=====OpenPGP Keyserver Installation and GnuPG Operations (Generate,Send,Search,Import Keys) - ghimire===== ===Part 1: sks keyserver installation=== Install sks from repository # apt-get -y install sks Build and Initialize DB # sks build Modify /etc/sks/sksconf ==File: /etc/sks/sksconf== --------------------------- # Replace IP with binding IP hostname: example.org hkp_address: 192.168.0.100 hkp_port: 11371 Default installation lacks html pages. Download it from 1) http://www.rainydayz.org/sites/default/files/download/sks/sks_www.tar.bz2 or 2) Or modified version at http://wiki.bin/downloads/sks_www.tar.bz2 and save it to /var/lib/sks/www/ Aassign appropriate permissions and change the post url. # mkdir /var/lib/sks/www # cd /var/lib/sks/www # wget http://www.rainydayz.org/sites/default/files/download/sks/sks_www.tar.bz2 # tar xjvf sks_www.tar.bz2 Modify index.html and replace all instances of "your.site.name" with your site name or IP address. # chown debian-sks:debian-sks * Launch sks in the background # sks db & ++Adding Recon++ With recon, it is possible to distribute keys among keyservers. To enable recon, modify /etc/sks/sksconf and uncomment recon options. ==File: /etc/sks/sksconf== ---------------------------- # Replace IP with binding IP recon_address: 192.168.0.100 recon_port: 11370 ==File: /etc/sks/membership== ----------------------------------------- # Add remote sks recon IP with recon port 172.16.0.20 11370 Ask sks admin of 172.16.0.20 to add your recon IP and port above (192.168.0.100) in remote membership file Start Recon with, # sks recon & +References+ [1] http://code.google.com/p/sks-keyserver/wiki/Documentation [2] http://www.rainydayz.org/node/10 [3] http://www.keysigning.org/sks/ [4] http://blog.reindel.com/2007/08/13/howto-spruce-up-your-search-box-with-css-and-a-background-image/ If you wish to add your keyserver as recon to darknet's keyservers, ask ops in #lobby. ===Part 2: GnuPG Operations=== ++Key Generation++ Generate your key if you don't have one already $ gpg --gen-key Your selection? 1 What keysize do you want? (2048) [Press Enter] Key is valid for? (0) [Press Enter] Is this correct? (y/N) y Real name: John Doe Email address: john.doe@example.org Comment: [Press Enter] Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O Enter passphrase: SomethingSecret Repeat passphrase: SomethingSecret If you get stuck at this message, " Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 284 more bytes)" open another terminal as superuser, # apt-get install rng-tools # rangd -r /dev/urandom and the key generation will be completed. ++Sending Keys to Keyserver++ To send your Key to the keyserver, list out your keys first $ gpg --list-keys and look for the ID which is the value after 1024/ which looks like 5E21B437 You can also use regular expression to grab key ID with: $ gpg --list-keys | grep 1024D | sed 's/.*1024D\/\(.*\)\ .*$/\1/' or with awk, $ gpg --list-keys | grep 1024D | awk -F/ '{print $2}' | awk '{print $1}' We will choose above installed sks as our keyserver and send our key using key ID $ gpg --keyserver hkp://192.168.0.100 --send-keys 5E21B437 ++Searching and Importing Key from Keyserver++ To search key with key ID or name, $ gpg --keyserver hkp://192.168.0.100 --search-keys name or, $ gpg --keyserver hkp://192.168.0.100 --search-keys keyid If search matches, output will look like this: (1) John Doe 1024 bit DSA key 5E21B437, created: 1990-01-01 Keys 1-1 of 1 for "john". Enter number(s), N)ext, or Q)uit > Q Keys can be received with search and selecting the number or using: $ gpg --keyserver hkp://keyserver --recv-keys Key_ID Trusted keys can be signed with, $ gpg --sign-key Key_ID For more information on GNU Privacy Guard visit http://www.gnupg.org/gph/en/manual.html