Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Looking for keyserver software without any validation or fancy features
bernd at kr217
Jul 7, 2023, 1:59 AM
Post #1 of 5 (258 views)
Permalink
Hi *,

For a test setup / proof of concent / lab, I'm looking for a pretty
simple keyserver implementation.

I don't need any form of validation, web ui, etc.
At least I want to be able to disable send mail validation, federation,
web server, and what not.

I just want to be able to send and receive keys to/from a server.

All machines in this setup are running Debian 11 or 12.

hagrid and huckeypuck are total overkill, and at least hagrid is not
even /intended/ to be "self hosted".

I have seen https://github.com/SKS-Keyserver/sks-keyserver but still
have to check it out if it really suites my needs.

`gpg-wks-server` has to send and receive verification mails, right?
I would like to avoid having to configure a mail-server and mail-clients.

Are there any other options?
I would like to not take `cp` and `scp` as an option, I'm doing this
already...

Thanks.
Bernd

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Looking for keyserver software without any validation or fancy features [ In reply to ]
gnupg-users at gnupg
Jul 7, 2023, 3:21 AM
Post #2 of 5 (258 views)
Permalink
On Fri, 7 Jul 2023 10:59, Bernd Naumann said:
> For a test setup / proof of concent / lab, I'm looking for a pretty
> simple keyserver implementation.

Use an LDAP server; this is the most flexible and best supported way to
store keys.

https://www.gnupg.org/blog/20201018-gnupg-and-ldap.html

> `gpg-wks-server` has to send and receive verification mails, right?
> I would like to avoid having to configure a mail-server and mail-clients.

gpg-wks-server is about key enrollment via mail and web. A simpler
setup is by using gpg-wks-client to create Web Key Directory locally and
then upload it.

gpg --list-options show-only-fpr-mbox | gpg-wks-client --install-key

or if you already got an LDAP:

https://gnupg.com/kb/mirror-ldap-to-wkd.html


Salam-Shalom,

Werner


--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Attached Files:

Re: Looking for keyserver software without any validation or fancy features [ In reply to ]
bernd at kr217
Jul 7, 2023, 3:53 AM
Post #3 of 5 (258 views)
Permalink
On 07.07.23 12:21, Werner Koch wrote:

> https://www.gnupg.org/blog/20201018-gnupg-and-ldap.html

Thanks, I will have a look into it.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Looking for keyserver software without any validation or fancy features [ In reply to ]
gnupg-users at gnupg
Jul 7, 2023, 4:51 AM
Post #4 of 5 (258 views)
Permalink
Hi, Bernd.
hagrid and huckeypuck are total overkill,

(Disclaimer: I’m one of the hockeypuck contributors)
If you have docker-compose installed, it’s *very* easy to spin up a test instance of hockeypuck, see the README at https://github.com/hockeypuck/hockeypuck
You will need a non-empty keydump to start with, but you can export a single key to a file with the suffix “.gpg” and it should suffice.
and at least hagrid is not
even /intended/ to be "self hosted".

I’m pretty sure you can self-host hagrid, although I haven’t tested it.
I have seen https://github.com/SKS-Keyserver/sks-keyserver but still
have to check it out if it really suites my needs.

SKS-keyserver is very similar to hockeypuck (hockeypuck was first developed as an SKS-keyserver replacement). It does have the ability for a quick-build that serves static files directly without ingesting them into a database in advance, however you will still probably have to build the ptree (at least in its default configuration). It also has an unofficial docker image at https://registry.hub.docker.com/r/zhusj/sks
Are there any other options?

https://github.com/PennockTech/openpgpkey-control comes to mind.
A
Re: Looking for keyserver software without any validation or fancy features [ In reply to ]
gnupg-users at gnupg
Jul 10, 2023, 8:53 AM
Post #5 of 5 (253 views)
Permalink
(resending because the previous mail went out HTML-only, apologies)

Hi, Bernd.

> hagrid and huckeypuck are total overkill,

(Disclaimer: I’m one of the hockeypuck contributors)

If you have docker-compose installed, it’s *very* easy to spin up a test instance of hockeypuck, see the README at https://github.com/hockeypuck/hockeypuck

You will need a non-empty keydump to start with, but you can export a single key to a file with the suffix “.gpg” and it should suffice.

> and at least hagrid is not
> even /intended/ to be "self hosted".

I’m pretty sure you can self-host hagrid, although I haven’t tested it.

> I have seen https://github.com/SKS-Keyserver/sks-keyserver but still
> have to check it out if it really suites my needs.

SKS-keyserver is very similar to hockeypuck (hockeypuck was first developed as an SKS-keyserver replacement). It does have the ability for a quick-build that serves static files directly without ingesting them into a database in advance, however you will still probably have to build the ptree (at least in its default configuration). It also has an unofficial docker image at https://registry.hub.docker.com/r/zhusj/sks <https://registry.hub.docker.com/r/zhusj/sks#!>
> Are there any other options?

https://github.com/PennockTech/openpgpkey-control comes to mind.

A

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal