man-pages/man1/gpg-wks-server.1.html
2021-03-31 01:06:50 +01:00

341 lines
7.9 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of GPG-WKS-SERVER</TITLE>
</HEAD><BODY>
<H1>GPG-WKS-SERVER</H1>
Section: GNU Privacy Guard 2.2 (1)<BR>Updated: 2019-11-23<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>gpg-wks-server</B>
- Server providing the Web Key Service
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>gpg-wks-server</B>
[<I>options</I>]
<B>--receive</B>
<BR>
<B>gpg-wks-server</B>
[<I>options</I>]
<B>--cron</B>
<BR>
<B>gpg-wks-server</B>
[<I>options</I>]
<B>--list-domains</B>
<BR>
<B>gpg-wks-server</B>
[<I>options</I>]
<B>--check-key</B>
<I>user-id</I>
<BR>
<B>gpg-wks-server</B>
[<I>options</I>]
<B>--install-key</B>
<I>file</I>
<I>user-id</I>
<BR>
<B>gpg-wks-server</B>
[<I>options</I>]
<B>--remove-key</B>
<I>user-id</I>
<BR>
<B>gpg-wks-server</B>
[<I>options</I>]
<B>--revoke-key</B>
<I>user-id</I>
<P>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
The <B>gpg-wks-server</B> is a server site implementation of the
Web Key Service. It receives requests for publication, sends
confirmation requests, receives confirmations, and published the key.
It also has features to ease the setup and maintenance of a Web Key
Directory.
<P>
When used with the command <B>--receive</B> a single Web Key Service
mail is processed. Commonly this command is used with the option
<B>--send</B> to directly send the crerated mails back. See below
for an installation example.
<P>
The command <B>--cron</B> is used for regualr cleanup tasks. For
example non-confirmed requested should be removed after their expire
time. It is best to run this command once a day from a cronjob.
<P>
The command <B>--list-domains</B> prints all configured domains.
Further it creates missing directories for the configuration and
prints warnings pertaining to problems in the configuration.
<P>
The command <B>--check-key</B> (or just <B>--check</B>) checks
whether a key with the given user-id is installed. The process returns
success in this case; to also print a diagnostic use the option
<B>-v</B>. If the key is not installed a diagnostic is printed and
the process returns failure; to suppress the diagnostic, use option
<B>-q</B>. More than one user-id can be given; see also option
<B>with-file</B>.
<P>
The command <B>--install-key</B> manually installs a key into the
WKD. The arguments are a file with the keyblock and the user-id to
install. If the first argument resembles a fingerprint the key is
taken from the current keyring; to force the use of a file, prefix the
first argument with &quot;./&quot;. If no arguments are given the parameters
are read from stdin; the expected format are lines with the
fingerprint and the mailbox separated by a space.
<P>
The command <B>--remove-key</B> uninstalls a key from the WKD. The
process returns success in this case; to also print a diagnostic, use
option <B>-v</B>. If the key is not installed a diagnostic is
printed and the process returns failure; to suppress the diagnostic,
use option <B>-q</B>.
<P>
The command <B>--revoke-key</B> is not yet functional.
<P>
<P>
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<P>
<B>gpg-wks-server</B> understands these options:
<P>
<P>
<DL COMPACT>
<DT id="1"><B>-C </B><I>dir</I>
<DD>
<B>--directory </B><I>dir</I>
Use <I>dir</I> as top level directory for domains. The default is
'<I>/var/lib/gnupg/wks</I>'.
<P>
<DT id="2"><B>--from </B><I>mailaddr</I>
<DD>
Use <I>mailaddr</I> as the default sender address.
<P>
<DT id="3"><B>--header </B><I>name</I>=<I>value</I>
<DD>
Add the mail header &quot;<I>name</I>: <I>value</I>&quot; to all outgoing mails.
<P>
<DT id="4"><B>--send</B>
<DD>
Directly send created mails using the <B>sendmail</B> command.
Requires installation of that command.
<P>
<DT id="5"><B>-o </B><I>file</I>
<DD>
<B>--output </B><I>file</I>
Write the created mail also to <I>file</I>. Note that the value
<B>-</B> for <I>file</I> would write it to stdout.
<P>
<DT id="6"><B>--with-dir</B>
<DD>
When used with the command <B>--list-domains</B> print for each
installed domain the domain name and its directory name.
<P>
<DT id="7"><B>--with-file</B>
<DD>
When used with the command <B>--check-key</B> print for each user-id,
the address, 'i' for installed key or 'n' for not installed key, and
the filename.
<P>
<DT id="8"><B>--verbose</B>
<DD>
Enable extra informational output.
<P>
<DT id="9"><B>--quiet</B>
<DD>
Disable almost all informational output.
<P>
<DT id="10"><B>--version</B>
<DD>
Print version of the program and exit.
<P>
<DT id="11"><B>--help</B>
<DD>
Display a brief help page and exit.
<P>
</DL>
<P>
<P>
<P>
<A NAME="lbAF">&nbsp;</A>
<H2>EXAMPLES</H2>
<P>
The Web Key Service requires a working directory to store keys
pending for publication. As root create a working directory:
<P>
<DL COMPACT><DT id="12"><DD>
<PRE>
# mkdir /var/lib/gnupg/wks
# chown webkey:webkey /var/lib/gnupg/wks
# chmod 2750 /var/lib/gnupg/wks
</PRE>
</DL>
<P>
Then under your webkey account create directories for all your
domains. Here we do it for &quot;example.net&quot;:
<P>
<DL COMPACT><DT id="13"><DD>
<PRE>
$ mkdir /var/lib/gnupg/wks/example.net
</PRE>
</DL>
<P>
Finally run
<P>
<DL COMPACT><DT id="14"><DD>
<PRE>
$ gpg-wks-server --list-domains
</PRE>
</DL>
<P>
to create the required sub-directories with the permissions set
correctly. For each domain a submission address needs to be
configured. All service mails are directed to that address. It can
be the same address for all configured domains, for example:
<P>
<DL COMPACT><DT id="15"><DD>
<PRE>
$ cd /var/lib/gnupg/wks/example.net
$ echo <A HREF="mailto:key-submission@example.net">key-submission@example.net</A> &gt;submission-address
</PRE>
</DL>
<P>
The protocol requires that the key to be published is send with an
encrypted mail to the service. Thus you need to create a key for
the submission address:
<P>
<DL COMPACT><DT id="16"><DD>
<PRE>
$ gpg --batch --passphrase '' --quick-gen-key <A HREF="mailto:key-submission@example.net">key-submission@example.net</A>
$ gpg -K <A HREF="mailto:key-submission@example.net">key-submission@example.net</A>
</PRE>
</DL>
<P>
The output of the last command looks similar to this:
<P>
<DL COMPACT><DT id="17"><DD>
<PRE>
sec rsa3072 2016-08-30 [SC]
C0FCF8642D830C53246211400346653590B3795B
uid [ultimate] <A HREF="mailto:key-submission@example.net">key-submission@example.net</A>
ssb rsa3072 2016-08-30 [E]
</PRE>
</DL>
<P>
Take the fingerprint from that output and manually publish the key:
<P>
<DL COMPACT><DT id="18"><DD>
<PRE>
$ gpg-wks-server --install-key C0FCF8642D830C53246211400346653590B3795B \
&gt; <A HREF="mailto:key-submission@example.net">key-submission@example.net</A>
</PRE>
</DL>
<P>
Finally that submission address needs to be redirected to a script
running <B>gpg-wks-server</B>. The <B>procmail</B> command can
be used for this: Redirect the submission address to the user &quot;webkey&quot;
and put this into webkey's '<I>.procmailrc</I>':
<P>
<DL COMPACT><DT id="19"><DD>
<PRE>
:0
* !^From: <A HREF="mailto:webkey@example.net">webkey@example.net</A>
* !^X-WKS-Loop: webkey.example.net
|gpg-wks-server -v --receive \
--header X-WKS-Loop=webkey.example.net \
--from <A HREF="mailto:webkey@example.net">webkey@example.net</A> --send
</PRE>
</DL>
<P>
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?1+gpg-wks-client">gpg-wks-client</A></B>(1)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="20"><A HREF="#lbAB">NAME</A><DD>
<DT id="21"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="22"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="23"><A HREF="#lbAE">OPTIONS</A><DD>
<DT id="24"><A HREF="#lbAF">EXAMPLES</A><DD>
<DT id="25"><A HREF="#lbAG">SEE ALSO</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:05:15 GMT, March 31, 2021
</BODY>
</HTML>