keyserver/README.md
2024-11-11 04:54:24 -05:00

1.9 KiB

jake's keyserver

This program pokes gpg when it receives a key. Then it does stuff to the output gpg produces and stores it in a postgres database.

Features

  • 'Secret' upload path.
  • Disable upload for secret, normal path, or both. For when you don't want people to upload keys.

Requirements

  • Relevant Mojo/Mojolicious modules
  • Postgresql server
  • GnuPG

Install on your distro

Maybe it is packaged by your distro maintainers?

  • Debian
apt install libmojolicious-perl libmojo-pg-perl

(Not sure if you'll need to cpan Mojo::File and/or Mojo::Util)

Install via cpan (or cpan-minus, considered way better by most)

cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util

Installing via cpan(m) will work because the Mojolicious devs are competent.

To use

Create the config file

cp keyserver.conf.example keyserver.conf

Note that hypnotoad/morbo looks for the config file in the same directory as it was called from. I have no idea how to change this as there isn't a --config-file option one can use with hypnotoad or morbo.

Create relevant details for the database.

An example that you may follow:

sudo -u postgres psql
postgres=# create database jjakkekeyserverdb;
postgres=# create user jjakkekeyserver with encrypted password 'password';
postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver;
postgres=# \c jjakkekeyserverdb;
postgres=# grant all privileges on schema public to jjakkekeyserver;

Start Program

hypnotoad -f keyserver; # starts in foreground

Proxy

It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443.

Usage

GnuPG examples

gpg --keyserver hkp://hostname --send-keys <keyid>
gpg --keyserver hkp://hostname --search-keys <search string>
gpg --keyserver hkp://hostname --recv-keys <keyid>

Web browser

http://hostname