Need recommendation on keyserver code

David Shaw dshaw at jabberwocky.com
Wed May 7 18:26:06 CEST 2008


On Wed, May 07, 2008 at 09:03:08AM -0700, Alan Olsen wrote:
> John P. Clizbe wrote:
> 
> >Alan Olsen wrote:
> >> I need to build a private keyserver for interanl use.
> ><snip>
> >> I have not seen anything else that handles subkeys.
> >> 
> >> Any recommendations?
> 
> >Sorry I missed this earlier.
> 
> > It looks like you are running PGP Universal. I thought PGP Universal bundled a 
> > LDAP keyserver into its software package. Why not just run that one?
> 
> Couple reasons:
> 
> 1) I need to run this on Solaris.

Any of the above-mentioned keyservers should run just fine on Solaris,
including the LDAP one (which is really just configuration and a
schema file on top of a standard LDAP server).

> 2) The licenses for PGP are handled by another department.
> 
> 3) My budget is $0.00.
> 
> 4) I plan on running this at home as well on my home internal network which runs Linux
> 
> 5) Eventually I want to package at least one keyserver for Fedora.

This would be a good thing.  I'm sure such a package would be
welcomed.

The main questions you need to ask when setting up a keyserver are:

1) Are you going to be syncing with the public keyserver net?
2) Does your environment already have an LDAP infrastructure?
3) Are you using PGP Universal anywhere in your environment?

Unless syncing with the public keyserver net is vitally important to
you, I highly recommend the LDAP solution.  It works nicely with GPG,
and enables some extra automatic keyfinding magic in PGP Universal.
(GPG can do the keyfinding trick with any keyserver type, but I
believe PGP Universal only does it with LDAP).

David



More information about the Gnupg-users mailing list