.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .if !\nF .nr F 0 .if \nF>0 \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "sks 8" .TH sks 8 "2016-11-09" "0.1" "SKS OpenPGP Key server" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" SKS \- Synchronizing Key Server .SH "SYNOPSIS" .IX Header "SYNOPSIS" sks [options] \-debug .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1SKS\s0 is a OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization. That means that a key submitted to one \s-1SKS\s0 server will quickly be distributed to all key servers, and even wildly out-of-date servers, or servers that experience spotty connectivity, can fully synchronize with rest of the system. .PP The design of \s-1SKS\s0 is deliberately simple. The server consists of two single-threaded processes. The first, \*(L"sks db\*(R", fulfills the normal jobs associated with a public key server, such as answering web requests. The only special functionality of \*(L"sks db\*(R" is that it keeps a log summarizing the changes to the key database. \*(L"sks recon\*(R" does all the work with respect to reconciling hosts databases. \*(L"sks recon\*(R" keeps track of specialized summary information about the database, and can use that information to efficiently determine the differences between its database and that of another host. .SH "FEATURES" .IX Header "FEATURES" Highly efficient and reliable reconciliation algorithm .PP Follows \s-1RFC2440\s0 and RFC2440bis carefully \- unlike \s-1PKS, SKS\s0 supports new and old style packets, photoID packets, multiple subkeys, and pretty much everything allowed by the RFCs. .PP Fully compatible with \s-1PKS\s0 system \- can both send and receive syncs from \s-1PKS\s0 servers, ensuring seamless connectivity. .PP Simple configuration: each host just needs a (partial) list of the other participating key servers. Gossip is used to distribute information without putting a heavy load an any one host. .PP Supports HKP/web\-based querying, and soon-to-be-standard machine readable indices .SH "OPTIONS" .IX Header "OPTIONS" \&\s-1SKS\s0 binary command options are as follows: .IP "db" 4 .IX Item "db" .Vb 1 \& Initiates database server. .Ve .IP "recon" 4 .IX Item "recon" Initiates reconciliation server. .IP "cleandb" 4 .IX Item "cleandb" Apply filters to all keys in database, fixing some common problems. .IP "build" 4 .IX Item "build" Build key database, including body of keys directly in database. .IP "fastbuild \-n [size] \-cache [mbytes]" 4 .IX Item "fastbuild -n [size] -cache [mbytes]" Build key database, doesn't include keys directly in database, faster than build. \-n specifies the number of keydump files to read per pass when used with build and the multiple of 15,000 keys to be read per pass when used with fastbuild. \-cache specifies the database cache to use in megabytes. .IP "pbuild \-cache [mbytes] \-ptree_cache [mbytes]" 4 .IX Item "pbuild -cache [mbytes] -ptree_cache [mbytes]" Build prefix-tree database, used by reconciliation server, from key database. Allows for specification of cache for key database and for ptree database. .IP "dump numkeys dumpdir " 4 .IX Item "dump numkeys dumpdir " Create a raw dump of the keys in the database. The dump is split into multiple files; the numkeys parameter determines the number of keys dumped in each file. The optional filename-prefix is prepended to the dump file names. Without it the dump files are named 0000.pgp, 0001.pgp,... .IP "merge" 4 .IX Item "merge" Adds key from key files to existing database. .IP "drop" 4 .IX Item "drop" Drops key from database. .IP "update_subkeys [\-n # of updates / 1000]" 4 .IX Item "update_subkeys [-n # of updates / 1000]" Updates subkey keyid index to include all current keys. Only useful when upgrading versions 1.0.4 or before of \s-1SKS.\s0 .IP "version" 4 .IX Item "version" prints \s-1SKS\s0 version and linked version of Berkeley \s-1DB\s0 to stdout .IP "help" 4 .IX Item "help" Prints the help message. .SH "ADDITIONAL OPTIONS" .IX Header "ADDITIONAL OPTIONS" You won't need most of the options below for normal operation. These options can be given in basedir/sksconf or as command line option for the sks binary. .IP "\-debug" 4 .IX Item "-debug" Debugging mode. .IP "\-debuglevel" 4 .IX Item "-debuglevel" Debugging level \*(-- sets verbosity of logging. .IP "\-q" 4 .IX Item "-q" .Vb 1 \& Number of bits defining a bin. .Ve .IP "\-mbar" 4 .IX Item "-mbar" Number of errors that can be corrected in one shot. .IP "\-seed" 4 .IX Item "-seed" Seed used by \s-1RNG.\s0 .IP "\-hostname" 4 .IX Item "-hostname" Current hostname. .IP "\-nodename" 4 .IX Item "-nodename" Current nodename. .IP "\-d" 4 .IX Item "-d" .Vb 1 \& Number of keys to drop at random when synchronizing. .Ve .IP "\-n" 4 .IX Item "-n" .Vb 1 \& Number of keydump files to load at once. .Ve .IP "\-max_internal_matches" 4 .IX Item "-max_internal_matches" Maximum number of matches for most specific word in a multi-word search. .IP "\-max_matches" 4 .IX Item "-max_matches" Maximum number of matches that will be returned from a query. .IP "\-max_uid_fetches" 4 .IX Item "-max_uid_fetches" Maximum number of uid fetches performed in a verbose index query. .IP "\-pagesize" 4 .IX Item "-pagesize" Pagesize in 512 byte chucks for key db. .IP "\-keyid_pagesize" 4 .IX Item "-keyid_pagesize" Pagesize in 512 byte chucks for keyid db. .IP "\-meta_pagesize" 4 .IX Item "-meta_pagesize" Pagesize in 512 byte chucks for metadata db. .IP "\-subkeyid_pagesize" 4 .IX Item "-subkeyid_pagesize" Pagesize in 512 byte chucks for subkeyid db. .IP "\-time_pagesize" 4 .IX Item "-time_pagesize" Pagesize in 512 byte chucks for time db. .IP "\-tqueue_pagesize" 4 .IX Item "-tqueue_pagesize" Pagesize in 512 byte chucks for tqueue db. .IP "\-word_pagesize" 4 .IX Item "-word_pagesize" Pagesize in 512 byte chunks for word db. .IP "\-cache" 4 .IX Item "-cache" Cache size in megs for key db. .IP "\-ptree_pagesize" 4 .IX Item "-ptree_pagesize" Pagesize in 512 byte chunks for prefix tree db. .IP "\-ptree_cache" 4 .IX Item "-ptree_cache" Cache size in megs for prefix tree db. .IP "\-baseport" 4 .IX Item "-baseport" Set base port number. .IP "\-recon_port" 4 .IX Item "-recon_port" Set recon port number. .IP "\-recon_address" 4 .IX Item "-recon_address" Set recon binding addresses. Can be a list of whitespace separated \s-1IP\s0 addresses or domain names. .IP "\-hkp_port" 4 .IX Item "-hkp_port" Set hkp port number. .IP "\-hkp_address" 4 .IX Item "-hkp_address" Set hkp binding addresses. Can be a list of whitespace separated \s-1IP\s0 addresses or domain names. .IP "\-use_port_80" 4 .IX Item "-use_port_80" Have the \s-1HKP\s0 interface listen on port 80, as well as the hkp_port. .IP "\-basedir" 4 .IX Item "-basedir" Set base directory. .IP "\-stdoutlog" 4 .IX Item "-stdoutlog" Send log messages to stdout instead of log file. .IP "\-diskptree" 4 .IX Item "-diskptree" Use a disk-based ptree implementation. Slower, but requires far less memory. .IP "\-nodiskptree" 4 .IX Item "-nodiskptree" Use in-mem ptree. .IP "\-max_ptree_nodes" 4 .IX Item "-max_ptree_nodes" Maximum number of allowed ptree nodes. Only meaningful if \-diskptree is set. .IP "\-prob" 4 .IX Item "-prob" Set probability. Used for testing code only. .IP "\-recon_sync_interval" 4 .IX Item "-recon_sync_interval" Set sync interval for reconserver. .IP "\-gossip_interval" 4 .IX Item "-gossip_interval" Set time between gossips in minutes. .IP "\-dontgossip" 4 .IX Item "-dontgossip" Don't gossip automatically. Host will still respond to requests from other hosts. .IP "\-db_sync_interval" 4 .IX Item "-db_sync_interval" Set sync interval for dbserver. .IP "\-checkpoint_interval" 4 .IX Item "-checkpoint_interval" Time period between checkpoints. .IP "\-recon_checkpoint_interval" 4 .IX Item "-recon_checkpoint_interval" Time period between checkpoints for reconserver. .IP "\-ptree_thresh_mult" 4 .IX Item "-ptree_thresh_mult" Multiple of thresh which specifies minimum node size in prefix tree. .IP "\-recon_thresh_mult" 4 .IX Item "-recon_thresh_mult" Multiple of thresh which specifies minimum node size that is included in reconciliation. .IP "\-max_recover" 4 .IX Item "-max_recover" Maximum number of differences to recover in one round. .IP "\-http_fetch_size" 4 .IX Item "-http_fetch_size" Number of keys for reconserver to fetch from dbserver in one go. .IP "\-wserver_timeout" 4 .IX Item "-wserver_timeout" Timeout in seconds for webserver requests. .IP "\-reconciliation_timeout" 4 .IX Item "-reconciliation_timeout" Timeout for reconciliation runs in minutes. .IP "\-stat_hour" 4 .IX Item "-stat_hour" Hour at which to run database statistics. .IP "\-initial_stat" 4 .IX Item "-initial_stat" Runs database statistics calculation on boot. .IP "\-reconciliation_config_timeout" 4 .IX Item "-reconciliation_config_timeout" Set timeout in seconds for initial exchange of config info in reconciliation. .IP "\-missing_keys_timeout" 4 .IX Item "-missing_keys_timeout" Timeout in seconds for get_missing_keys. .IP "\-command_timeout" 4 .IX Item "-command_timeout" Timeout in seconds for commands set over command socket. .IP "\-sendmail_cmd" 4 .IX Item "-sendmail_cmd" Command used for sending mail. .IP "\-from_addr" 4 .IX Item "-from_addr" From address used in synchronization emails used to communicate with \s-1PKS.\s0 .IP "\-dump_new_only" 4 .IX Item "-dump_new_only" When doing a database dump, only dump new keys, not keys already contained in a keydump file. .IP "\-max_outstanding_recon_requests" 4 .IX Item "-max_outstanding_recon_requests" Maximum number of outstanding requests in reconciliation. .IP "\-membership_reload_interval" 4 .IX Item "-membership_reload_interval" Maximum interval (in hours) at which membership file is reloaded. .IP "\-disable_mailsync" 4 .IX Item "-disable_mailsync" Disable sending of \s-1PKS\s0 mailsync messages. \s-1ONLY FOR STANDALONE SERVERS\s0! \&\s-1THIS IS THE MECHANIASM FOR SENDING UPDATES TO\s0 NON-SKS \s-1SERVERS.\s0 .IP "\-disable_log_diffs" 4 .IX Item "-disable_log_diffs" Disable logging of recent hashset diffs. .IP "\-server_contact" 4 .IX Item "-server_contact" Set OpenPGP KeyID of the server contact .IP "\-\-help, \-help" 4 .IX Item "--help, -help" .PD 0 .IP "\-stdin" 4 .IX Item "-stdin" .PD Read keyids from stdin (sksclient only) .Sp Displays list of options. .SH "FILES" .IX Header "FILES" Information about important files located in your \s-1SKS\s0 basedir. .IP "bin/sks" 4 .IX Item "bin/sks" The main \s-1SKS\s0 executable. .IP "bin/sks_add_mail" 4 .IX Item "bin/sks_add_mail" The executable responsible for parsing incoming mails from \s-1PKS\s0 key servers. .IP "bin/sks_build.sh" 4 .IX Item "bin/sks_build.sh" Script to generate an initial database. .IP "mailsync" 4 .IX Item "mailsync" The mailsync should contains a list of email addresses of \s-1PKS\s0 keyservers. This file is important, because it ensures that keys submitted directly to an \s-1SKS\s0 keyserver are also forwarded to \s-1PKS\s0 keyservers. \s-1IMPORTANT :\s0 don't add someone to your mailsync file without getting their permission first! .IP "membership" 4 .IX Item "membership" With \s-1SKS,\s0 two hosts can efficiently compare their databases then repair whatever differences are found. In order to set up reconciliation, you first need to find other \s-1SKS\s0 servers that will agree to gossip with you. The hostname and port of the server that has agreed to do so should be added to this file. .IP "sksconf" 4 .IX Item "sksconf" The configuration file for your \s-1SKS\s0 server. .SH "EXAMPLES" .IX Header "EXAMPLES" .IP "membership" 4 .IX Item "membership" .Vb 2 \& keyserver.ahost.org 11370 # Comments are allowed \& keyserver.foo.org 11370 # Another host with default ports .Ve .IP "sksconf" 4 .IX Item "sksconf" .Vb 4 \& membership_reload_interval: 1 \& initial_stat: \& hostname: keyserver.example.com \& from_addr: pgp\-public\-keys@keyserver.example.com .Ve .IP "Procmail" 4 .IX Item "Procmail" .Vb 4 \& PATH=/path/of/sks/exectuables \& :0 \& * ^Subject: incremental \& | /path/of/sks_add_mail /path/to/sks/directory .Ve .IP "/etc/aliases" 4 .IX Item "/etc/aliases" .Vb 1 \& pgp\-public\-keys: "|/path/of/sks_add_mail /path/to/sks/directory" .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" .Vb 1 \& The SKS website is located at https://bitbucket.org/skskeyserver/sks\-keyserver/. .Ve .SH "AUTHOR" .IX Header "AUTHOR" The first draft was written by Thomas Sjogren .