Peter's Public Key Server Code
Brought to you by:
rodan
File | Date | Author | Commit |
---|---|---|---|
htdocs | 2010-07-28 | rodan | [r8] better 'key not found' error reporting |
scripts | 2010-09-07 | rodan | [r10] added sample script that removes unwanted keys |
README | 2009-05-21 | rodan | [r3] optional dependencies added |
Peter's Public Key Server Overview This software package is an implementation of the OpenPGP HTTP Keyserver Protocol Internet-Draft. It's a collection of perl CGI scripts, apache is used for the networking part and GnuPG itself manages the keyring. Both http and hkp can be used to interact with the key server. License A BSD license covers all files of this project. Legalese hereunder: Copyright (c) 2009, Petre Rodan All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * The names of the contributors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Files ./ppks/htdocs apache DocumentRoot. the apache process must be able to read all the files from this directory. ./ppks/htdocs/pks apache ScriptAlias, see below for configuration example. ./ppks/htdocs/pks/lookup CGI script that handles public key searches and retrievals ./ppks/htdocs/pks/add CGI script that handles importing keys into the pks. ./ppks/htdocs/*.{cgi,css,html,ico} webpage content ./ppks/htdocs/localconfig file that has to be edited prior to use the pks. ./ppks/scripts/trust_paths.sh sample script that generates an image with the trust paths between the keys present in the pks. ./ppks/scripts/pks_cleanup.sh sample script that removes keys that have a given characteristic from the pks Dependencies apache provides all the networking functions for the pks URI: http://httpd.apache.org gnupg manages all the operations related to the public keys URI: http://www.gnupg.org perl server side scripting language URI: http://www.perl.org GNUPG::Interface gnupg functions for perl URI: http://search.cpan.org/dist/GnuPG-Interface sims optional dependency that generates the trust paths between keys present in the pks URI: https://svn.tokkee.org/sims/ gpgstats optional dependency for generating statistics URI: http://www.vanheusden.com/gpgstats/ Install edit the htdocs/localconfig file configure a virtualhost for the keyserver. see this sample: ################################################# Listen 11371 <VirtualHost *:80> ServerName keyserver.YOURDOMAIN RedirectMatch (.*)$ http://keyserver.YOURDOMAIN:11371$1 </VirtualHost> <VirtualHost *:11371> ServerName keyserver.YOURDOMAIN DocumentRoot /local/web/keyserver.YOURDOMAIN/htdocs ScriptAlias /pks/ /local/web/keyserver.YOURDOMAIN/htdocs/pks/ <Directory /local/web/keyserver.YOURDOMAIN/htdocs> AddHandler cgi-script .cgi Options +ExecCGI DirectoryIndex index.cgi index.html allow from all </Directory> ErrorLog logs/keyserver_error SetEnvIf Request_URI "\.(gif|png|jpe?g|js|css|ico)$" dont_log=1 CustomLog logs/keyserver_access combined env=!dont_log RewriteEngine on RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD) RewriteRule .* - [F] </VirtualHost> ###### 8< #################################