1
0
Fork 0
mirror of https://gitlab.com/hagrid-keyserver/hagrid.git synced 2023-02-13 20:55:02 -05:00
hagrid-keyserver--hagrid/README.md

115 lines
3.7 KiB
Markdown
Raw Normal View History

2018-11-22 10:40:59 -05:00
Hagrid
======
2018-08-16 14:35:19 -04:00
2018-11-22 10:40:59 -05:00
Hagrid is a verifying OpenPGP key server. When a new key is uploaded a
2018-09-19 16:27:25 -04:00
token is sent to each user ID via email. This token can be used to verify the
user ID. Keys can be queried by their verified user IDs (exact match) and their
primary keys fingerprint. Keys can be deleted by clicking a link send to all
2018-09-19 16:27:25 -04:00
user IDs.
Quick Start
-----------
2018-11-22 10:40:59 -05:00
Building Hagrid required a working [Rust _nightly_
toolchain](https://rust-lang.org). The key server uses the filesystem to store
keys, user IDs and tokens. To run it, supply the absolute path to where you
want the database to live and the absolute path to the template directory.
2018-09-19 16:27:25 -04:00
```bash
cargo run -- `pwd`/dist
2018-09-19 16:27:25 -04:00
```
This will spawn a web server listening on port 8080.
Hagrid uses `sendmail` for mailing, so you also need a working local mailer
setup. The FROM field of the mails can be configured with the `-F` switch.
2018-09-19 16:27:25 -04:00
Usage
-----
Hagrid implements basic HKP (`op=get` and `op=index`) so tools like GnuPG and
OpenKeychain can use it directly. The differences to SKS are
2018-09-19 16:27:25 -04:00
- no support for `op=vindex`,
- `mp=1` is always assumed,
- only exact matches for user IDs are returned,
- `op=index` returns either one or no keys and
2019-02-12 08:09:06 -05:00
- all packets that aren't public keys, user IDs or signatures are filtered out.
2018-09-19 16:27:25 -04:00
Uploading a key via the HKP interface will trigger verification emails to be
send.
2018-09-19 16:27:25 -04:00
Hagrid has it's own URL scheme to fetch keys, verify user IDs and delete keys.
It's meant to be machine readable, but it's not a REST API. The following URLs
are handled.
2018-09-19 16:27:25 -04:00
- `GET /by-fingerprint/<fingerprint>` retrieves the key with the given
fingerprint.
- `GET /by-keyid/<key ID>` retrieves the key with the given long key ID.
2019-02-12 08:09:06 -05:00
- `GET /by-email/<URL-encoded user ID>` retrieves the key with the given user
ID. Only exact matches are accepted.
- `GET /vks/verify/<token>` verifies a user ID using a token string send by
email.
- `GET /vks/delete/<fingerprint>` requests deletion of the key with the given
fingerprint.
- `GET /vks/confirm/<token>` confirms a keys deletion request using a token
string send by email.
2018-09-19 16:27:25 -04:00
Keys can also be fetched by their subkeys fingerprint and key ID. A key won't
show up until at least one user ID is verified.
Building
--------
2019-02-21 16:44:58 -05:00
Building Hagrid requires a working nightly Rust toolchain. The
easiest way to get the toolchain is to download [rustup](https://rustup.rs).
After rustup is installed, get the nightly compiler and tools:
```bash
2019-02-12 08:09:06 -05:00
cd hagrid
rustup override set nightly
```
The web server can now be built with the cargo command:
```bash
cargo build --release
```
After compilation a binary is placed in `target/release/` called
2018-11-22 10:40:59 -05:00
`hagrid`. The binary is linked statically and can be copied everywhere.
```bash
2018-11-22 10:40:59 -05:00
cp target/release/hagrid /usr/local/bin
```
2019-02-21 16:44:58 -05:00
To deploy the key server copy all
directories under `public/` to a writable location. Then start the server with
the _absolute_ path to the directory as argument:
```bash
2019-02-12 08:09:06 -05:00
mkdir /var/lib/hagrid
cp -R dist/* /var/lib/hagrid
hagrid /var/lib/hagrid
```
This will spawn the server in foreground, listening on `0.0.0.0:8080`. The
`--listen` argument can be used to change port and listen address. The server
2019-02-12 08:09:06 -05:00
will put all keys and runtime data under the base folder (`/var/lib/hagrid`
in the above example).
2018-11-22 10:40:59 -05:00
Reverse Proxy
-------------
Hagrid is designed to defer lookups to reverse proxy server like Nginx and
Apache. The key database is a set of 3 directories with static files in them.
The directory structure reflects Hagrids URL scheme. This way, lookups via
`by-fpr`, `by-email` and `by-kid` can be handled by (multiple) simple HTTP
server(s). A sample configuration for Nginx is part of the repository
(`nginx.conf`).
2018-11-22 10:40:59 -05:00
Community
---------
We're in `##hagrid` on Freenode.