NAME¶
msva-perl - Perl implementation of a Monkeysphere Validation Agent
SYNOPSIS¶
msva-perl [ COMMAND [ ARGS ... ] ]
ABSTRACT¶
msva-perl provides a Perl implementation of the Monkeysphere Validation Agent, a
certificate validation service.
INTRODUCTION¶
The Monkeysphere Validation Agent offers a local service for tools to validate
certificates (both X.509 and OpenPGP) and other public keys.
Clients of the validation agent query it with a public key carrier (a raw public
key, or some flavor of certificate), the supposed name of the remote peer
offering the pubkey, and the context in which the validation check is relevant
(e.g. ssh, https, etc).
The validation agent then tells the client whether it was able to successfully
validate the peer's use of the public key in the given context.
USAGE¶
Launched with no arguments, msva-perl simply runs and listens forever.
Launched with arguments, it sets up a listener, spawns a subprocess using the
supplied command and arguments, but with the
MONKEYSPHERE_VALIDATION_AGENT_SOCKET environment variable set to refer to its
listener. When the subprocess terminates, msva-perl tears down the listener
and exits as well, returning the same value as the subprocess.
This is a similar invocation pattern to that of
ssh-agent(1).
ENVIRONMENT VARIABLES¶
msva-perl is configured by means of environment variables.
- MSVA_LOG_LEVEL
- msva-perl logs messages about its operation to stderr.
MSVA_LOG_LEVEL controls its verbosity, and should be one of (in increasing
verbosity): silent, quiet, fatal, error, info, verbose, debug, debug1,
debug2, debug3. Default is 'error'.
- MSVA_ALLOWED_USERS
- If your system is capable of it, msva-perl tries to figure
out the owner of the connecting client. If MSVA_ALLOWED_USERS is unset,
msva-perl will only permit connections from the user msva is running as.
If you set MSVA_ALLOWED_USERS, msva-perl will treat it as a list of local
users (by name or user ID) who are allowed to connect.
- MSVA_PORT
- msva-perl listens on a local TCP socket to facilitate
access. You can choose what port to bind to by setting MSVA_PORT. Default
is to bind on an arbitrary open port.
- MSVA_KEYSERVER
- msva-perl will request information from OpenPGP keyservers.
Set MSVA_KEYSERVER to declare the keyserver you want it to check with. If
this variable is blank or unset, and your gpg.conf contains a keyserver
declaration, it will use the GnuPG configuration. Failing that, the
default is 'hkp://pool.sks-keyservers.net'.
- MSVA_KEYSERVER_POLICY
- msva-perl must decide when to check with keyservers (for
new keys, revocation certificates, new certifications, etc). There are
three possible options: 'always' means to check with the keyserver on
every query it receives. 'never' means to never check with a keyserver.
'unlessvalid' will only check with the keyserver on a specific query if no
keys are already locally known to be valid for the requested peer. Default
is 'unlessvalid'.
- MSVA_MONITOR_CHANGES
- Under graphical environments such as X11, msva-perl is
capable of monitoring for changes in its underlying code and can prompt
the user to restart the daemon when some of the underlying code changes.
Setting this environmnt variable to 'true' enables this monitoring and
prompting behavior. Default is 'false'.
COMMUNICATION PROTOCOL DETAILS¶
Communications with the Monkeysphere Validation Agent are in the form of JSON
requests over plain HTTP. Responses from the agent are also JSON objects. For
details on the structure of the requests and responses, please see
http://web.monkeysphere.info/validation-agent/protocol
SECURITY CONSIDERATIONS¶
msva-perl deliberately binds to the IPv4 loopback (on 127.0.0.1) so that remote
users do not get access to the daemon. On systems (like Linux) which report
ownership of TCP sockets in /proc/net/tcp, msva-perl will refuse access from
random users (see MSVA_ALLOWED_USERS above).
SEE ALSO¶
monkeysphere(1),
monkeysphere(7),
ssh-agent(1)
BUGS AND FEEDBACK¶
Bugs or feature requests for msva-perl should be filed with the Monkeysphere
project's bug tracker at
https://labs.riseup.net/code/projects/monkeysphere/issues/
AUTHORS AND CONTRIBUTORS¶
Daniel Kahn Gillmor <dkg@fifthhorseman.net<gt>
The Monkeysphere Team
http://web.monkeysphere.info/
COPYRIGHT AND LICENSE¶
Copyright AX Daniel Kahn Gillmor and others from the Monkeysphere team.
msva-perl is free software, distributed under the GNU Public License, version
3 or later.