PGP Keyserver — Cache
PGP Keyserver — Cache
To install the SKS server under Debian 10, please use the following command. apt-get install sks.
Join the DZone community and get the full member experience.Join For Free
Some installations on Linux like Docker, require a keyserver to verify the binaries. This behavior is advantageous on the one hand, but on the other hand, it is a hindrance when you are on a network without internet access. The easiest way to carry out this process is to use an internal PGP key server as a cache.
Why do you need a PGP/ GPG Key-server cache? If you want to have some more background pieces of information about this, check out my youtube (4k, forest) video called "Why do you need a PGP KeyServer Cache for DevSecOps"
The deployment does not require many resources. A complete dump from the GPG key server database is just 13GB. (Status 2020-07-31). There is a list of URLs that offer dumps. Most of them are updated at least once a week. https://bitbucket.org/skskeyserver/sks-keyserver/wiki/KeydumpSources.
This installation described here is only suitable as an internal cache and should not be made available externally. There is now a new project called Hagrid. At this point, I don't want to go into the shortcomings of classic KeyServers. For further information, it is best to consult the reports on the Internet. To install the SKS server under Debian 10, please use the following command. apt-get install sks Here you should already use the Artifactory Debian repository you set up previously.
SKS Initial Facility
Commissioning requires a one-time initialization process. It is intended to start with the most up-to-date DUMP of the keyserver database. Otherwise, you only have an empty database with which you can start very little. To copy the dump to the server, you can install an OpenSSH server. Simply run apt-get install OpenSSH-server. If you want to work briefly as the user root, you have to set the parameter PermitRootLogin to the value yes in the file /etc/ssh/sshd_config/ and restart the service.
The complete keyserver dump must be copied to the directory /var/lib/sks/dump on the server. With the commands listed below, the service is initially prepared and the dump imported.
Start and Test the Installation
As soon as the initial import is complete, the service can be started and finally tested.
systemctl start sks
systemctl status sks
If you want to use port 80 in addition to the official port, you have to adjust the configuration file named sksconf. The file is located under /etc/sks/ and the parameter to be changed is called use_port_80. Please do not forget to restart the service after the configuration file has been changed.
Published at DZone with permission of Sven Ruppert . See the original article here.
Opinions expressed by DZone contributors are their own.