
Type an e-mail address into most OpenPGP keyservers. You will get something like:
Type bits/keyID Date User ID
pub 255E/0x8C39D09E68D27179 2026/05/08 Alice Dupont <alice@example.com>
A newcomer landing on that page understands nothing: what is a pub? a KeyID? why 255E? is the key still valid?
At foopgp, we believe a keyserver has to serve everyone — from the expert verifier who wants to surf across the Web of Trust, to the correspondent who simply wants to inspect their recipient’s certificate. Existing servers serve neither well.
Our service keys.foopgp.org now runs on a build we rewrote in depth. Here is what it looks like.

Searching for mneme — two keys returned, two-column layout with portrait on one side, identifiers on the other. Screenshot from keys.foopgp.org/pks/lookup?op=index&search=mneme.
Seven design decisions surface at first glance:
2026-05-08, 2037-05-05) instead of the ambiguous 05/08/2026. No hesitation between month and day.ed25519) instead of the historical mnemonic 255E.Everything renders in the browser’s language — English, French, German, Spanish, Italian, Ukrainian, or Polish. Seven languages, matching the header used elsewhere on foopgp.org so a visitor never “changes country” between our pages.
Or “verbose” (op=vindex instead of op=index):

Detailed view: a key with all its signatures visible, including revoked UIDs (greyed out).
Three differences from the standard mode:
sig 0xFE13… Jean-Jacques B. under <jjbrucker@foopgp.org> means “Jean-Jacques has self-certified this identity”. A rev prefix means the signature has been revoked since.Alongside the rendering, we tightened security. A public keyserver is a regular target — flood attacks, WoT poisoning, malformed packets. The build we ship applies five hardenings partly borrowed from the IETF draft draft-dkg-openpgp-abuse-resistant-keystore
:
drop_v3=false config toggle is gone: no backdoor.aged, dump-aged, clean-aged) — an operator can list keys dormant for N years, export an encrypted bundle, or purge them without leaking their content on the way out.None of this is foopgp-specific. We hope these improvements will make their way into upstream onak, so the whole Debian community can benefit.
HTML rendering was extracted into a minimal Mustache -style templating engine — 200 lines of C, no external dependency, no server-side JavaScript. Two templates ship in the package:
vanilla — the legacy output (<pre> monospace), rendered from a template instead of being hardcoded in C. An operator who prefers the historical look keeps it.foopgp — the two-column layout you just saw. This is our package default.An operator who wants their own look adds their template to /etc/onak.ini:
[main]
template_dir=/usr/share/onak/templates/mytheme
and ships their own key_index.html. No C change required.
The foopgp template fits in a single 130-line file: some CSS, some fairly generic JavaScript, no dependencies.
Our work ships as onak-foopgp, a Debian source and binary package distinct from Debian’s official onak.
We hope this fork will not last. Our new features (see “what we put in place”) can be merged upstream, and so can the templating engine. The foopgp flavour — the two-column template, the seven-language landing page, the footer contact link to the operator’s key — is an editorial choice: it should not silently impose itself on a vanilla onak administrator following a Debian upgrade.
Conversely, our branch stays periodically rebase-able onto upstream. Every improvement in onak’s main branch, we pick it up.
The keyserver is one step on a longer path. Our roadmap:
keydb_uetree backend (spec in progress) would let onak serve certificates from a uetree tree — backed up, synchronised, and sharded through git.foopgp/main)apt install onak-foopgp from our repositoryIf you hit a bug: open an issue or write to us, encrypted and signed, at mneme@foopgp.org .