Fwd: [Sks-devel] [Announcement] SKS 1.1.4 Released

John Clizbe JPClizbe at gingerbear.net
Mon Oct 8 00:08:49 CEST 2012

Kristain left these groups off the initial email


-------- Original Message --------
Subject: [Sks-devel] [Announcement] SKS 1.1.4 Released
Date: Sun, 07 Oct 2012 22:24:27 +0200
From: Kristian Fiskerstrand <kristian.fiskerstrand at sumptuouscapital.com>
To: sks-devel <sks-devel at nongnu.org>


We are pleased to announce the availability of a new stable SKS
release:  Version 1.1.4.

SKS is an OpenPGP keyserver whose goal is to provide easy to deploy,
decentralized, and highly reliable synchronization. That means that a
key submitted to one SKS server will quickly be distributed to all key
servers, and even wildly out-of-date servers, or servers that experience
spotty connectivity, can fully synchronize with rest of the system.

What's New in 1.1.4
  - Fix X-HKP-Results-Count so that limit=0 returns no results, but
    include the header, to let a client poll for how many results
    exist, without retrieving any. Submitted by Phil Pennock. See:
  - Add UPGRADING document to explain upgrading Berkeley DB without
    rebuilding. System bdb versions often change with new SKS releases
    for .deb and .rpm distros.
  - Cleanup build errors for bdb/bdb_stubs.c. Patch from Mike Doty
  - Update cryptokit from version 1.0 to 1.5 without requiring OASIS
    build system or other additional dependencies
  - build, fastbuild, & pbuild fixed to ignore signals USR1 and USR2
  - common.ml and reconSC.ml were using different values for minumimum
    compatible version. This has been fixed.
  - Added new server mime-types, and trying another default document
    (Issue 6)
    In addition to the new MIME types added in 1.1.[23], the server now
    looks over a list and and serves the first index file that it finds
    Current list: index.html, index.htm, index.xhtml, index.xhtm,
  - options=mr now works on get as well as (v)index operations. This is
    described in http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
    sections and 5.1.
  - Updated copyright notices in source files
  - Added sksclient tool, similar to old pksclient
  - Add no-cache instructions to HTTP response (in order for reverse
    proxies not to cache the output from SKS)
  - Use unique timestamps for keydb to reduce occurrances of Ptree
  - Added Interface specifications (.mli files) for modules that were
    missing them
  - Yaron pruned some no longer needed source files from the tree.
  - Improved the HTTP status and HTTP error codes returned for various
    situations and added checks for more error conditions.
  - Add a suffix to version (+) indicating non-release or development
  - Add an option to specify the contact details of the server
    that shows in the status page of the server. The information is in
    the form of an OpenPGP KeyID and set by server_contact: in sksconf
  - Add a `sks version` command to provide information on the setup.
  - Added configuration settings for the remaining database table
    files. If no pagesize settings are in sksconf, SKS will use 2048
    bytes for key and 512 for ptree. The remainining files' pagesize
    will be set by BDB based on the filesystem settings, typically this
    is 4096 bytes. See sampleConfig/sksconf.typical for settings
    recommended by db_tuner.
  - Makefile: Added distclean target. Dropped autogenerated file from
  - Allow tuning BDB environment before creation in [fast]build and
    pbuild. If DB_CONFIG exists in basedir, copy it to DB dir before DB
    creation. Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree
    over DB_CONFIG.
  - Add support for Elliptic Curve Public keys (ECDSA, ECDH)
  - Add check if an upload is a revocation certificate, and if it is,
    produce an error message tailored for this.

Note when upgrading from earlier versions of SKS
The default values for pagesize settings have changed. To continue
using an existing DB without rebuilding, explicit settings have to be
added to the sksconf file.
pagesize:       4
ptree_pagesize: 1

Getting the Software
SKS can be downloaded from

There are a few prerequisites to building this code.  You need:
* ocaml-3.10.2 or later.  Get it from <http://www.ocaml.org>
  ocaml-3.12.x is recommended, ocaml-4.x is not recommended at this time
* Berkeley DB version 4.6.* or later, whereby 4.8 or later is
  You can find the appropriate versions at


Verifying the integrity of the download
Releases of SKS are signed using the SKS Keyserver Signing Key
available on public keyservers with the KeyID


and has a fingerprint of

    C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A.

Using GnuPG, verification can be accomplished by, first, retrieving
the signing key using

    gpg --keyserver pool.sks-keyservers.net --recv-key 0x41259773973A612A

followed by verifying that you have the correct key

    gpg --keyid-format long --fingerprint 0x41259773973A612A

should produce:

    pub   4096R/41259773973A612A 2012-06-27
    Key fingerprint = C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A

A check should also be made that the key is signed by
trustworthy other keys;

    gpg --list-sigs 0x41259773973A612A

and the fingerprint should be verified through other trustworthy sources.

Once you are certain that you have the correct key downloaded, you can
a local signature, in order to remember that you have verified the key.

     gpg --lsign-key 0x41259773973A612A

Finally; verifying the downloaded file can be done using

    gpg --keyid-format long --verify sks-x.y.z.tgz.asc

The resulting output should be similar to

    gpg: Signature made Wed Jun 27 12:52:39 2012 CEST
    gpg:                using RSA key 41259773973A612A
    gpg: Good signature from "SKS Keyserver Signing Key"

Checksums for sks-1.1.4.tgz


We have to thank all the people who helped with this release, by
discussions on the mailing list, submitting patches, or opening issues
for items that needed our attention.

Happy Hacking,

  The SKS Team (Yaron, John, Kristian, Phil, and the other contributors)

Sks-devel mailing list
Sks-devel at nongnu.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20121007/8fd49679/attachment-0001.pgp>

More information about the Gnupg-devel mailing list