp://keyserver.kjsl.com:80" to your GPG configuration file for a permanent firewall workaround.

NOTE: Keys with multiple subkeys, a revoked subkey (tag 0x28), duplicate keyids, direct key signatures (tag 0x1F), revocation signatures on userids (tag 0x30, see previous link), or photo IDs are only handled properly by certain keyservers. Such servers include keyserver.kjsl.com and the two LDAP-accessible servers (all listed below), as well as the SKS servers; keyserver.kjsl.com does not retain photo IDs, however. (subkeys.pgp.net includes kjsl.com and various SKS servers.) Version 4 RSA keys and/or uncommon key types (RFC 2440 and later) may also be stored under the wrong keyid and/or report the wrong fingerprint (ala RFC 1991) on keyservers running older software. When this happens, search for the key by words in the userid, if applicable, or use a server mentioned above instead. (Other servers may also support some or all of these features but are not listed above due to various factors (software not yet released for production or poor/nonexistent synchronization with other keyservers).)

Many public keyservers can be found in the pgp.net and keyserver.net domains. Use "host -la <domain>" or "dig @<server> axfr <domain>" to get the latest lists.

Currently functioning (unique, no CNAMEs) pgp.net servers:

  1. wwwkeys.ch.pgp.net / pgp.keyserver.ch (pks: PGP Key Server 0.9.4+patch2+JHpatch1+p20020525)
  2. (status) wwwkeys.cz.pgp.net / pks.ms.mff.cuni.cz / pks.gpg.cz / wwwkeys.gpg.cz (SKS: 1.0.9)
  3. wwwkeys.de.pgp.net / blackhole.pca.dfn.de (German lang., translation) (port 11371) (SKS: 1.0.7, was pks: PGP Key Server 0.9.6)
  4. (down!, temporarily removed from pgp.net DNS RRs - status) wwwkeys.dk.pgp.net / {pks,keys}.pgp.dk (Danish lang.) (pks: PGP Key Server 0.9.4+patch2+MWjumbopatch)
  5. (missing large key patch) (status) wwwkeys.es.pgp.net / pgp.lsi.upc.es (pks: PGP Key Server 0.9.4+patch1) (alternate web form)
  6. wwwkeys.nl.pgp.net:11371 / {minsky,pgp}.surfnet.nl:11371 ((SKS: 1.0.9)
  7. wwwkeys.uk.pgp.net / the.earth.li (port 11371) (onak: 0.3.0, was pks: PGP Key Server 0.9.6)
  8. wwwkeys.{1,dtype}.us.pgp.net / pgp.dtype.org (pks: PGP Key Server 0.9.6)
  9. wwwkeys.{2,kjsl}.us.pgp.net:11371 / keyserver.kjsl.com:11371 (pks: PGP Key Server 0.9.4+patch2+JHpatch2)
  10. wwwkeys.{3,stinkfoot}.us.pgp.net / keyserver.stinkfoot.org (port 11371) (SKS: 1.0.9, was pks: PGP Key Server 0.9.6+cvs)
Additionally, wwwkeys.pgp.net is a DNS round-robin (RR) record for the following pgp.net hosts: ch, cz, de, dk, nl, 1.us, 2.us, and 3.us. wwwkeys.eu.pgp.net is another, pointing to the ch, dk, and nl hosts. wwwkeys.us.pgp.net is now a RR for wwwkeys.{1,2,3}.us.pgp.net. subkeys.pgp.net:11371, another RR, includes kjsl.com and various SKS servers, all of which handle multiple subkeys.

Note: Some software doesn't properly rotate among DNS RR IP addresses, so using a non-RR hostname may be necessary if a RR host is down/unreachable.

Currently functioning (even disavowed) keyserver.net servers:

  1. (unsynchronized) www.keyserver.net:11371 (was aka {belgium,search}.keyserver.net) (OKS: OpenKeyServer v1.2)
  2. (down!) (unsynchronized) france.keyserver.net / keyserver.linuxmotor.com (OKS: OpenKeyServer v1.2)
  3. (down!) (unsynchronized, web form does lookups on wrong host) usa.keyserver.net / keyserver2.linuxmotor.com (OKS: OpenKeyServer v1.2)
  4. (unsynchronized) pgp.loxinfo.co.th (was aka thailand.keyserver.net) (OKS: OpenKeyServer v1.2)

Some more public keyservers:

  1. {pgp,pgpkeys}.mit.edu (port 11371) (pks: PGP Key Server 0.9.6)
  2. (down!) pgp.cc.gatech.edu (pks: PGP Key Server 0.9.4)
  3. pgp.es.net (pks: PGP Key Server 0.9.4+patch2)
  4. pgp.rediris.es (port 11371) (nice stats) - good explanations on searching and revocation (pks: PGP Key Server 0.9.6)
  5. pgp.nic.ad.jp (pks: PGP Key Server 0.9.6)
  6. pgp.uk.demon.net (pks: PGP Key Server 0.9.4+patch2+modifiedMWjumbopatch)
  7. pgp.zdv.uni-mainz.de (SKS: 1.0.9, was pks: PGP Key Server 0.9.5+cvs.20021008)
  8. keyserver.linux.it (port 11371) (SKS: 1.0.9, was pks: PGP Key Server 0.9.6+cvs)
  9. pgp.upb.de (uni-paderborn.de) (port 11371) (pks: PGP Key Server 0.9.6+cvs)
  10. pks.carnet.hr / ds.carnet.hr (port 11371) (SKS 1.0.9, was pks: PGP Key Server 0.9.6+cvs)
  11. keys.iif.hu (port 11371) (pks: PGP Key Server 0.9.6)
  12. pgp.escomposlinux.org (port 11371) - PHP web form (pks: PGP Key Server 0.9.5+cvs)
  13. pgp.ael.be:11371 (SKS: 1.0.9, was pks: PGP Key Server 0.9.5rc1-cvs)
  14. keyserver.mcbone.net (was keyserver.topnet.de, was aka germany.keyserver.net) (pks: PGP Key Server 0.9.6+cvs, formerly OKS: OpenKeyServer v1.2b3)
  15. pgp.eteo.mondragon.edu (port 11371) (pks: PGP Key Server 0.9.6+cvs)
  16. new server! pgp.demonserver.de:11371 / pgp.demonlord.de:11371 (port 80) (pks: PGP Key Server 0.9.6)

LDAP keyservers:

  1. ldap://horowitz.surfnet.nl:11370 (was aka pgp.surfnet.nl) (Server: PGP Certificate Server (Unix), Version: 2.5.1)
  2. (unsynchronized) ldap://keyserver-legacy.pgp.com - back in service (Server: PGP Keyserver, Enterprise Edition, Version: 7.0)


Discontinued keyservers:

My private keyserver (patched):

Some more lists of public keyservers:

A realtime public keyserver status page:


$Date: 2005/04/06 21:39:14 $