onak 0.4.1 Copyright 2003-2012 Jonathan McDowell http://www.earth.li/projectpurple/progs/onak.html Introduction: onak is an OpenPGP compatible keyserver. It's primary purpose is the storage and retrieval of OpenPGP keys but it also has features that make use of the stored keys for various other purposes. The most useful of these is probably the pathfinder. This takes two keys, a & b, and attempts to find a path of trust from a to b in the key database. I started work on it because at the time there was no DFSG compliant server that supported multiple subkeys and could act as a drop in replacement for pksd, which I was running at the time. Installation: onak has been mainly developed under Linux with a bit of work on FreeBSD at times also. It should run on all architectures, but has only been tested on i386, AMD64 and PowerPC so far. Typing "./configure && make" should produce a version of onak with support for the DB4 backend. If you want to choose a different backend (see below for a discussion about the options) you'll need to pass the appropriate option to ./configure. Once make has completed you'll end up with various binaries: * onak This is the main program. It's intended to be run from the command line and allows the addition, deletion and searching of keys in the database. * onak-mail.pl The mail processor. Takes incoming mail (usually to pgp-public-keys@host) and calls onak to do the necessary work. Currently only supports INCREMENTAL mails for syncing with other keyservers and INDEX mails from users. * add, lookup & gpgwww The CGI programs. add & lookup are common to all PGP keyservers while gpgwww is the pathfinder component of onak. To get a keyserver that clients such as GPG can sync with you'll need to put these in a /pks directory on a web server running on port 11371. There's an example mathopd.conf file provided that I used for testing, but I'm now using Apache for the public test rig as it's already present on the host running it. * splitkeys Utility to take a keyring and split it up into a bunch of smaller ones. Config: I've finally added config file support. onak.conf is an example config; the main thing to change is the db_dir to whereever you want to put your database files. The configure script allows you to specific where it should live; by default it'll be PREFIX/etc/onak.conf. Backends: Currently there is support for 5 different database backends: * file The original backend. Very simple and ideal for testing. Stores each key as a separate file. Doesn't support searching based on key text. * pg (PostgreSQL) Once the preferred backend. Use onak.sql to create the tables necessary to run with this. Unfortunately although suitable for the keyserver side it was found to be too slow for running the pathfinder with a large number of keys. This may well be due to my use of it - if you can help speed it up info would be appreciated. * db2 (Berkeley libdb2) Only added to provide the ability to run the pathfinder with a key database produced by pksd. Currently only supports pulling keys out by keyid - no key updating or searching by key test. Found to be tempramental and prone to deadlock in the db2 library. * db4 (Berkeley libdb4) The currently preferred backend. Supports the full range of functions like the pg backend but is considerably faster. Also easier to setup assuming you have libdb4 installed; there's no need to have an SQL database running and configured. * fs (file backend) A fuller featured file based backend. Doesn't need any external libraries and supports the full range of operations (such as text and subkey searching). Needs a good filesystem to get good performance though as it creates many, many files and links. Other keyservers: I'm aware of the following other keyservers. If you know of any more please let me know and I'll add them. * pks http://sf.net/projects/pks/ The prodominant keyserver I believe; what I used to run on wwwkeys.uk.pgp.net. Had a spurt of activity a year or two ago, but seems to have died off again. The main issue with pks is that it lacks support for keys with multiple subkeys bound to them and older versions unfortunately mangle them. * CryptNET Keyserver http://www.cryptnet.net/fsp/cks/ A GPLed server with support for multiple subkeys, but unfortunately when I looked at it there was no support for syncing via email which means it can't replace a pks server to act as part of pgp.net. * OpenPKSD http://openpksd.org/ Don't really know a lot about this. Primarily Japanese development AFAICT. * SKS http://sks.sourceforge.net/ A reasonably new keyserver concentrating more on the whole issue of syncronization between keyservers. Seems to be gaining in popularity. Contacting the author: I can be reached via email as noodles@earth.li. I'm usually on IRC on OFTC (irc.oftc.net) as Noodles. All constructive criticism, bugs reports, patches and ideas are welcome. Obtaining later versions: onak lives at: http://www.earth.li/projectpurple/progs/onak.html Development is carried out using arch; you can access the repository with something like: tla register-archive noodles@earth.li--2004-laptop \ http://www.earth.li/~noodles/arch/ tla get -A noodles@earth.li--2004-laptop onak--mainline--0.3 License: onak is distributed under the GNU Public License version 2, a copy of which should have been provided with this archive as LICENSE.