CKD — Key Discovery
CKD (Cipher Key Directory) is a public key lookup service. It lets you encrypt a file for any Cipher user using only their email address — no manual key exchange. Lookups use trust-on-first-use (TOFU) caching.
CKD currently publishes to the Madstone-hosted directory at
keys.madstone.dev. Self-hosted and
federated CKD is a documented future design, not a shipped feature.How it works
- You publish your public X25519 key to CKD under your email address.
- Anyone can look up your key by email and encrypt a file for you.
- Only you can decrypt it, using your private key.
Publish your key
mdstn-cipher keys publish --email alice@team.com| Flag | Type | Default | Description |
|---|---|---|---|
--email | string | — | Your email address (required) |
--server-url | string | $CIPHER_SERVER_URL | CKD server URL (optional) |
Encrypt for a recipient
mdstn-cipher encrypt report.pdf --for colleague@team.comCipher discovers the recipient’s public key via CKD, then produces a .mdstn file only they can open.
Look up a key
mdstn-cipher lookup colleague@team.com --save| Flag | Type | Default | Description |
|---|---|---|---|
--save | bool | false | Save the result to the local CKD cache |
--json | bool | false | Output as JSON |
Unpublish your key
mdstn-cipher keys unpublish --email alice@team.comYour key is removed from CKD. Existing encrypted files remain decryptable with your private key.