1GPG-WKS-SERVER(1)            GNU Privacy Guard 2.4           GPG-WKS-SERVER(1)
2
3
4

NAME

6       gpg-wks-server - Server providing the Web Key Service
7

SYNOPSIS

9       gpg-wks-server [options] --receive
10       gpg-wks-server [options] --cron
11       gpg-wks-server [options] --list-domains
12       gpg-wks-server [options] --check-key user-id
13       gpg-wks-server [options] --install-key file user-id
14       gpg-wks-server [options] --remove-key user-id
15       gpg-wks-server [options] --revoke-key user-id
16
17

DESCRIPTION

19       The  gpg-wks-server is a server side implementation of the Web Key Ser‐
20       vice.  It receives requests for  publication,  sends  confirmation  re‐
21       quests,  receives  confirmations,  and  published the key.  It also has
22       features to ease the setup and maintenance of a Web Key Directory.
23
24       When used with the command --receive a single Web Key Service  mail  is
25       processed.  Commonly this command is used with the option --send to di‐
26       rectly send the created mails back.  See below for an installation  ex‐
27       ample.
28
29       The command --cron is used for regular cleanup tasks.  For example non-
30       confirmed requested should be removed after their expire time.   It  is
31       best to run this command once a day from a cronjob.
32
33       The  command  --list-domains prints all configured domains.  Further it
34       creates missing directories for the configuration and  prints  warnings
35       pertaining to problems in the configuration.
36
37       The command --check-key (or just --check) checks whether a key with the
38       given user-id is installed.  The process returns success in this  case;
39       to  also  print  a diagnostic use the option -v.  If the key is not in‐
40       stalled a diagnostic is printed and the  process  returns  failure;  to
41       suppress  the  diagnostic, use option -q.  More than one user-id can be
42       given; see also option with-file.
43
44       The command --install-key manually installs a key into  the  WKD.   The
45       arguments  are a file with the keyblock and the user-id to install.  If
46       the first argument resembles a fingerprint the key is  taken  from  the
47       current  keyring; to force the use of a file, prefix the first argument
48       with "./".  If no arguments are given  the  parameters  are  read  from
49       stdin; the expected format are lines with the fingerprint and the mail‐
50       box separated by a space.
51
52       The command --remove-key uninstalls a key from the  WKD.   The  process
53       returns  success  in  this case; to also print a diagnostic, use option
54       -v.  If the key is not  installed  a  diagnostic  is  printed  and  the
55       process returns failure; to suppress the diagnostic, use option -q.
56
57       The command --revoke-key is not yet functional.
58
59
60

OPTIONS

62       gpg-wks-server understands these options:
63
64
65
66       -C dir
67       --directory dir
68              Use  dir  as  top  level  directory for domains.  The default is
69/var/lib/gnupg/wks’.
70
71
72       --from mailaddr
73              Use mailaddr as the default sender address.
74
75
76       --header name=value
77              Add the mail header "name: value" to all outgoing mails.
78
79
80       --send Directly send created mails using  the  sendmail  command.   Re‐
81              quires installation of that command.
82
83
84       -o file
85       --output file
86              Write  the  created mail also to file. Note that the value - for
87              file would write it to stdout.
88
89
90       --with-dir
91              When used with the command --list-domains  print  for  each  in‐
92              stalled domain the domain name and its directory name.
93
94
95       --with-file
96              When  used  with the command --check-key print for each user-id,
97              the address, 'i' for installed key or 'n' for not installed key,
98              and the filename.
99
100
101       --verbose
102              Enable extra informational output.
103
104
105       --quiet
106              Disable almost all informational output.
107
108
109       --version
110              Print version of the program and exit.
111
112
113       --help Display a brief help page and exit.
114
115

EXAMPLES

117       The  Web Key Service requires a working directory to store keys pending
118       for publication.  As root create a working directory:
119
120           # mkdir /var/lib/gnupg/wks
121           # chown webkey:webkey /var/lib/gnupg/wks
122           # chmod 2750 /var/lib/gnupg/wks
123
124       Then under your webkey account create directories for all your domains.
125       Here we do it for "example.net":
126
127           $ mkdir /var/lib/gnupg/wks/example.net
128
129       Finally run
130
131           $ gpg-wks-server --list-domains
132
133       to  create  the  required sub-directories with the permissions set cor‐
134       rectly.  For each domain a submission address needs to  be  configured.
135       All service mails are directed to that address.  It can be the same ad‐
136       dress for all configured domains, for example:
137
138           $ cd /var/lib/gnupg/wks/example.net
139           $ echo key-submission@example.net >submission-address
140
141       The protocol requires that the key to be published is sent with an  en‐
142       crypted  mail  to  the  service.  Thus you need to create a key for the
143       submission address:
144
145           $ gpg --batch --passphrase '' --quick-gen-key key-submission@example.net
146           $ gpg -K key-submission@example.net
147
148       The output of the last command looks similar to this:
149
150           sec   rsa3072 2016-08-30 [SC]
151                 C0FCF8642D830C53246211400346653590B3795B
152           uid           [ultimate] key-submission@example.net
153                         bxzcxpxk8h87z1k7bzk86xn5aj47intu@example.net
154           ssb   rsa3072 2016-08-30 [E]
155
156       Take the fingerprint from that output and manually publish the key:
157
158           $ gpg-wks-server --install-key C0FCF8642D830C53246211400346653590B3795B \
159           >                key-submission@example.net
160
161       Finally that submission address needs to be redirected to a script run‐
162       ning  gpg-wks-server.  The procmail command can be used for this: Redi‐
163       rect the submission address to the user "webkey" and put this into  we‐
164       bkey's ‘.procmailrc’:
165
166         :0
167         * !^From: webkey@example.net
168         * !^X-WKS-Loop: webkey.example.net
169         |gpg-wks-server -v --receive \
170              --header X-WKS-Loop=webkey.example.net \
171              --from webkey@example.net --send
172
173
174

SEE ALSO

176       gpg-wks-client(1)
177
178
179
180GnuPG 2.4.3                       2023-06-21                 GPG-WKS-SERVER(1)
Impressum