1GPG-WKS-SERVER(1)            GNU Privacy Guard 2.2           GPG-WKS-SERVER(1)
2
3
4

NAME

6       gpg-wks-server - Server providing the Web Key Service
7

SYNOPSIS

9       gpg-wks-server [options] --receive
10       gpg-wks-server [options] --cron
11       gpg-wks-server [options] --list-domains
12       gpg-wks-server [options] --check-key user-id
13       gpg-wks-server [options] --install-key file user-id
14       gpg-wks-server [options] --remove-key user-id
15       gpg-wks-server [options] --revoke-key user-id
16
17

DESCRIPTION

19       The  gpg-wks-server is a server site implementation of the Web Key Ser‐
20       vice.  It receives requests for  publication,  sends  confirmation  re‐
21       quests,  receives  confirmations,  and  published the key.  It also has
22       features to ease the setup and maintenance of a Web Key Directory.
23
24       When used with the command --receive a single Web Key Service  mail  is
25       processed.  Commonly this command is used with the option --send to di‐
26       rectly send the crerated mails back.  See below for an installation ex‐
27       ample.
28
29       The command --cron is used for regualr cleanup tasks.  For example non-
30       confirmed requested should be removed after their expire time.   It  is
31       best to run this command once a day from a cronjob.
32
33       The  command  --list-domains prints all configured domains.  Further it
34       creates missing directories for the configuration and  prints  warnings
35       pertaining to problems in the configuration.
36
37       The command --check-key (or just --check) checks whether a key with the
38       given user-id is installed.  The process returns success in this  case;
39       to  also  print  a diagnostic use the option -v.  If the key is not in‐
40       stalled a diagnostic is printed and the  process  returns  failure;  to
41       suppress  the  diagnostic, use option -q.  More than one user-id can be
42       given; see also option with-file.
43
44       The command --install-key manually installs a key into  the  WKD.   The
45       arguments  are a file with the keyblock and the user-id to install.  If
46       the first argument resembles a fingerprint the key is  taken  from  the
47       current  keyring; to force the use of a file, prefix the first argument
48       with "./".  If no arguments are given  the  parameters  are  read  from
49       stdin; the expected format are lines with the fingerprint and the mail‐
50       box separated by a space.
51
52       The command --remove-key uninstalls a key from the  WKD.   The  process
53       returns  success  in  this case; to also print a diagnostic, use option
54       -v.  If the key is not  installed  a  diagnostic  is  printed  and  the
55       process returns failure; to suppress the diagnostic, use option -q.
56
57       The command --revoke-key is not yet functional.
58
59
60

OPTIONS

62       gpg-wks-server understands these options:
63
64
65
66       -C dir
67       --directory dir
68              Use  dir  as  top  level  directory for domains.  The default is
69/var/lib/gnupg/wks’.
70
71
72       --from mailaddr
73              Use mailaddr as the default sender address.
74
75
76       --header name=value
77              Add the mail header "name: value" to all outgoing mails.
78
79
80       --send Directly send created mails using  the  sendmail  command.   Re‐
81              quires installation of that command.
82
83
84       -o file
85       --output file
86              Write  the  created mail also to file. Note that the value - for
87              file would write it to stdout.
88
89
90       --with-dir
91              When used with the command --list-domains  print  for  each  in‐
92              stalled domain the domain name and its directory name.
93
94
95       --with-file
96              When  used  with the command --check-key print for each user-id,
97              the address, 'i' for installed key or 'n' for not installed key,
98              and the filename.
99
100
101       --verbose
102              Enable extra informational output.
103
104
105       --quiet
106              Disable almost all informational output.
107
108
109       --version
110              Print version of the program and exit.
111
112
113       --help Display a brief help page and exit.
114
115

EXAMPLES

117       The  Web Key Service requires a working directory to store keys pending
118       for publication.  As root create a working directory:
119
120           # mkdir /var/lib/gnupg/wks
121           # chown webkey:webkey /var/lib/gnupg/wks
122           # chmod 2750 /var/lib/gnupg/wks
123
124       Then under your webkey account create directories for all your domains.
125       Here we do it for "example.net":
126
127           $ mkdir /var/lib/gnupg/wks/example.net
128
129       Finally run
130
131           $ gpg-wks-server --list-domains
132
133       to  create  the  required sub-directories with the permissions set cor‐
134       rectly.  For each domain a submission address needs to  be  configured.
135       All service mails are directed to that address.  It can be the same ad‐
136       dress for all configured domains, for example:
137
138           $ cd /var/lib/gnupg/wks/example.net
139           $ echo key-submission@example.net >submission-address
140
141       The protocol requires that the key to be published is send with an  en‐
142       crypted  mail  to  the  service.  Thus you need to create a key for the
143       submission address:
144
145           $ gpg --batch --passphrase '' --quick-gen-key key-submission@example.net
146           $ gpg -K key-submission@example.net
147
148       The output of the last command looks similar to this:
149
150           sec   rsa2048 2016-08-30 [SC]
151                 C0FCF8642D830C53246211400346653590B3795B
152           uid           [ultimate] key-submission@example.net
153           ssb   rsa2048 2016-08-30 [E]
154
155       Take the fingerprint from that output and manually publish the key:
156
157           $ gpg-wks-server --install-key C0FCF8642D830C53246211400346653590B3795B \
158           >                key-submission@example.net
159
160       Finally that submission address needs to be redirected to a script run‐
161       ning  gpg-wks-server.  The procmail command can be used for this: Redi‐
162       rect the submission address to the user "webkey" and put this into  we‐
163       bkey's ‘.procmailrc’:
164
165         :0
166         * !^From: webkey@example.net
167         * !^X-WKS-Loop: webkey.example.net
168         |gpg-wks-server -v --receive \
169              --header X-WKS-Loop=webkey.example.net \
170              --from webkey@example.net --send
171
172
173

SEE ALSO

175       gpg-wks-client(1)
176
177
178
179GnuPG 2.2.27                      2020-12-21                 GPG-WKS-SERVER(1)
Impressum