How to run a key server
dshaw at jabberwocky.com
Thu Sep 8 00:06:17 CEST 2005
On Wed, Sep 07, 2005 at 05:29:18PM -0400, Berend Tober wrote:
> This may be a very silly question, but I want to know what is involved
> with running a key server?
> A manager has asked about whether we can somehow use "electronic
> signatures" on internal documents to reduce paper and printer costs as
> well as the problem of occasionally losing a printed piece of
> documentation that needs to get approved or signed by more than one
> person. Seems to me like gnupg is made for this kind of situation. Since
> this will be an internal infrastructure, I"m not concerned with
> providing a PKI to the *public*, but just to company employees. I'm
> thinking that there must be a server software package that handle this
> available somewhere, but my googling turns up mostly info on using gpg
> individually, more or less. There is a sourceforge project that seems to
> be the right tool, but it was listed as inactive.
There are three good ways to do this:
First is SKS <http://www.nongnu.org/sks/> While SKS is most commonly
used for public keyservers, there is no reason why you can't run it
without synchronizing with other servers.
The second is regular old LDAP. GnuPG can use keys stored on a LDAP
server. This is often a good choice for internal infrastructure as
many companies already have a LDAP server in use.
The third is regular old HTTP. GnuPG can also fetch keys from a web
server. This is not as easy as the other two options as you can't say
"find me the key with email address abcd at example.com" or the like, but
for some usages this ability is not necessary.
More information about the Gnupg-users