sks-keyserver /

Filename Size Date modified Message
bdb
sampleConfig
sampleWeb
132 B
initial import
181 B
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
329 B
Added tag 1.1.6 for changeset 1664585bb129
3.3 KB
Release 1.1.6
1.9 KB
Backed out changeset: 778bc302045e
10.1 KB
Use ocamlfind for finding dependencies
225 B
Update CHANGELOG and FILES
18.1 KB
Add LICENSE - a copy of the GPL v2.0
10.9 KB
Add num to findlib packages
172 B
small improvements to README
8.6 KB
Release 1.1.6
5.2 KB
Backed out changeset: 778bc302045e
1.4 KB
Backed out changeset: 778bc302045e
2.0 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
2.5 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
6 B
Release 1.1.6
2.9 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
49 B
zeroed out mlis of exe's
4.4 KB
Drop unnecessary metadata from ASCII-armored OpenPGP keys
147 B
more interface tweaks
5.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
4.1 KB
cleaned up some mlis
9.5 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
1.1 KB
Clean up MLI files, remove Unix module (comes from internal lables, that should not be exposed externally for individual modules
8.2 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
5.1 KB
Build.get_keys: make it tail recursive.
238 B
more interface tweaks
4.5 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
2.5 KB
removed yet more pointless mli
4.6 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
121 B
more mli cleanup
12.9 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
5.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
13.1 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
58 B
more mli cleanup
7.7 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
993 B
Add more mli files
8.6 KB
Set development version suffix after release
2.0 KB
Add version suffix (+) for development version. Add SKS version identifier to files outputting logs where this was not included.
2.6 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
8.6 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
1.4 KB
more mli cleanup
2.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
29.7 KB
57 B
more mli cleanup
2.8 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
5.9 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
270 B
Add mli files for client, decode and prime
7.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
4.2 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
749 B
Add more mli files
9.1 KB
Better support for IPv6 default configuration.
7.7 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
7.6 KB
correct definition of v4 keyid
6.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
853 B
Add check if upload is a revocation certificate, and if it is, produce an error message tailored for this
2.4 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
4.0 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
346 B
Add more mli files
4.7 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
4.8 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
1.8 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
4.0 KB
Issue26: Fix a non-persistent cross-site scripting possibility resulting from improper input sanitation before writing to client.
456 B
Add more mli files
4.1 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
22.6 KB
Small comment fix
2.2 KB
Add more mli files
2.1 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
5.0 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
1.5 KB
Add more mli files
3.3 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
125 B
Add more mli files
9.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
46.3 KB
Keydb.add_keys: use List.rev_map instead of List.map for tail recursion
10.4 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
2.1 KB
Add more mli files
2.8 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
4.2 KB
Replaced occurrances of the deprecated operator 'or' with '||'
2.2 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
9.5 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
3.2 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
6.5 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
2.4 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
1.7 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
4.5 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
8.2 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
2.5 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
5.4 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
2.9 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
2.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
4.2 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
915 B
Add more mli files
5.3 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
2.6 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
2.5 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
6.1 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
5.6 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
10.9 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
6.6 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
6.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
11.7 KB
Add support for EdDSA key using Ed25519 signature scheme
2.7 KB
Add more mli files
13.2 KB
(parsePGP.ml) Add OID for Curve25519 encryption
1.4 KB
Fixes for machine-readable indices.
4.5 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
4.8 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
6.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
1.0 KB
Add more mli files
3.8 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
33.9 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
1.1 KB
slimmed down prefixTree mli
6.5 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
3.9 KB
Replaced occurrances of the deprecated operator 'or' with '||'
179 B
Add mli files for client, decode and prime
2.6 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
149 B
Add more mli files
5.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
3.6 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
2.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
3.3 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
1.6 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
3.2 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
5.9 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
1.0 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
2.0 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
124 B
Add more mli files
7.0 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
717 B
Further cleanup of reconCS.mli
4.7 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
218 B
Add more mli files
8.2 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
1.1 KB
Add more mli files
1.6 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
1.3 KB
Add more mli files
14.3 KB
Better support for IPv6 default configuration.
1.2 KB
Add more mli files
4.2 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
571 B
Add mli for common.ml, with additional required changes
3.9 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
316 B
Clean up MLI files, remove Unix module (comes from internal lables, that should not be exposed externally for individual modules
4.5 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
477 B
Import new .mli files from gnuks fork
2.0 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
233 B
Import new .mli files from gnuks fork
17.1 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
4.1 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
6.6 KB
fix misspellings
689 B
Add more mli files
15.1 KB
Clean up merges from later changes
4.2 KB
Add settable for nodename -- the name of the actual executing machine
6.6 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
35 B
zeroed out mlis of exe's
9.6 KB
Final cleanup and preparation for 1.1.5
537 B
Backed out changeset: 778bc302045e
1.5 KB
Backed out changeset: 778bc302045e
2.7 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
3.3 KB
Backed out changeset: 778bc302045e
6.1 KB
Added a 2nd space for the MD5 HASH sum creation as some systems require two spaces.
848 B
Backed out changeset: 778bc302045e
5.0 KB
HTML cleanup in 1.1.2 broke the spider tool. Fixed
7.7 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
765 B
Clean up MLI files, remove Unix module (comes from internal lables, that should not be exposed externally for individual modules
4.2 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
1.8 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
2.1 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
5.1 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
6.6 KB
cleaned up some mlis
10.7 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
1.8 KB
Compile with ocaml 4.02.3 (dev-mode fatal warnings)
2.4 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
82 B
Add interface file for version.ml
15.3 KB
1.5 KB
Improved the HTTP error codes returned for various errors and added
6.0 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013
4.9 KB
[mq]: 2013-copyright-update: Update Copyright notices for 2013

SKS Keyserver

The following is an incomplete guide to compiling, setting up and using SKS. Hopefully this is enough to get you started, in addition there is a wiki available, where in particular https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering should help getting a working installation.

Prerequisites

There are a few prerequisites to building this code. You need:

Verifying the integrity of the download

Releases of SKS are signed using the SKS Keyserver Signing Key available on public keyservers with the KeyID

0x41259773973A612A

and has a fingerprint of

C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A.

Using GnuPG, verification can be accomplished by, first, retrieving the signing key using

gpg --keyserver pool.sks-keyservers.net --recv-key 0x41259773973A612A

followed by verifying that you have the correct key

gpg --keyid-format long --fingerprint 0x41259773973A612A

should produce:

pub   4096R/41259773973A612A 2012-06-27
Key fingerprint = C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A

A check should also be made that the key is signed by trustworthy other keys;

gpg --list-sigs 0x41259773973A612A

and the fingerprint should be verified through other trustworthy sources.

Once you are certain that you have the correct key downloaded, you can create a local signature, in order to remember that you have verified the key.

 gpg --lsign-key 0x41259773973A612A

Finally; verifying the downloaded file can be done using

gpg --keyid-format long --verify sks-x.y.z.tgz.asc

The resulting output should be similar to

gpg: Signature made Wed Jun 27 12:52:39 2012 CEST
gpg:                using RSA key 41259773973A612A
gpg: Good signature from "SKS Keyserver Signing Key"

Compilation and Installation

  • Install OCaml and Berkeley DB

    When installing ocaml, make sure you do both the make world and the make opt steps before installing. The later makes sure you get the optimizing compilers. (do make opt.opt if you want faster compilation. You can then set the environment variables OCAMLC, OCAMLOPT and CALMP4O to ocamlc.opt, ocamlopt.opt and camlp4o.opt respectively.)

    If your vendor or porting project supplies prebuilt binaries and libraries for Berkeley DB, make sure to get the development package as you will need the correct version include files.

  • Copy Makefile.local.unused to Makefile.local, and edit to match your installation.

  • Compile

    make dep
    make all
    make all.bc # if you want the bytecode versions
    make install # puts executables in $PREFIX/bin, as defined
                 # in Makefile.local
    

    There are some other useful compilation targets, mostly useful for development.

    • make doc

      creates a doc directory with ocamldoc-generated documentation of the individual modules. These are mostly useful as documentation to the source code, not a user's guide.

    • make modules.ps

      Creates a ps-file that shows the dependencies between different modules, and gives you a sense of the overall structure of the system. For this to work you need to have AT&T's graphviz installed, as well as python2. The python script that's used actually requires that python2 be called python2, rather than python. You can of course edit that script.

Setup and Configuration

You need to set up a directory for the SKS installation. It will contain the database files along with configuration and log files.

Configuration options can be passed in on the command-line or put in the sksconf file in the SKS directory. the -basedir option specifies the SKS directory itself, which defaults to the current working directory.

Sksconf and commandline options

The format of the sksconf file is simply a bunch of lines of the form:

keyword: value

The # character is used for comments, and blank lines are ignored. The keywords are just the command-line flags, minus the initial -.

The one thing you probably want no matter what is a line that says

logfile: log

which ensures that sks will output messages to recon.log and db.log respectively.

Membership file

If you want your server to gossip with others, you will need a membership file which tells the sks recon who else to gossip with. The membership file should look something like:

epidemic.cs.cornell.edu 11370
athos.rutgers.edu 11370
...

This file should be called membership, and should be stored in the SKS directory. Note that in order for synchronization to work, both hosts have to have each other in their membership lists. Send mail to sks-devel@nongnu.org to get other SKS administrators to add you to their membership lists.

IMPORTANT NOTE: if you include the server itself in the membership file, you should make sure that you also specify the hostname option, and that the selected hostname is exactly the same string listed in the membership file. Otherwise, the sks recon will try to synchronize with itself and will deadlock.

Outgoing PKS synchronization: mailsync file

The mailsync file contains a list of email addresses of PKS keyservers. This file is important, because it ensures that keys submitted directly to an SKS keyserver are also forwarded to PKS keyservers.

IMPORTANT: don't add someone to your mailsync file without getting their permission first!

In order for outgoing email sync's to work, you need to specify a command to actually send the email out. The default is sendmail -t -oi, but you may need something different.

Incoming PKS synchronization

Incoming PKS synchronization is less critical than outgoing, since as long as some SKS server gets the new data, it will be distributed to all. Having more hosts receive the incoming PKS syncs does, however, increase the fault-tolerance of the connection between the two systems.

In order to get incoming mail working, you should pipe the appropriate incoming mail to the following command via procmail:

sks_add_mail sks_directory_name

Here's an example procmail entry:

PATH=/path/of/sks/exectuables

:0
* ^Subject: incremental
| sks_add_mail sks_directory_name

Built-in webserver

You can server up a simple index page directly from the port you're using for HKP. This is done by creating a subdirectory in your SKS directory called web. There, you can put an index file named index.html, index.htm, index.xhtm, or index.xhtml, supporting files with extensions .css, .es, or .js, and some image files with extensions jpg, jpeg, png or gif. Subdirectories will be ignored, as will filenames with anything other than alphanumeric characters and the '.' character. This is particularly useful if you want to run your webserver off of port 80. This can be done by using the -hkp_port command-line option.

Building up the databases

  • First, you need to get a keydump. If you're running a PKS server, you should be able to convince PKS to generate one for you. If you're starting from scratch, you'll need to download one from the net. You should contact the pgp keyserver list pgp-keyserver-folk@flame.org

  • in the SKS directory, put in a subdirectory called dump which contains the keydump files from which the database is to be built.

  • Run sks_build.sh. That script actually runs three utilities. You might want to edit sks_build.sh if you want to trade off speed for space usage. At the current settings, you could run out of ram if you try this with less then 256 megs of RAM.

DO NOT DELETE THE dump DIRECTORY, even after the database is built. The original keys are not copied to the database, and so the dump must be left in place.

Platform specific issues

FreeBSD

On FreeBSD it appears that libdb is named differently than on some other platforms. For that reason, you need to set the LIBDB environment value to -ldb46 instead of -ldb-4.6 for other platfomrs.