Warning: this document is deprecated; the author discourages applying this specification and/or the included generator.
An Internet-Draft exists, which provides a well-documented header format and specifications.

Embedding a custom header inside regular email headers to advertise a commonly-used PGP or GnuPG key has its advantages. Let's say we are sending non-signed and non-encrypted emails:

  • First, an automated recognition software can alert receiving users that a specific key is available to download, to eventually verify future signed emails, whilst remaining hidden and unobtrusive to regular users.
  • Second, it offers a kind of "shallow" validation of the authenticity of a key: need to verify my key fingerprint? Check my X-PGP-Key header since last month!

You can skip to see the formal syntax yourself or generate your header.

Header example

Here's my X-PGP-Key header (yes, it's appended to each email I send).

X-PGP-Key: fp="C2CD AAE3 357C 347D 3860  A04A 431A 6C70 41D5 A786";
        id="0x41D5A786"; get=<http://www.tankmiche.com/data/uploads/tankmiche.asc>;

Since I use the mutt email client, the header is automatically set thanks to the my_hdr command I put in my .muttrc initialization file.


ABNF syntax

What is needed in this context is a set of rules and a clear syntax to define a standard header format, so that programs could parse it automatically.
We therefore propose the following, expressed in ABNF notation, and using some of RFC 2234's own base specifications, whereas the URL specification is in RFC 1738.

pgp-key-header     =    "X-PGP-Key:" prop-list CRLF
          ; Header definition as a set properties ended by a internet standard
          ; newline, with the header key "X-PGP-Key".

prop-list          =    ident *(";" source)
          ; Identification plus source(s), if available.

ident              =    long-id / ident-fprint
          ; Identification is either a long id or fingerprint identifier; the
          ; latter is preferable as it's human-oriented and readable.

long-id            =    "id=0x" 40HEXDIG
          ; The long-id property is defined by the key "id", and its value is
          ; a hexadecimal of 40 digits, starting with "0x".

short-id           =    "id=0x" (16HEXDIG / 8HEXDIG)
          ; The short-id property is defined by the key "id", and its value is
          ; a hexadecimal of 16 or 8 digits, starting with "0x".
          ; Example: id=0x01234567

ident-fprint       =    fprint [";" short-id]
          ; The fingerprint identifier contains the mandatory key fingerprint
          ; and an optional short id. Long would be redundant in this context.

fprint             =    "fp=" DQUOTE fprint-half SP SP fprint-half DQUOTE
          ; A fingerprint has the "fp" key and contains, inside double quotes,
          ; the key fingerprint with the halves separated by two spaces.
          ; Example: fp="0123 4567 89AB CDEF 0123  4567 89AB CDEF 0123 4567"

fprint-half        =    4(4HEXDIG SP) 4HEXDIG
          ; A half fingerprint contains five 4-digit hex numbers separated by
          ; spaces only in the middle.

source             =    "get=<" URL ">"
          ; A source has the "get" key and contains a URL embedded in braces.
          ; For the definition of URL see i.e. [rfc1738].