; ; Configuration for onak, an OpenPGP compatible keyserver ; [main] backend=defaultdb4 backends_dir=@CMAKE_INSTALL_FULL_LIBDIR@/onak/backends logfile=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/onak.log ; Loglevel : 0 is highest debug, default is 3, nothing is 7+ loglevel=3 ; Should we use the keyd backend? use_keyd=false sock_dir=@CMAKE_INSTALL_FULL_RUNSTATEDIR@/onak ; Maximum number of keys to return in a reply to an index, verbose index or ; get. Setting it to -1 will allow any size of reply. max_reply_keys=128 ; Settings related to key verification options available. [verification] ; Blacklist certain fingerprints (e.g. EVIL32). One fingerprint per line, ; comment lines start with # ;blacklist=blacklist.txt ; Check the size of packets, dropping overly large UIDs / signature packets ; as per draft-dkg-openpgp-abuse-resistant-keystore 4.1 ;check_packet_size=false ; Verify signature hashes - verify that the hash a signature claims to be ; over matches the hash of the data. Does not actually verify the signature. check_sighash=true ; Drop v3 (and older) keys. These are long considered insecure, so unless there ; is a good reason you should accept this default. drop_v3=true ; Specify that a key must have a certificate from another key in order for it ; to be accepted. Only valid when verify_signatures is set, meaning new keys ; can only be added if they are certified by keys already present. ;require_other_sig=false ; Only allow keys that already exist to be update; silently drop the addition ; of any key we don't already know about. Useful for allowing updates to ; curated keys without the addition of new keys. ;update_only=false ; Verify signatures, dropping those that cannot or do not validate. Keys/UIDS ; that lack valid self signatures will also be dropped. Note that in order to ; valid a signature the signing key must be present in the key database, so ; multiple passes may be required to import new keyrings fully. ;verify_signatures=false ; Settings related to the email interface to onak. [mail] maintainer_email=PGP Key Server Administrator mail_dir=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/spool/onak ; Specify the envelope sender address as the -f argument to ; sendmail. This is the address which will receive any bounces. ; If you don't use sendmail, then change this to an equivalent command. ; If you do not want to process mail requests, leave this unset. mta=/usr/sbin/sendmail -t -oi -fmailer-daemon ; Where the main onak binary lives, so the script that handles incoming ; email knows where to find it. bin_dir=@BINDIR@ ; Email address outgoing incremental messages will come from. ; Needs to match the syncsite entries others sites have for this site. this_site=pgp-public-keys@the.earth.li ; Include a syncsite line for each site with which you are exchanging ; incremental requests. ;syncsite=pgp-public-keys@keys.nl.pgp.net ;syncsite=pgp-public-keys@blackhole.pca.dfn.de ;syncsite=pgp-public-keys@pgp.es.net ;syncsite=pgp-public-keys@keyserver.linux.it ;syncsite=pgp-public-keys@pgp.dtype.org ;syncsite=pgp-public-keys@kjsl.com ; Database backend configurations below here [backend:defaultdb4] ; The default DB4 backend. Recommended. type=db4 location=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/onak [backend:examplehkp] ; An example HKP backend; all operations will be done against the ; provided keyserver, with no local storage. type=hkp location=hkp://the.earth.li/ [backend:examplestacked] ; A stacked set of backends. All fetch operations will be tried against ; the provided list of backends, from left to right, until one succeeds. ; All store operations are against the first backend. ; If a fetch does not succeed against the first backend, but against a ; later one, then the returned keys are also stored in the first backend. ; This example configuration essentially produces a caching keyserver, ; with any key fetched from the HKP backend being stored in the DB4 ; backend. ; Note keys are not expired from the DB4 backend, so without any other ; update mechanism configured this will result in stale data eventually. type=stacked location=defaultdb4:examplehkp