|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| PKS-INTRO(8) | FreeBSD System Manager's Manual | PKS-INTRO(8) |
NAME
pks-intro - OpenPGP Public Key Server Introduction
DESCRIPTION
The OpenPGP Public Key Server system is a set of programs which manages and provides general access to a database of OpenPGP public keys.
The database itself is not a standard OpenPGP keyring. Instead, the keys which are managed by the server are stored in a set of Berkeley DB 2.x format database files. Most operations only take a fraction of a second, and even large operations involving tens of thousands of keys usually take only a few minutes.
Programs
- pksclient(8)
- This is a command-line program for managing the database. It supports All the operations of the daemon, and a few more.
- pksd(8)
- This is the public key server daemon. It processes HTTP requests and mail requests to add keys to the database and query the database contents.
- pksdctl(8)
- This is a helper program used by pksd-mail.sh and pksd-queue-run.sh.
- pks-mail.sh
- This script is run for each mail message received to queue the message.
- pks-queue-run.sh
- This script is used to process the queue of incoming mail messages.
Configuration files and data files
- pksd.conf(5)
- This file contains all the configuration data needed to run the system.
- <db_dir>/keydbXXX
- These files contain the actual database. The first files contain the OpenPGP key information, indexed by the key ID. The XXX is 000, 001, 002, up to the number of key database files minus 1.
- <db_dir>/num_keydb
- This file contains the number of key database files. In order to handle very large databases on operating systems with limited file sizes, the key database can be split into up to 1000 separate files.
- <db_dir>/timedb
- This file indexes the key ID's by the time they were added to the database.
- <db_dir>/worddb
- This file indexes the key ID's by the words in the key's user ID's.
SEARCHING
The search engine is not the same as that used by the gpg(1) or pgp(1) programs. It will return information for all keys which contain all the words in the search string. A ``word'' in this context is a string of consecutive alphabetic characters. For example, in the string user@example.com, the words are user, example, and com.
DATABASE ADMINISTRATION
pksd uses the locking, logging, and transaction facilities of Berkeley DB. This provides for added safety in the event of a server crash, and also allows for multiple pksd and/or pksclient processes to access the database at the same time.
This does make management of a key server a little more complicated. The Berkeley DB reference section on Berkeley DB Transactional Access Methods Applications
<http://www.sleepycat.com/docs/ref/toc.html#transapp>describes the procedures and commands which are used for checkpointing, archive (backup), and recovery. You should familiarize yourself with this information before running a key server.
DESIGN
The key server was Marc Horowitz's Advanced Undergraduate Project (which is really a thesis, but with a different name) for his Bachelor's degree in Computer Science and Engineering at the Massachusetts Institute of Technology. You can read detailed discussion of the internals of this key server, you can read the his AUP at
<http://www.mit.edu/people/marc/pks/thesis.html>.
FILES
pksd.conf, <db_dir>/keydbXXX, <db_dir>/num_keydb, <db_dir>/timedb, <db_dir>/worddb
AUTHOR
Marc Horowitz, Massachusetts Institute of Technology
BUGS
Visit the bug tracking system linked from http://sourceforge.net/projects/pks to view or report bugs.
COPYRIGHT
Copyright (c) 1996, 1997, 1998, 1999, Marc Horowitz. All rights reserved.
This software doesn't have a warranty, express or implied. See the LICENSE file in the source distribution for full conditions.
SEE ALSO
gpg(1), pgp(1), pksclient(8), pksd(8), pksd.conf(5), pksdctl(8),pks-mail.sh(8), pks-queue-run(8)
| 24 January 1996 |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.