keys.indymedia.org provides ways to retrieve and share gnupg keys, using http(s) and hkp(s), as well as a tor hidden service.

You can use it with this web interface at http(s)://keys.indymedia.org or http(s)://qtt2yl5jocgrk7nu.onion (for tor), or in gnupg with hkp(s)://keys.indymedia.org or hkp://2eghzlv2wwcq7u7y.onion.

You'll need gnupg 1.4.10 or higher and gnupg-curl to be able to use SSL version of this service.

To use this keyserver by default, simply add :

keyserver hkp://2eghzlv2wwcq7u7y.onion

(if you want to use gnupg with tor, like 'torsocks gpg --COMMAND')

or

keyserver hkp://keys.indymedia.org

or

keyserver hkps://keys.indymedia.org

in your gpg.conf (usually in $HOME/.gnupg/gpg.conf).

If you use the later hpks version, you'll need to tell gnupg (version 1.4.10 or higher, with gnupg-curl, remember) where the cacert certificate is.
Under debian, you just have to add "keyserver-options ca-cert-file=/etc/ssl/certs/cacert.org.pem" right after the previous line.
However, if you're running another (UNIX) OS, download the cacert certificate (Class 1 PKI, PEM format should work), and tell gnupg by adding the line rather like: "keyserver-options ca-cert-file=/path/where/you/downloaded/cacert/cert.pem"

Note:Using hkps on the onion address isn't encouraged, as you'll end up with certificate checks errors, due to the missing .onion hostname in the certificate. You'll have the same problem if you want to browse https on the .onion address. Fortunately, tor's hidden service provides by itself strong end-to-end encryption between you and the keyserver, but you will lost the "authentication" advantages of hkps. If you want this, our certificate is signed by cacert, so you can easily verify it.