GPG-WKS-SERVER - Online Linux Manual PageSection : 1
Updated : 2022-12-16
Source : GnuPG 2.4.0
Note : GNU Privacy Guard 2.3
NAMEgpg-wks-server − Server providing the Web Key Service
SYNOPSISgpg-wks-server [options] −−receive
gpg-wks-server [options] −−cron
gpg-wks-server [options] −−list-domains
gpg-wks-server [options] −−check-key user-id
gpg-wks-server [options] −−install-key file user-id
gpg-wks-server [options] −−remove-key user-id
gpg-wks-server [options] −−revoke-key user-id
DESCRIPTIONThe gpg-wks-server is a server side implementation of the Web Key Service. It receives requests for publication, sends confirmation requests, receives confirmations, and published the key. It also has features to ease the setup and maintenance of a Web Key Directory. When used with the command --receive a single Web Key Service mail is processed. Commonly this command is used with the option --send to directly send the created mails back. See below for an installation example. The command --cron is used for regular cleanup tasks. For example non-confirmed requested should be removed after their expire time. It is best to run this command once a day from a cronjob. The command --list-domains prints all configured domains. Further it creates missing directories for the configuration and prints warnings pertaining to problems in the configuration. The command --check-key (or just --check) checks whether a key with the given user-id is installed. The process returns success in this case; to also print a diagnostic use the option -v. If the key is not installed a diagnostic is printed and the process returns failure; to suppress the diagnostic, use option -q. More than one user-id can be given; see also option with-file. The command --install-key manually installs a key into the WKD. The arguments are a file with the keyblock and the user-id to install. If the first argument resembles a fingerprint the key is taken from the current keyring; to force the use of a file, prefix the first argument with "./". If no arguments are given the parameters are read from stdin; the expected format are lines with the fingerprint and the mailbox separated by a space. The command --remove-key uninstalls a key from the WKD. The process returns success in this case; to also print a diagnostic, use option -v. If the key is not installed a diagnostic is printed and the process returns failure; to suppress the diagnostic, use option -q. The command --revoke-key is not yet functional.
OPTIONSgpg-wks-server understands these options: -C dir
--directory dir Use dir as top level directory for domains. The default is ‛/var/lib/gnupg/wks’. --from mailaddr Use mailaddr as the default sender address. --header name=value Add the mail header "name: value" to all outgoing mails. --send Directly send created mails using the sendmail command. Requires installation of that command. -o file
--output file Write the created mail also to file. Note that the value - for file would write it to stdout. --with-dir When used with the command --list-domains print for each installed domain the domain name and its directory name. --with-file When used with the command --check-key print for each user-id, the address, 'i' for installed key or 'n' for not installed key, and the filename. --verbose Enable extra informational output. --quiet Disable almost all informational output. --version Print version of the program and exit. --help Display a brief help page and exit.
EXAMPLESThe Web Key Service requires a working directory to store keys pending for publication. As root create a working directory: # mkdir /var/lib/gnupg/wks
# chown webkey:webkey /var/lib/gnupg/wks
# chmod 2750 /var/lib/gnupg/wksThen under your webkey account create directories for all your domains. Here we do it for "example.net": $ mkdir /var/lib/gnupg/wks/example.netFinally run $ gpg-wks-server --list-domainsto create the required sub-directories with the permissions set correctly. For each domain a submission address needs to be configured. All service mails are directed to that address. It can be the same address for all configured domains, for example: $ cd /var/lib/gnupg/wks/example.net
$ echo key-submission@example.net >submission-addressThe protocol requires that the key to be published is sent with an encrypted mail to the service. Thus you need to create a key for the submission address: $ gpg --batch --passphrase '' --quick-gen-key key-submission@example.net
$ gpg -K key-submission@example.netThe output of the last command looks similar to this: sec rsa3072 2016-08-30 [SC]
C0FCF8642D830C53246211400346653590B3795B
uid [ultimate] key-submission@example.net
bxzcxpxk8h87z1k7bzk86xn5aj47intu@example.net
ssb rsa3072 2016-08-30 [E]Take the fingerprint from that output and manually publish the key: $ gpg-wks-server --install-key C0FCF8642D830C53246211400346653590B3795B
> key-submission@example.netFinally that submission address needs to be redirected to a script running gpg-wks-server. The procmail command can be used for this: Redirect the submission address to the user "webkey" and put this into webkey's ‛.procmailrc’: :0
* !^From: webkey@example.net
* !^X-WKS-Loop: webkey.example.net
|gpg-wks-server -v --receive
--header X-WKS-Loop=webkey.example.net
--from webkey@example.net --send
SEE ALSOgpg-wks-client(1) 0
Johanes Gumabo
Data Size : 18,455 byte
man-gpg-wks-server.1Build : 2024-12-05, 20:55 :
Visitor Screen : x
Visitor Counter ( page / site ) : 2 / 236,851
Visitor ID : :
Visitor IP : 13.59.68.161 :
Visitor Provider : AMAZON-02 :
Provider Position ( lat x lon ) : 39.962500 x -83.006100 : x
Provider Accuracy Radius ( km ) : 1000 :
Provider City : Columbus :
Provider Province : Ohio , : ,
Provider Country : United States :
Provider Continent : North America :
Visitor Recorder : Version :
Visitor Recorder : Library :
Online Linux Manual Page : Version : Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page : Library : lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page : Library : lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base : Version : Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base : Library : lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36
Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.