PGP-EKP is an email user interface to PGP keyservers. Since even today only few keyservers are accessible via HTTP port 80, submitting and retrieving PGP keys via email may be the only way for users behind restrictive firewalls to interact with the PGP keyserver network.

It's purpose is NOT to handle incremental updates between keyservers to synchronize with each other. It's main use is to provide an email interface like the one in PKSd to keyservers which do not implement this interface on their own.

PGP-EKP tries to emulate the behaviour of the original PKSd implementation and follows the (non-Internet!) "Email Keyserver Protocol Draft 3" from Richard Laager.

All data exchange is handled via HTTP (no direct database access, no keyserver softare dependency).

The LAST command is currently not implemented, and will probably be never due to the impossibility to fetch this data via HTTP.

*) Prerequisites:

PGP-EKP requires Perl and some common perl modules to run. The versions below were used to develop and test this software, but other versions may work too.

Mailing: Sendmail, Postfix or whatever is interoperable with Procmail Procmail

Environment: Perl (5.6.1) MailTools (1.60) URI (1.30) libwww-perl (5.63) MIME::Lite (3.01) Config::IniFiles (2.39)

*) Installation:

You can put PGP-EKP wherever you want and procmail can access it. I prefer putting pgp-ekp.ini in /etc, pgp-ekp.pl in /usr/bin and the help files in /usr/share/pgp-ekp, but you can really drop them where you want!

Note: There is absolutely no reason to run PGP-EKP as root! You've been warned!

If you are already running a keyserver, in most cases you will run PGP-EKP as the keyserver's user (cause pgp-public-keys@mydomain.net may already point to this user for synchronization).

*) Configuration:

After installation please check if the path to the perl interpreter and the location of the config file at the top of pgp-ekp.pl are correct!

There are some config options in pgp-ekp.ini which need adjustment for your environment:

debug - Set to 1 to write debug output to the logfile. [0] keyurl - The keyserver url to exchange data with. ["http://keyserver.net:11371/"] proxyurl - If you need a proxy server to access the keyserver, give it's URL here, otherwise leave empty. ["http://proxy.mydomain.net:8080/"] timeout - The HTTP request timeout (secs) for accessing the keyserver. [60] adminaddr - The keyserver admin's mail address. ["pks-admin\@mydomain.net"] pubaddr - The keyserver's public mail address. ["pgp-public-keys\@mydomain.net"] puburl - If you need to specify a different keyserver URL for help responses, give it's URL here, otherwise leave empty. ["http://keyserver2.net:11371/"] datadir - Where to search for the help files. ["/usr/share/pgp-ekp"] logfile - Where to put logging and debug output. ["/var/log/pgp-ekp.log"]

Default HELP language: PGP-EKP uses a fallback system to choose the correct language help file (eg. help-<lang>.txt). If no help file exists for the requested language it searches for the default help file (help.txt). To choose the default language simply link it to help.txt, eg.

  help.txt -> help-en.txt

Procmail config: See procmailrc.ex for an example.

*) Help File Translations:

Well, you may have noticed there are currently very few translated help files available. If you are able to change this - please do. Contributions of new translated help files are always welcome!

Please pay attention to keep this special strings in the translated files:


They will be replaced with the servers public mail address and URL when sent back to the user.

*) Bugs:

I've done careful testing on this software. However there is nothing like perfect software and I'm not a Perl guru, so don't hold off sending bug reports and suggestions to me (see AUTHORS file).

Regarding bug reports - more details are more useful. ;-)