[onak.git] / doc / README

onak 0.5.0
Copyright 2003-2016 Jonathan McDowell
http://www.earth.li/projectpurple/progs/onak.html


Introduction:

onak is an OpenPGP compatible keyserver. It's primary purpose is the
storage and retrieval of OpenPGP keys but it also has features that make
use of the stored keys for various other purposes. The most useful of
these is probably the pathfinder. This takes two keys, a & b, and
attempts to find a path of trust from a to b in the key database. I
started work on it because at the time there was no DFSG compliant
server that supported multiple subkeys and could act as a drop in
replacement for pksd, which I was running at the time.


Installation:

onak has been mainly developed under Linux with a bit of work on FreeBSD
at times also. It should run on all architectures, but has only been
tested on i386, AMD64 and PowerPC so far.

Typing "./configure && make" should produce a version of onak with
support for the DB4 backend. If you want to choose a different backend
(see below for a discussion about the options) you'll need to pass the
appropriate option to ./configure.

Once make has completed you'll end up with various binaries:

* onak
  This is the main program. It's intended to be run from the command
  line and allows the addition, deletion and searching of keys in the
  database.

* onak-mail.pl
  The mail processor. Takes incoming mail (usually to
  pgp-public-keys@host) and calls onak to do the necessary work.
  Currently only supports INCREMENTAL mails for syncing with other
  keyservers and INDEX mails from users.

* add, lookup & gpgwww
  The CGI programs. add & lookup are common to all PGP keyservers while
  gpgwww is the pathfinder component of onak. To get a keyserver that
  clients such as GPG can sync with you'll need to put these in a /pks
  directory on a web server running on port 11371. There's an example
  mathopd.conf file provided that I used for testing, but I'm now using
  Apache for the public test rig as it's already present on the host
  running it.

* splitkeys
  Utility to take a keyring and split it up into a bunch of smaller ones.


Config:

I've finally added config file support. onak.ini is an example config;
the main thing to change is the location in the backend section to
whereever you want to put your database files. The configure script allows
you to specific where it should live; by default it'll be PREFIX/etc/onak.ini.


Backends:

Currently there is support for 6 different database backends:

* file
  The original backend. Very simple and ideal for testing. Stores each
  key as a separate file. Doesn't support searching based on key text.

* pg (PostgreSQL)
  Once the preferred backend. Use onak.sql to create the tables
  necessary to run with this. Unfortunately although suitable for the
  keyserver side it was found to be too slow for running the pathfinder
  with a large number of keys. This may well be due to my use of it - if
  you can help speed it up info would be appreciated.

* db4 (Berkeley libdb4)
  The currently preferred backend. Supports the full range of functions
  like the pg backend but is considerably faster. Also easier to setup
  assuming you have libdb4 installed; there's no need to have an SQL
  database running and configured.

* fs (file backend)
  A fuller featured file based backend. Doesn't need any external
  libraries and supports the full range of operations (such as text and
  subkey searching). Needs a good filesystem to get good performance
  though as it creates many, many files and links.

* hkp
  A proxying backend. No keys are stored locally; all fetch and store
  requests are forwarded to the provided keyserver.


Other keyservers:

I'm aware of the following other keyservers. If you know of any more
please let me know and I'll add them.

* pks
  http://sf.net/projects/pks/
  The original mainstream keyserver; what I used to run on
  wwwkeys.uk.pgp.net. Died off due to lack of support for more modern
  key features such as multiple subkeys, to the extent that it would
  manage them. Largely replaced by SKS.

* CryptNET Keyserver
  http://www.cryptnet.net/fsp/cks/
  A GPLed server with support for multiple subkeys, but unfortunately
  when I looked at it there was no support for syncing via email which
  means it can't replace a pks server to act as part of pgp.net.

* Hockeypuck
  https://hockeypuck.io/
  Written in Go and with support for the SKS synchronisation protocol.

* OpenPKSD
  http://openpksd.org/
  Don't really know a lot about this. Primarily Japanese development
  AFAICT.

* SKS
  https://github.com/SKS-Keyserver/sks-keyserver
  Probably the most popular keyserver currently. Improves dramatically
  on the email synchronisation method by using an HTTP based set
  reconciliation approach ensuring the keyserver network eventually
  reaches consistency.


Contacting the author:

I can be reached via email as noodles@earth.li. I'm usually on IRC on
OFTC (irc.oftc.net) as Noodles.

All constructive criticism, bugs reports, patches and ideas are welcome.


Obtaining later versions:

onak lives at:

http://www.earth.li/projectpurple/progs/onak.html

Development is carried out using git; you can access the repository
with something like:

git clone git://the.earth.li/onak.git

or it can be browsed via gitweb at:

http://the.earth.li/gitweb/?p=onak.git;a=summary


License:

onak is distributed under the GNU Public License version 2, a copy of
which should have been provided with this archive as LICENSE.