DNS-based OpenPGP Keyserver for CryptNET

by simon@josefsson.org


What is this?

This is a DNS server front-end to the CryptNET OpenPGP keyserver, used by GnuPG clients.

If you do not know what CryptNET Keyserver, DNS-based key servers, or GnuPG is, I suggest using the following resources.

News

Download and Installation

You can grab the tarball [PGP], which includes the script and this HTML page.

It is a Perl script, and it needs at least two perl packages:

If you run Debian, simply do something like:

# apt-get install libnet-dns-perl libdbd-pgsql libdbi-perl libdbd-pg-perl

Usage

Make sure the CryptNET Postgres database is running, and invoke it simply as:

# ./cks-dns

It needs root for binding to port 53. Dropping its privileges is a todo. Some command line parameters:

--port 4711
Specify port to listen on.
--listen 3.4.5.6
Specify interface address to listen on.
--verbose
Print debugging info.
--db openpgp_keys
Chose database name to use, default is "pgp_keys".
--user www-data
Chose database user, default is "httpd".

That's it. If it isn't, it is a bug, please let me know.

Testing it

You can debug the server using any DNS debugging tools, such as "dig". For example:
jas@latte:~/src/cks-dns$ dig 3F9061AB.dnskeys.josefsson.org cert
;; Truncated, retrying in TCP mode.
 
; <<>> DiG 9.2.4rc2 <<>> 3F9061AB.dnskeys.josefsson.org cert
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15829
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
 
;; QUESTION SECTION:
;3F9061AB.dnskeys.josefsson.org.        IN      CERT
 
;; ANSWER SECTION:
3F9061AB.dnskeys.josefsson.org. 2786 IN CERT    PGP 0 0 mQENAzXcqfYAAAEIAKNQSEcCND0rl/LZHpYF0cdRmGhXii7lsmGWnvc7 OK/ARsZOX4A32R4Byblc4tfHd+i6gYcilR3OEFGU4jkJK1ShnRJFmm3B cywKPx4xJ86kYCDEE3hatbhMaDbrK3MZCVtoh4cZDPTdK4gJgzaFd8AB pS24F9jzz/y0plUr5RUZQIPOi96q1w3GMHjoQMahOAZ/0JgUI08c6BkF USNs4mCnfzMAeC1db6a8F1iC7exFpQZogH3ubZfJoHvz6adxtB8CTqus glS90MPW3+Gx52mLtPmvY7e1DXTJGXG3g40gLPFdeSNifYTyJXwwylsj UYqF9uZEPFpEbr7kJj+QYasABRG0J01pY2hhZWwgU3RlaW5lciA8bTEu c3RlaW5lckB2b24udWxtLmRlPokBFQMFEDXcqfZuvuQmP5BhqwEBqHwH /3jIc+BQaeokSkJo7rWRFYNTo5hyb33rIa+ffvy+5WPCwVqR3W7tWBmj kTbH+cLovfaj6tx4OgWhAHy4gvg9QId1qqLM3l5YRl8kloDkTVcu+jO5 OaWwS8ot4+mEy9kjuUn+Hyu9/HBC0jLd56hBGKbbfKDmT7pXrNFa0AFf y9mpN/aUSqsBXhI37OQvOwNTJE2MlAjiIdK2vfjyXmLnAdelnac9xpUf P36VfkboSnPgOxIBgibuNgdcN2Tk4jimXzPRLjynwz+bsHv2Zs4ZTQzG HyrQKOVMPfQeuI5UE6PlgMbgDOBTKueG5vL4fqF9SfWo6/jzTmWsilo0 zPT/FquIRgQQEQIABgUCNdyqHQAKCRBtIB6DD3RY6laEAKCpEL+peLOt uA11NnQr3OFnz9+/dwCgnhPNEVirVIH6nzQPMAny/CY9P8u0Kk1pY2hh ZWwgU3RlaW5lciA8c3RlaW5lckBpbmZvLXByb2R1Y3RzLmRlPokBFQMF EDXcruduvuQmP5BhqwEBDk4IAJPMfYIPiPBjWRnfT583BqGiLm/oJTok oZ+KXlx2qsR9KpDgD+Fpl0c+DMgxdPd5rOGQXf2B2W3AfoMLf5SYuTW4 PW0wFL87dealpol0ysx46VdnssgDJTP+K3lZXrVGxzJjN6YOH9hY7ajM I/oJcHHZ4DHm6aJ/lfUtac6P/DNP0ofgYugp5qoPoMlquzibSL+m4rK5 oBJuxYVLSg/+tsvk7iBPVbHRIxdJ8SrTcY1+ZlSnsA7PL8wPo9SVsYlg CrWq+AU9p03GFWsk3i1XGrOYSdiFrajehXInU/dz9k77iGMztqvDfJlG mzY4JCbAJLNgfvPEzd+hChwsAw2EtP6IRgQQEQIABgUCNdyvSwAKCRBt IB6DD3RY6vvEAJ0TR/OxxXJUPq/02mUzpWH2emKrGwCg2GIxhwDQJ86O EDkbm0+NUOvo6Qu0LU1pY2hhZWwgU3RlaW5lciA8TWljaGFlbF9TdGVp bmVyQHQtb25saW5lLmRlPokBFQMFEDXcrwJuvuQmP5BhqwEBUQMH/1Yr qt4l8ljx5DJf15ZjpnHRJH15ExWLWFeRi63O0sY/zi2DA7D0Xxq4i8MA 35NdAlxIOq9Sv36qJtsk0nIjhyWA7WgwA8F+GboGkWHti4j5ky40AiGh kSdNbCGbeLB7FLnzOGNupqGLRQnA2X2eNhLr4fJ1R9ADBNkRCyr1b7NK zB118QEHef0ZGaprMIebF6XJe7KmzSfvIYWvLP6M8GwYnS3GLTD2lRIS oYXVEsQvaettTIM6gAjALkFAdkAEGb0RTVNfFFKHaoWV21141S58gLRT mGlb1dN6TkBytec81fRo7jEwOVDd2gE7rt3sqcOYdLALoEQHdYaHeiUo zQOIRgQQEQIABgUCNdyvVAAKCRBtIB6DD3RY6j42AJ96SQ340nQrC+lu T/gvVt+zntmahQCeP2u0op6QDnsFdImjQ4UKdADa+9S0ME1pY2hhZWwg U3RlaW5lciA8TWljaGFlbF9TdGVpbmVyQGNvbXB1c2VydmUuY29tPokB FQMFEDXcryJuvuQmP5BhqwEBz4AH/3desEuulJDBl/QJAljMSfYlDR6x pa6xgs9CekQRfaR2QpPgaDv+x814EgpUb9uU3NF3eaJURPcBR+iH8Dyq hM+A9ac1leDCwi+HQubd6PNqf6P6X0zN8bz+f4J7OnCIsvPSVRKEkRLN KqLf7vnVvuzH5W0T5FdxwQYgDGQ7WJo9XhmvXHk3IM/uqAbwV5sszZs2 7MrR8atqJGScpNRrqufBOZdctibbdaODrZ28CyvB2FmQiyxJws+5hCbk xkD8RfDryTRWHOErGEdm+SIpWMm+0q9ZNqcz/wkpwvO12p+KGRAscFCe jv19Oa6s2QVbidG5YcE1aj+0/t6m9ltmnE2IRgQQEQIABgUCNdyvXAAK CRBtIB6DD3RY6lcfAKCa+UALdteSFrb9Bw/gWTsY3NLTqwCg4PXMAvUu /wczQ6ETkP1+BmzA6oo=
 
;; AUTHORITY SECTION:
dnskeys.josefsson.org.  2394    IN      NS      dnskeys-ns.josefsson.org.
 
;; Query time: 23 msec
;; SERVER: 212.181.54.2#53(212.181.54.2)
;; WHEN: Sat Jun 12 02:31:50 2004
;; MSG SIZE  rcvd: 1952
 
jas@latte:~/src/cks-dns$

Contact information

You can contact the author at simon@josefsson.org. Unless the list managers objects, I'd prefer discussion to occur on the gnupg-devel mailinglist or the cks-devl mailinglist

Features

The client software used against this server is gpgkeys_jkp.

TTY Screenshots

$Id: index.html,v 1.11 2004/06/12 17:05:18 jas Exp $
Net::DNS 0.46
port=53 database=pgp_keys user=root
creating TCP socket...done.
creating UDP socket...done.
waiting for connections...UDP connection from 212.181.54.2:49156
query 11084: (DFAC4BA1.dnskeys.josefsson.org, IN, CERT)...Sat Jun 12 02:17:53 2004
keyid DFAC4BA1
NXDOMAIN
writing response...done
waiting for connections...UDP connection from 212.181.54.2:49156
query 51298: (3F9061AB.dnskeys.josefsson.org, IN, CERT)...Sat Jun 12 02:18:17 2004
keyid 3F9061AB
fingerprint 37679D0DD7BB393E94A95D1E3EFF7F01
ecsum vMz8
oid 10483959
rr 3F9061AB.dnskeys.josefsson.org 3600 IN CERT PGP 0 0 mQENAzXcqfYAAAEIAKNQ...
NOERROR
writing response...done
waiting for connections...
^C

PGP Keyserver?

Chosing CryptNet as the underlying PGP key server wasn't a trivial chose. I'm sure the alternatives are all Fine And Dandy software. Here are my motivation for not chosing any of the other possible candidates.

SKS
I don't like Berkely DB, I don't like OCAML, but the main motivation was the lack of documentation.
OpenKeyServer
Non-free license.
PKS
Obnoxious old-style BSD license.
In all fairness, there is not much documentation for CryptNet either, but it does have a doc/ sub-directory as a show of good faith. And it uses PostgreSQL as the underlaying data storage, which I believe is preferrable over Berkely DB.


$Id: index.html,v 1.11 2004/06/12 17:05:18 jas Exp $