Docs Menu

Attester Guide

The Attester is a key server for FlowCrypt users. You can use it to manage your public key or search for someone else’s. In the sections below, we’ll visually guide you through how you can upload, change, delete, or search for a key using the Attester.

Upload a public key

Since the Attester is primarily designed for FlowCrypt users, submitting a public key to the Attester server is optional, though the option to submit it is selected by default during the setup process. While setting up the FlowCrypt extension, you’ll encounter a screen that looks like this:

browser attester key setup

At this stage, you can either upload your own key or let FlowCrypt generate a new keypair for you. Regardless of the option you choose, the public part of your key (the public key) is only sent to the Attester server if you leave the default option Submit the corresponding pubkey to FlowCrypt Attester enabled. This makes the public key publicly available for anyone who wishes to send you encrypted messages.

Alternatively, you can choose to deselect the submission option and skip uploading your public key to the Attester. If you opt for this, you’ll need to manually share your public key with each recipient, which, while functional, is less convenient.

Checking and replacing public key record

You can check the status of your public key record within the FlowCrypt browser extension by opening the FlowCrypt Settings, then navigating to ⮕ Additional SettingsAttester. Here, you’ll find an overview of your public key’s status per email address, reflecting its synchronization between the FlowCrypt browser extension and the Attester.

  • Submitted correctly, can receive encrypted email.: The FlowCrypt Attester has the correct record.
  • Missing record. Your contacts will not know you have encryption set up.: This means that your public key cannot be found when searching through flowcrypt.com/lookup. It is advisable to submit your public key in this case, which you can do by clicking SUBMIT PUBLIC KEY.
  • Wrong public key recorded. Your incoming email may be unreadable when encrypted.: A public key for that email address already exists but does not match the one currently in your FlowCrypt installation. It is recommended to take the necessary action to decide which key to use and then submit the appropriate public key by clicking CORRECT PUBLIC KEY.

If you are away from your web browser where FlowCrypt is installed and would like to replace your public key in the Attester, you can achieve the same goal through flowcrypt.com/attester and click Update or Replace Your Public Key. It will redirect you to a page that looks like this:

browser attester key replace

There, paste the new key you wish to use into the text area, then enter your email and click Replace Public Key. You’ll receive a confirmation email, and upon confirming, your key will be updated on the Attester database.

Remove a public key

Removing a key via the Attester is even more straightforward than uploading it. Browse to flowcrypt.com/attester and click Dismiss Your Public Key, or just go directly to this section. You should see this page:

browser attester key dismiss

Enter your email address and click Dismiss Public Key. You’ll receive an email requesting confirmation. This is important because it prevents other people from dismissing your key without your consent. Click the confirmation link and you’re done.

Sync with other key servers

Public keys uploaded to Attester aren’t automatically synced to any other key servers. If you communicate with people who use other OpenPGP software, who don’t use WKD (Web Key Directory) or other advanced solutions, we recommend uploading your public key manually to openpgp.org as well.

Search for a public key

Searching for a key can be done at flowcrypt.com/lookup address. Type in the email address you wish to find and click Get Public Key. You’ll be presented with the following information:

browser attester key search

The Long ID is a unique signature used to identify your public key. For example, with the GnuPG command line utility, we can download and view a public key from the Attester server using its Long ID like so:

➜  ~ gpg --keyserver attester.flowcrypt.com --recv-keys 33C0ECECB888C419
gpg: directory '/home/alex/.gnupg' created
gpg: keybox '/home/alex/.gnupg/pubring.kbx' created
gpg: /home/alex/.gnupg/trustdb.gpg: trustdb created
gpg: key 33C0ECECB888C419: public key "Alejandro Alvarado <alex@flowcrypt.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

➜  ~ gpg --export -a
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEXtkufxYJKwYBBAHaRw8BAQdAEumP9mQ4J2WwxvobXB83FleS7rzAMiVBpnm0
aXiH3zO0J0FsZWphbmRybyBBbHZhcmFkbyA8YWxleEBmbG93Y3J5cHQuY29tPoh4
BBAWCgAgBQJe2S5/BgsJBwgDAgQVCAoCBBYCAQACGQECGwMCHgEACgkQM8Ds7LiI
xBl/5gEAiAmBnaA9gqy9DnlmWneBLXokjh8w0YxrF9L/Pn/bf5IBAIC2DeFZjCGq
tkYhjqboHjYrik1NsZQjJTkUOEksDxcIuDgEXtkufxIKKwYBBAGXVQEFAQEHQCn3
uPFsdPiffwNwXVl8ybf5vuruvi42Bh6XISO62odyAwEIB4hhBBgWCAAJBQJe2S5/
AhsMAAoJEDPA7Oy4iMQZMC8A/jJguhTkVhvPagLK7e/IbDlLpZ1Eq+1EHXr77Wnl
uR/sAP9AN818MJ9dBD1yo6XoYHQRG9uAW5AW/xP5Tr+Y6Z8eAg==
=crYM
-----END PGP PUBLIC KEY BLOCK-----

That’s it! We hope this guide has helped you attain Attester mastery. If you’re still stuck trying to do something on the Attester, don’t hesitate to reach out to us at human@flowcrypt.com.

Content © FlowCrypt a.s.
Layout from Cockroach Labs,CC Attr 4.0, edited