You can access the keyserver in two ways:
- via an hkp:// or x-hkp:// compatible client such as Gnu Privacy Guard (GPG). This is similar to http, but normally runs on port 11371 not port 80.
- through the web interface at port 11371.
Adding and updating keys
You can add new keys to this keyserver or update existing ones, through the same mechanism of sending the key to the keyserver. The keyserver will examine any key it receives to see if it already has a copy and if it does then it will merge the new key and the existing key together.
Searching for keys
You can search for keys by any of these methods:
- By searching for any text in any user ID.
- By searching for a key ID.
- By searching for an SKS full-key hash.
You cannot delete a key from a keyserver. That is a deliberate design decision inherent in all public keyservers. Because keys are public then once published they can go anywhere and be kept by anyone and you would never know. Furthermore the signatures that you have created in the past might still need verification long after you have stopped using the key.
So OpenPGP works on the following principles for old keys:
- If you no longer have access to the private key then just leave the public key alone. Noone else can use it after all. There is the possibility that someone might use it to send you encrypted information that you then cannot decrypt but if it was that important then they can send it again.
- If you do still have access to the private key but do not want to use the public key for any reason, such as when you believe it may have been compromised, then you can revoke the public key and publish the revoked key to keyservers. That way people who regularly update their keys from keyservers will discover that they cannot use your key any more.