My collection of keysigning party related stuff
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
bin
example
README
TODO
keyserver.conf

README

KSP Keyserver v0.1
------------------

As a first warning: this tools were never thought to be published...
I used them to organize a few KSP with participants from 20 to 150. So
basically they seem to work....

The Keyserver: 

the keyserver is implemented in perl and only support the "add" method. So users
can send their key via gpg --send-key .... This is much better than hoping to get 
all keys correctly via mail.

The keyserver supports vhosts (if $vhostmode is enabled). That means that it uses
HTTP 1.1 to detect the targethostname and then drops the key to: $basedir/$targethost/keys/$keyid. 
Otherwise the key gets dropped to $basedir. 

Requirements:
Log::LogLite (Debian package liblog-loglite-perl) e.a.

There are a few variables that can be adjusted via a configuration file.
Default location of that file is keyserver.conf in the top level directory of
the keyserver. This can be overwritten via the --configfile commandline
option.

The configuration file is a simple key/value.
The following options are supported:

basedir = /home/ksp/ksps <- Where to work and store the keys
gpg = /usr/bin/gpg <- where is the gpg binary located
vhostmode = 1 <- enable vhostmode (see above) 
bind = 0.0.0.0 <- bind to a specific ip
daemonize = 1 <- go into background? 
LOG_FILE = /home/ksp/kspkeyserver.log <- logfile
LOG_LEVEL = 7 <- loglevel: 1 means virtually nothing - 7 all 
updatehook = updatehook.sh %f <- some script to run after a key got submitted.
                                 %f gets replaced by the filename of the new key
                                 %v gets replaced with the (sanitized) vhostname

The environment variable KSP_HOMEDIR is honored to overrule /home/ksp.  So,
starting the server as

 $ KSP_HOMEDIR=/tmp/ksp ./bin/kspkeyserver.pl

could be useful for testing purposes.

If you want to run multiple ksps in vhost mode simultaneous you may need to look some of them because you
want to prevent the submission of new keys after the deadline. Just touch $basedir/$targethost/locked and the 
keysigning server will send the submitter an error. (Unfortunatly gpg don't understands the enhanced error messages)

For security reasons you have to create $basedir/$targethost manually, otherwise anybody can create directorys on your 
system with a faked HTTP/1.1 header. This will change to a config option in the future. 

After configuring you can send a key via gpg and the hkp protocol to your server: 
gpg --keyserver hkp://your.host.bar --send YOURKEYID