jjakke/keyserver
jjakke/keyserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
A pure Perl keyserver!
5 commits 1 branch 0 tags 154 KiB
Perl 100%
Find a file
jake 13e373bb3f update template to handle signature class a bit better
2024-11-11 13:21:05 -05:00
templates update template to handle signature class a bit better 2024-11-11 13:21:05 -05:00
.gitignore GIT THIS 2024-11-11 04:54:24 -05:00
keyserver import key, so that gpg-2.2.x actually shows relevent data with --with-colons 2024-11-11 12:56:13 -05:00
keyserver.conf.example import key, so that gpg-2.2.x actually shows relevent data with --with-colons 2024-11-11 12:56:13 -05:00
README.md import key, so that gpg-2.2.x actually shows relevent data with --with-colons 2024-11-11 12:56:13 -05:00
todo GIT THIS 2024-11-11 04:54:24 -05:00
upload_key.pl GIT THIS 2024-11-11 04:54:24 -05:00

README.md

jake's keyserver

This program pokes gpg when it receives a key. Then it does stuff to the output gpg produces and stores it in a postgres database. This program is exceedingly fragile; thanks to it's reliance on GnuPG.

On gpg-2.2.x and on gpg-2.4.x --with-colons flag on a file has differing outputs, 2.2.x omitting signature records but 2.4.x not omitting signature records.

To show the signature records for 2.2.x gpg, one must import the key then run 'gpg --with-colons --list-sigs john@domain'. On 2.4.x, --with-colons will show them without having to import the key.

Due to this, I've opted to always import key, plug that output to a bunch of regexs, then delete them. Meaning, if you upload your own key while the program is running as your user, it will delete your own key.

Features

  • 'Secret' upload path.
  • Disable upload for secret, normal path, or both. For when you don't want people to upload keys.

Requirements

  • Relevant Mojo/Mojolicious modules
  • Postgresql server
  • GnuPG
  • A dedicated user (DO NOT RUN AS YOUR DAILY USER)

Install on your distro

Maybe it is packaged by your distro maintainers?

  • Debian
apt install libmojolicious-perl libmojo-pg-perl

(Not sure if you'll need to cpan Mojo::File and/or Mojo::Util)

Install via cpan (or cpan-minus, considered way better by most)

cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util

Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependancy breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on)

To use

Create a dedicated user to run this program

sudo useradd --system -m /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
sudo chmod 700 /var/jjakkekeyserver
sudo -u jjakkekeyserver --set-home gpg  # gpg needs to create some files or it won't work right.  press Ctrl + D to exit it.

Create the config file

cp keyserver.conf.example keyserver.conf

Note that hypnotoad/morbo looks for the config file in the same directory as it was called from. I have no idea how to change this as there isn't a --config-file option one can use with hypnotoad or morbo.

Create relevant details for the database.

An example that you may follow:

sudo -u postgres psql
postgres=# create database jjakkekeyserverdb;
postgres=# create user jjakkekeyserver with encrypted password 'password';
postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver;
postgres=# \c jjakkekeyserverdb;
postgres=# grant all privileges on schema public to jjakkekeyserver;

Start Program

sudo -u jjakkekeyserver hypnotoad -f keyserver; # -f = starts in foreground

Proxy

It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443.

Usage

GnuPG examples

gpg --keyserver hkp://hostname --send-keys <keyid>
gpg --keyserver hkp://hostname --search-keys <search string>
gpg --keyserver hkp://hostname --recv-keys <keyid>

Web browser

http://hostname