Menu

Tree [r10] /
 History

HTTPS svn://
HTTPS access

File Date Author Commit
 htdocs 2010-07-28 rodan [r8] better 'key not found' error reporting
 scripts 2010-09-07 rodan [r10] added sample script that removes unwanted keys
 README 2009-05-21 rodan [r3] optional dependencies added

Read Me

Peter's Public Key Server

Overview

	This software package is an implementation of the OpenPGP HTTP Keyserver Protocol Internet-Draft. It's a collection of perl CGI scripts, apache is used for the networking part and GnuPG itself manages the keyring. Both http and hkp can be used to interact with the key server. 

License

	A BSD license covers all files of this project. Legalese hereunder:

Copyright (c) 2009, Petre Rodan
All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
    * The names of the contributors may not be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Files

	./ppks/htdocs
		apache DocumentRoot. the apache process must be able to read all the files from this directory.

	./ppks/htdocs/pks
		apache ScriptAlias, see below for configuration example.

	./ppks/htdocs/pks/lookup
		CGI script that handles public key searches and retrievals

	./ppks/htdocs/pks/add
		CGI script that handles importing keys into the pks.

	./ppks/htdocs/*.{cgi,css,html,ico}
		webpage content

	./ppks/htdocs/localconfig
		file that has to be edited prior to use the pks.

	./ppks/scripts/trust_paths.sh
		sample script that generates an image with the trust paths between the keys present in the pks.

	./ppks/scripts/pks_cleanup.sh
		sample script that removes keys that have a given characteristic from the pks

Dependencies

	apache
		provides all the networking functions for the pks
		URI: http://httpd.apache.org
	gnupg
		manages all the operations related to the public keys
		URI: http://www.gnupg.org
	perl
		server side scripting language
		URI: http://www.perl.org
	GNUPG::Interface
		gnupg functions for perl
		URI: http://search.cpan.org/dist/GnuPG-Interface
	sims
		optional dependency that generates the trust paths between keys present in the pks
		URI: https://svn.tokkee.org/sims/
	gpgstats
		optional dependency for generating statistics
		URI: http://www.vanheusden.com/gpgstats/

Install

	edit the htdocs/localconfig file

	configure a virtualhost for the keyserver. see this sample:

  #################################################
	Listen 11371

	<VirtualHost *:80>

        ServerName keyserver.YOURDOMAIN
        RedirectMatch (.*)$ http://keyserver.YOURDOMAIN:11371$1

	</VirtualHost>

	<VirtualHost *:11371>

        ServerName keyserver.YOURDOMAIN

        DocumentRoot /local/web/keyserver.YOURDOMAIN/htdocs

        ScriptAlias /pks/ /local/web/keyserver.YOURDOMAIN/htdocs/pks/

        <Directory /local/web/keyserver.YOURDOMAIN/htdocs>
                AddHandler cgi-script .cgi
                Options +ExecCGI
                DirectoryIndex index.cgi index.html
                allow from all
        </Directory>

        ErrorLog logs/keyserver_error
        SetEnvIf Request_URI "\.(gif|png|jpe?g|js|css|ico)$" dont_log=1
        CustomLog logs/keyserver_access combined env=!dont_log

        RewriteEngine on
        RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)
        RewriteRule .* - [F]
                           
	</VirtualHost>
  ###### 8< #################################