Keyserver

From NoName e.V.
Revision as of 19:40, 27 February 2010 by SECuRE (talk | contribs) (Created page with 'Originally found here and copied to ensure it doesn’t vanish: http://www.rainydayz.org/node/10 I've been trying to install a PGP keyserver for some time, then found sks. It's …')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Originally found here and copied to ensure it doesn’t vanish: http://www.rainydayz.org/node/10

I've been trying to install a PGP keyserver for some time, then found sks. It's in the Ubuntu repositories, so actually installing it is a breeze :

# sudo apt-get install sks

However, configuring it is a little more complicated, here are the steps I took :

  • Open a terminal window
  • Create the database to store the keys
# sudo sks build
  • Start sks, then close it, to ensure that all files it requires are created correctly
# sudo sks db ^C
  • Set database permissions on the database used by sks to store keys
# sudo chown -Rc debian-sks:debian-sks /var/lib/sks/DB
  • To start the server automatically, set initstart=yes in /etc/default/sks
  • Edit /etc/init.d/sks to automatically create the/var/run/sks directory on startup. At (approx) line 71 (after the check for /etc/default/sks & before 'echo -n "sksdb.."') add
mkdir -p `dirname "$SKSDBPID"`
chown debian-sks `dirname "$SKSDBPID"`
  • The log archive script which is run daily from cron assumes that sks is using db4.1. Under Ubuntu the database used is db4.6. In /etc/cron.daily/sks change db4.1_archive to db4.6_archive.

The keyserver can be started

# sudo /etc/init.d/sks start

It listens on port 11371, and can be used with the encryption tools provided by Ubuntu, Thunderbird & Evolution

Now, to configure the web-interface, I had to find two files which weren't included in the distribution. These are :

  • index.html : main keyserver web-page
  • keys.jpg : image displayed on the keyserver web-page

You can download an archive containing these files from here to your machine. To install the files :

  • Unzip the archive
# tar cvjf sks_www.tar.bz2
  • Edit index.html and change the three references to your.site.name (currently at lines 20, 36 & 62) to the url of your keyserver (in my case keyserver.rainydayz.org)
  • Make a directory for the files where the keyserver will look for them
# sudo mkdir /var/lib/sks/www
  • Copy the files
# sudo cp index.html /var/lib/sks/www/
# sudo cp keys.jpg /var/lib/sks/www/
  • Change permissions on the files
# sudo chown -R debian-sks:debian-sks /var/lib/sks/www

You should now be able to browse to your server on port 11371 and search for, upload & download keys. As example, my keyserver can be found at http://keyserver.rainydayz.org:11371