341 lines
7.9 KiB
HTML
341 lines
7.9 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of GPG-WKS-SERVER</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>GPG-WKS-SERVER</H1>
|
|
Section: GNU Privacy Guard 2.2 (1)<BR>Updated: 2019-11-23<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
<B>gpg-wks-server</B>
|
|
|
|
- Server providing the Web Key Service
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<B>gpg-wks-server</B>
|
|
|
|
[<I>options</I>]
|
|
|
|
<B>--receive</B>
|
|
|
|
<BR>
|
|
|
|
<B>gpg-wks-server</B>
|
|
|
|
[<I>options</I>]
|
|
|
|
<B>--cron</B>
|
|
|
|
<BR>
|
|
|
|
<B>gpg-wks-server</B>
|
|
|
|
[<I>options</I>]
|
|
|
|
<B>--list-domains</B>
|
|
|
|
<BR>
|
|
|
|
<B>gpg-wks-server</B>
|
|
|
|
[<I>options</I>]
|
|
|
|
<B>--check-key</B>
|
|
|
|
<I>user-id</I>
|
|
|
|
<BR>
|
|
|
|
<B>gpg-wks-server</B>
|
|
|
|
[<I>options</I>]
|
|
|
|
<B>--install-key</B>
|
|
|
|
<I>file</I>
|
|
|
|
<I>user-id</I>
|
|
|
|
<BR>
|
|
|
|
<B>gpg-wks-server</B>
|
|
|
|
[<I>options</I>]
|
|
|
|
<B>--remove-key</B>
|
|
|
|
<I>user-id</I>
|
|
|
|
<BR>
|
|
|
|
<B>gpg-wks-server</B>
|
|
|
|
[<I>options</I>]
|
|
|
|
<B>--revoke-key</B>
|
|
|
|
<I>user-id</I>
|
|
|
|
<P>
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
The <B>gpg-wks-server</B> is a server site implementation of the
|
|
Web Key Service. It receives requests for publication, sends
|
|
confirmation requests, receives confirmations, and published the key.
|
|
It also has features to ease the setup and maintenance of a Web Key
|
|
Directory.
|
|
<P>
|
|
When used with the command <B>--receive</B> a single Web Key Service
|
|
mail is processed. Commonly this command is used with the option
|
|
<B>--send</B> to directly send the crerated mails back. See below
|
|
for an installation example.
|
|
<P>
|
|
The command <B>--cron</B> is used for regualr cleanup tasks. For
|
|
example non-confirmed requested should be removed after their expire
|
|
time. It is best to run this command once a day from a cronjob.
|
|
<P>
|
|
The command <B>--list-domains</B> prints all configured domains.
|
|
Further it creates missing directories for the configuration and
|
|
prints warnings pertaining to problems in the configuration.
|
|
<P>
|
|
The command <B>--check-key</B> (or just <B>--check</B>) checks
|
|
whether a key with the given user-id is installed. The process returns
|
|
success in this case; to also print a diagnostic use the option
|
|
<B>-v</B>. If the key is not installed a diagnostic is printed and
|
|
the process returns failure; to suppress the diagnostic, use option
|
|
<B>-q</B>. More than one user-id can be given; see also option
|
|
<B>with-file</B>.
|
|
<P>
|
|
The command <B>--install-key</B> manually installs a key into the
|
|
WKD. The arguments are a file with the keyblock and the user-id to
|
|
install. If the first argument resembles a fingerprint the key is
|
|
taken from the current keyring; to force the use of a file, prefix the
|
|
first argument with "./". If no arguments are given the parameters
|
|
are read from stdin; the expected format are lines with the
|
|
fingerprint and the mailbox separated by a space.
|
|
<P>
|
|
The command <B>--remove-key</B> uninstalls a key from the WKD. The
|
|
process returns success in this case; to also print a diagnostic, use
|
|
option <B>-v</B>. If the key is not installed a diagnostic is
|
|
printed and the process returns failure; to suppress the diagnostic,
|
|
use option <B>-q</B>.
|
|
<P>
|
|
The command <B>--revoke-key</B> is not yet functional.
|
|
<P>
|
|
<P>
|
|
<A NAME="lbAE"> </A>
|
|
<H2>OPTIONS</H2>
|
|
|
|
<P>
|
|
<B>gpg-wks-server</B> understands these options:
|
|
<P>
|
|
<P>
|
|
<DL COMPACT>
|
|
<DT id="1"><B>-C </B><I>dir</I>
|
|
|
|
<DD>
|
|
|
|
<B>--directory </B><I>dir</I>
|
|
|
|
Use <I>dir</I> as top level directory for domains. The default is
|
|
'<I>/var/lib/gnupg/wks</I>'.
|
|
<P>
|
|
<DT id="2"><B>--from </B><I>mailaddr</I>
|
|
|
|
<DD>
|
|
Use <I>mailaddr</I> as the default sender address.
|
|
<P>
|
|
<DT id="3"><B>--header </B><I>name</I>=<I>value</I>
|
|
|
|
<DD>
|
|
Add the mail header "<I>name</I>: <I>value</I>" to all outgoing mails.
|
|
<P>
|
|
<DT id="4"><B>--send</B>
|
|
|
|
<DD>
|
|
Directly send created mails using the <B>sendmail</B> command.
|
|
Requires installation of that command.
|
|
<P>
|
|
<DT id="5"><B>-o </B><I>file</I>
|
|
|
|
<DD>
|
|
|
|
<B>--output </B><I>file</I>
|
|
|
|
Write the created mail also to <I>file</I>. Note that the value
|
|
<B>-</B> for <I>file</I> would write it to stdout.
|
|
<P>
|
|
<DT id="6"><B>--with-dir</B>
|
|
|
|
<DD>
|
|
When used with the command <B>--list-domains</B> print for each
|
|
installed domain the domain name and its directory name.
|
|
<P>
|
|
<DT id="7"><B>--with-file</B>
|
|
|
|
<DD>
|
|
When used with the command <B>--check-key</B> print for each user-id,
|
|
the address, 'i' for installed key or 'n' for not installed key, and
|
|
the filename.
|
|
<P>
|
|
<DT id="8"><B>--verbose</B>
|
|
|
|
<DD>
|
|
Enable extra informational output.
|
|
<P>
|
|
<DT id="9"><B>--quiet</B>
|
|
|
|
<DD>
|
|
Disable almost all informational output.
|
|
<P>
|
|
<DT id="10"><B>--version</B>
|
|
|
|
<DD>
|
|
Print version of the program and exit.
|
|
<P>
|
|
<DT id="11"><B>--help</B>
|
|
|
|
<DD>
|
|
Display a brief help page and exit.
|
|
<P>
|
|
</DL>
|
|
<P>
|
|
|
|
<P>
|
|
<P>
|
|
<A NAME="lbAF"> </A>
|
|
<H2>EXAMPLES</H2>
|
|
|
|
<P>
|
|
The Web Key Service requires a working directory to store keys
|
|
pending for publication. As root create a working directory:
|
|
<P>
|
|
<DL COMPACT><DT id="12"><DD>
|
|
<PRE>
|
|
# mkdir /var/lib/gnupg/wks
|
|
# chown webkey:webkey /var/lib/gnupg/wks
|
|
# chmod 2750 /var/lib/gnupg/wks
|
|
</PRE>
|
|
|
|
</DL>
|
|
|
|
<P>
|
|
Then under your webkey account create directories for all your
|
|
domains. Here we do it for "example.net":
|
|
<P>
|
|
<DL COMPACT><DT id="13"><DD>
|
|
<PRE>
|
|
$ mkdir /var/lib/gnupg/wks/example.net
|
|
</PRE>
|
|
|
|
</DL>
|
|
|
|
<P>
|
|
Finally run
|
|
<P>
|
|
<DL COMPACT><DT id="14"><DD>
|
|
<PRE>
|
|
$ gpg-wks-server --list-domains
|
|
</PRE>
|
|
|
|
</DL>
|
|
|
|
<P>
|
|
to create the required sub-directories with the permissions set
|
|
correctly. For each domain a submission address needs to be
|
|
configured. All service mails are directed to that address. It can
|
|
be the same address for all configured domains, for example:
|
|
<P>
|
|
<DL COMPACT><DT id="15"><DD>
|
|
<PRE>
|
|
$ cd /var/lib/gnupg/wks/example.net
|
|
$ echo <A HREF="mailto:key-submission@example.net">key-submission@example.net</A> >submission-address
|
|
</PRE>
|
|
|
|
</DL>
|
|
|
|
<P>
|
|
The protocol requires that the key to be published is send with an
|
|
encrypted mail to the service. Thus you need to create a key for
|
|
the submission address:
|
|
<P>
|
|
<DL COMPACT><DT id="16"><DD>
|
|
<PRE>
|
|
$ gpg --batch --passphrase '' --quick-gen-key <A HREF="mailto:key-submission@example.net">key-submission@example.net</A>
|
|
$ gpg -K <A HREF="mailto:key-submission@example.net">key-submission@example.net</A>
|
|
</PRE>
|
|
|
|
</DL>
|
|
|
|
<P>
|
|
The output of the last command looks similar to this:
|
|
<P>
|
|
<DL COMPACT><DT id="17"><DD>
|
|
<PRE>
|
|
sec rsa3072 2016-08-30 [SC]
|
|
C0FCF8642D830C53246211400346653590B3795B
|
|
uid [ultimate] <A HREF="mailto:key-submission@example.net">key-submission@example.net</A>
|
|
ssb rsa3072 2016-08-30 [E]
|
|
</PRE>
|
|
|
|
</DL>
|
|
|
|
<P>
|
|
Take the fingerprint from that output and manually publish the key:
|
|
<P>
|
|
<DL COMPACT><DT id="18"><DD>
|
|
<PRE>
|
|
$ gpg-wks-server --install-key C0FCF8642D830C53246211400346653590B3795B \
|
|
> <A HREF="mailto:key-submission@example.net">key-submission@example.net</A>
|
|
</PRE>
|
|
|
|
</DL>
|
|
|
|
<P>
|
|
Finally that submission address needs to be redirected to a script
|
|
running <B>gpg-wks-server</B>. The <B>procmail</B> command can
|
|
be used for this: Redirect the submission address to the user "webkey"
|
|
and put this into webkey's '<I>.procmailrc</I>':
|
|
<P>
|
|
<DL COMPACT><DT id="19"><DD>
|
|
<PRE>
|
|
:0
|
|
* !^From: <A HREF="mailto:webkey@example.net">webkey@example.net</A>
|
|
* !^X-WKS-Loop: webkey.example.net
|
|
|gpg-wks-server -v --receive \
|
|
--header X-WKS-Loop=webkey.example.net \
|
|
--from <A HREF="mailto:webkey@example.net">webkey@example.net</A> --send
|
|
</PRE>
|
|
|
|
</DL>
|
|
|
|
<P>
|
|
<P>
|
|
<A NAME="lbAG"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?1+gpg-wks-client">gpg-wks-client</A></B>(1)
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="20"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="21"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="22"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="23"><A HREF="#lbAE">OPTIONS</A><DD>
|
|
<DT id="24"><A HREF="#lbAF">EXAMPLES</A><DD>
|
|
<DT id="25"><A HREF="#lbAG">SEE ALSO</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:05:15 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|