SKS Keyserver (Linux): Unterschied zwischen den Versionen

Aus Tutorials
Zur Navigation springen Zur Suche springen
Zeile 179: Zeile 179:
! style="text-align:left;"| Bezeichnung
! style="text-align:left;"| Bezeichnung
! style="text-align:left;"| Port
! style="text-align:left;"| Port
! style="text-align:left;"| Protokoll
|-
|-
|HKP
|HKP
|11371 / 80
|80
|
|-
|HKP
|11371
| TCP
|-
|-
|HKPS
|HKPS
|443
|443
|
|}
|}


Version vom 30. Dezember 2016, 14:20 Uhr

Noch in Bearbeitung


Installation

Die folgenden Befehle als Benutzer root ausführen: 

sudo -s

Paket installieren: 

apt-get install sks

Konfiguration

Vor Änderungen der Konfigurationen den SKS-Dämon stoppen: 

service sks stop

Datenbank als Benutzer debian-sks initialisieren: 

su debian-sks -c '/usr/sbin/sks build'

Wir verwenden den Server Standalone - dazu alle Kommunciationskanäle zu anderen Servern deaktivieren (vorher noch die Originaldateien sichern): 

mv /etc/sks/mailsync /etc/sks/mailsync_bak
echo '# Empty - Do not communicate with other keyservers.' >/etc/sks/mailsync
mv /etc/sks/membership /etc/sks/membership_bak
echo '# Empty - Do not communicate with other keyservers.' >/etc/sks/membership

Service beim Hochfahren automatisch starten - dazu /etc/default/sks editieren 

vi /etc/default/sks

und folgende Zeile anpassen: 

initstart=yes

Konfigurationsfile anpassen: 

vi /etc/sks/sksconf

# /etc/sks/sksconf
#
# The configuration file for your SKS server.
# You can find more options in sks(8) manpage.

# Set server hostname
#hostname: this.server.fdqn

# Set recon binding address
#recon_address: 0.0.0.0

# Set recon port number
#recon_port: 11370

# Set hkp binding address
#hkp_address: 0.0.0.0

# Set hkp port number
#hkp_port: 11371

# Have the HKP interface listen on port 80, as well as the hkp_port
# use_port_80:

# From address used in synchronization emails used to communicate with PKS
#from_addr: "PGP Key Server Administrator <pgp-public-keys@this.server.fdqn>"

# Command used for sending mail (you can use -f option to specify the
# envelope sender address, if your MTA trusts the sks user)
#sendmail_cmd: /usr/lib/sendmail -t -oi

# Runs database statistics calculation on boot (time and cpu expensive)
#initial_stat:

# bdb's db_tune program suggests a pagesize of 65536 for [K]DB/key. In practice
# this caused page deadlocks. I found 8K (16) and 16K (32) to be better values
pagesize:          16
#
# The tuner recommended 4096 (8) for the pagesize for PTree/ptree. I have had
# very good results with 8196
ptree_pagesize:    16

Nach Abschluss aller Konfigurationen den SKS-Dämon wieder starten: 

service sks start

Danach kann wieder zum normalen Benutzer zurück gewechselt werden: 

exit

Konfiguration

Anpassen des Webinterfaces

sudo vi /var/lib/sks/www/index.html

Apache

HKP

cd /etc/apache2/sites-available
sudo vi gpg.conf

<VirtualHost *:80>
    ServerName gpg.kirner.or.at

    ProxyPreserveHost On
    ProxyRequests Off
    ProxyVia Off

    ProxyPass / http://127.0.0.1:11371/
    ProxyPassReverse / http://127.0.0.1:11371/

    ErrorLog ${APACHE_LOG_DIR}/gpg.kirner.or.at-error.log
    CustomLog ${APACHE_LOG_DIR}/gpg.kirner.or.at-access.log combined
</VirtualHost>

sudo a2ensite gpg.conf
sudo service apache2 reload

HKPS

Bezüglich SSL-Zertifikat siehe folgenden Link: SSL_Zertifikat 

cd /etc/apache2/sites-available
sudo vi gpg-ssl.conf

<VirtualHost *:443>
    ServerName gpg.kirner.or.at

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/gpg.crt
    SSLCertificateKeyFile /etc/ssl/private/apache.key

    ProxyPreserveHost On
    ProxyRequests Off
    ProxyVia Off

    ProxyPass / http://127.0.0.1:11371/
    ProxyPassReverse / http://127.0.0.1:11371/

    ErrorLog ${APACHE_LOG_DIR}/gpg.kirner.or.at-error.log
    CustomLog ${APACHE_LOG_DIR}/gpg.kirner.or.at-access.log combined
</VirtualHost>

sudo a2ensite gpg-ssl.conf
sudo service apache2 reload

Ports

Bezeichnung Port Protokoll
HKP 80
HKP 11371 TCP
HKPS 443

Testen

Schlüssel erstellen siehe GnuPG

direkt über den Port

http://<server>:11371/

Schlüssel senden

gpg --send-key --keyserver gpg.kirner.or.at 1234ABCD

Schlüssel empfangen

gpg --recv-key --keyserver gpg.kirner.or.at 1234ABCD

Links

https://njh.eu/keyserver

http://www.bauer-power.net/2010/05/how-to-setup-free-pgp-key-server-in.html#.WGEXB58xlyU

http://keyserver.mattrude.com/guides/building-server/

https://roll.urown.net/server/pgp-keyserver.html

https://dokuwiki.nausch.org/doku.php/centos:web_c7:sks

https://support.mailbox.org/knowledge-base/article/der-mailbox-org-hkps-keyserver


Zurück zu Ubuntu

Abgerufen von „https://tutorials.kirner.or.at/tutorials/index.php?title=SKS_Keyserver_(Linux)&oldid=3065