free
/
freedombone
보기 1
좋아요 0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 Activity
7131 커밋
5 브랜치
트리: 20cb78e653
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from '20cb78e653'
${ noResults }
freedombone/doc/EN/app_keyserver.org

app_keyserver.org 2.7KB
히스토리 Raw

images/logo.png 

<p>
<center>
</p>
<p>
<h1>OpenPGP Key Server</h1>
</p>
<p>
</center>
</p>

images/keyserver.jpg

The web of trust is a nice idea, but how trustable is it? If you take a look at how many OpenPGP key servers are out there then there are a two or three main ones and not much else. Can you trust those servers? Who is maintaining them and how often? Is any censorship going on? How hard would they be for adversaries to implant? In terms of technology this infrastructure is quite old and it could have been neglected for a long time. Once vigilant maintainers might have turned lazy and gotten lax with server security, or been recruited over to the dark side.

For these kinds of reasons you might prefer to run your own web of trust infrastructure. In simple terms it's a database of GPG public keys which provides a way for users to find out how to communicate with others securely via email. You can meet in person and exchange public keys via sneakernet on USB drives, but most users of GPG don't do that. Instead they just download the public key for a given email address from one of the key servers.

Installation

ssh into the system with:


ssh myusername@mydomain.com -p 2222

Select Add/Remove Apps then keyserver. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under Dynamic DNS on the FreeDNS site (the random string from "/quick cron example/" which appears after update.php? and before >>). For more details on obtaining a domain and making it accessible via dynamic DNS see the FAQ. Typically the domain name you use will be a subdomain, such as keys.mydomainname.net. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.

After the install has completed go to Security settings and select Create a new Let's Encrypt certificate and enter the domain name that you are using for the Key server. If the certificate is obtained successfully then you will see a congratulations message.

How to use it

Interaction with the web user interface is pretty minimal and obvious, but most likely you will also want to be able to use your keyserver from the commandline. To do that use the --keyserver option:

gpg --keyserver [your keyserver domain] --search-keys [email address]