A pure Perl keyserver!
Find a file
2024-11-16 02:56:14 -05:00
lib adjust number for opengpg format length_of_length 2024-11-16 02:56:14 -05:00
templates fix bug where v4 signature doesnt have keyid but does have fingerprint issuer -> make it appear correctly 2024-11-16 01:54:07 -05:00
.gitignore GIT THIS 2024-11-11 04:54:24 -05:00
jjakkekeyserver.service add .service file and update README a little. 2024-11-16 01:30:49 -05:00
keyserver adjust number for opengpg format length_of_length 2024-11-16 02:56:14 -05:00
keyserver.conf.example Update README.md and update example config file 2024-11-16 01:08:01 -05:00
README.md update README.md to be more accurate 2024-11-16 02:35:42 -05:00
upload_key.pl GIT THIS 2024-11-11 04:54:24 -05:00

jake's keyserver

A pure Perl keyserver! When it receives a key, it does stuff to it then sticks it in postgres database.

Features

  • 'Secret' upload path.
  • Disable upload for secret, normal path, or both. For when you don't want people to upload keys.

Requirements

  • Perl v5.38.0 or greater
  • Relevant Mojo/Mojolicious modules and other Perl modules
  • Postgresql server
  • A dedicated user would be nice

Install on your distro

Maybe it is packaged by your distro maintainers?

  • Debian
apt install libmojolicious-perl libmojo-pg-perl

Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry! So, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install v5.38.x.

perlbrew (with Debian 12.8)

% sudo apt install perlbrew
% sudo -u jjakkekeyserver perlbrew init
% echo 'source ~/perl5/perlbrew/etc/bashrc' | sudo -u jjakkekeyserver tee -a /var/jjakkekeyserver/.profile
% sudo -u jjakkekeyserver perlbrew available            # pick at least v5.38.x.  Here I pick 5.40.x
% sudo -u jjakkekeyserver perlbrew install perl-5.40.0  # this *will* take a while
% sudo -u jjakkekeyserver perlbrew install-cpanm
% sudo chsh jjakkekeyserver -s /bin/bash                # we will set this back to /bin/nologin later
% sudo -u jjakkekeyserver -i
jjakkekeyserver% PERL_CPANM_HOME=/tmp cpanm DBD::Pg     # needs postgresql-server-dev-xx (on debian)
jjakkekeyserver% cpanm Mojolicious Mojo::Pg             #   AND postgres itself must be running
                                                        #   DBD::Pg test wants to poke stuff, fails otherwise
jjakkekeyserver% perl ./keyserver                       # see whats broken or not.
# after you've made sure it works...
jjakkekeyserver% exit
% sudo chsh jjakkekeyserver -s /bin/nologin

postgres

Probably not needed info, but postgres here is version 15.

% sudo apt install postgresql postgresql-server-dev-xx
% sudo -u postgres psql                                 # test if 'active' so to speak.

Follow instructions from 'Create relevent details for the database.'

Install via cpan (or cpan-minus, considered way better by most)

cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util

Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on)

To use

Create a dedicated user to run this program

sudo useradd --system --create-home --home-dir /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver

Create the config file

cp keyserver.conf.example keyserver.conf

Create relevant details for the database.

An example that you may follow:

sudo -u postgres psql
postgres=# create database jjakkekeyserverdb;
postgres=# create user jjakkekeyserver with encrypted password 'password';
postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver;
postgres=# \c jjakkekeyserverdb;
jjakkekeyserverdb=# grant all privileges on schema public to jjakkekeyserver;
jjakkekeyserverdb=# exit

Start Program

sudo -u jjakkekeyserver hypnotoad -f keyserver ./keyserver.conf; # -f = starts in foreground

Proxy

It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443.

Usage

GnuPG examples

gpg --keyserver hkp(s)://hostname --send-keys <keyid>
gpg --keyserver hkp(s)://hostname --search-keys <search string>
gpg --keyserver hkp(s)://hostname --recv-keys <keyid>

Web browser

http(s)://hostname

SystemD

Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not.

vim jjakkekeyserver.service               
sudo cp jjakkekeyserver.service /etc/systemd/system
sudo systemctl daemon-reload
sudo systemctl start jjakkekeyserver.service