This is a DNS server front-end to the CryptNET OpenPGP keyserver, used by GnuPG clients.
If you do not know what CryptNET Keyserver, DNS-based key servers, or GnuPG is, I suggest using the following resources.
You can grab the tarball [PGP], which includes the script and this HTML page.
It is a Perl script, and it needs at least two perl packages:
If you run Debian, simply do something like:
# apt-get install libnet-dns-perl libdbd-pgsql libdbi-perl libdbd-pg-perl
Make sure the CryptNET Postgres database is running, and invoke it simply as:
# ./cks-dns
It needs root for binding to port 53. Dropping its privileges is a todo. Some command line parameters:
That's it. If it isn't, it is a bug, please let me know.
jas@latte:~/src/cks-dns$ dig 3F9061AB.dnskeys.josefsson.org cert ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.2.4rc2 <<>> 3F9061AB.dnskeys.josefsson.org cert ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15829 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;3F9061AB.dnskeys.josefsson.org. IN CERT ;; ANSWER SECTION: 3F9061AB.dnskeys.josefsson.org. 2786 IN CERT PGP 0 0 mQENAzXcqfYAAAEIAKNQSEcCND0rl/LZHpYF0cdRmGhXii7lsmGWnvc7 OK/ARsZOX4A32R4Byblc4tfHd+i6gYcilR3OEFGU4jkJK1ShnRJFmm3B cywKPx4xJ86kYCDEE3hatbhMaDbrK3MZCVtoh4cZDPTdK4gJgzaFd8AB pS24F9jzz/y0plUr5RUZQIPOi96q1w3GMHjoQMahOAZ/0JgUI08c6BkF USNs4mCnfzMAeC1db6a8F1iC7exFpQZogH3ubZfJoHvz6adxtB8CTqus glS90MPW3+Gx52mLtPmvY7e1DXTJGXG3g40gLPFdeSNifYTyJXwwylsj UYqF9uZEPFpEbr7kJj+QYasABRG0J01pY2hhZWwgU3RlaW5lciA8bTEu c3RlaW5lckB2b24udWxtLmRlPokBFQMFEDXcqfZuvuQmP5BhqwEBqHwH /3jIc+BQaeokSkJo7rWRFYNTo5hyb33rIa+ffvy+5WPCwVqR3W7tWBmj kTbH+cLovfaj6tx4OgWhAHy4gvg9QId1qqLM3l5YRl8kloDkTVcu+jO5 OaWwS8ot4+mEy9kjuUn+Hyu9/HBC0jLd56hBGKbbfKDmT7pXrNFa0AFf y9mpN/aUSqsBXhI37OQvOwNTJE2MlAjiIdK2vfjyXmLnAdelnac9xpUf P36VfkboSnPgOxIBgibuNgdcN2Tk4jimXzPRLjynwz+bsHv2Zs4ZTQzG HyrQKOVMPfQeuI5UE6PlgMbgDOBTKueG5vL4fqF9SfWo6/jzTmWsilo0 zPT/FquIRgQQEQIABgUCNdyqHQAKCRBtIB6DD3RY6laEAKCpEL+peLOt uA11NnQr3OFnz9+/dwCgnhPNEVirVIH6nzQPMAny/CY9P8u0Kk1pY2hh ZWwgU3RlaW5lciA8c3RlaW5lckBpbmZvLXByb2R1Y3RzLmRlPokBFQMF EDXcruduvuQmP5BhqwEBDk4IAJPMfYIPiPBjWRnfT583BqGiLm/oJTok oZ+KXlx2qsR9KpDgD+Fpl0c+DMgxdPd5rOGQXf2B2W3AfoMLf5SYuTW4 PW0wFL87dealpol0ysx46VdnssgDJTP+K3lZXrVGxzJjN6YOH9hY7ajM I/oJcHHZ4DHm6aJ/lfUtac6P/DNP0ofgYugp5qoPoMlquzibSL+m4rK5 oBJuxYVLSg/+tsvk7iBPVbHRIxdJ8SrTcY1+ZlSnsA7PL8wPo9SVsYlg CrWq+AU9p03GFWsk3i1XGrOYSdiFrajehXInU/dz9k77iGMztqvDfJlG mzY4JCbAJLNgfvPEzd+hChwsAw2EtP6IRgQQEQIABgUCNdyvSwAKCRBt IB6DD3RY6vvEAJ0TR/OxxXJUPq/02mUzpWH2emKrGwCg2GIxhwDQJ86O EDkbm0+NUOvo6Qu0LU1pY2hhZWwgU3RlaW5lciA8TWljaGFlbF9TdGVp bmVyQHQtb25saW5lLmRlPokBFQMFEDXcrwJuvuQmP5BhqwEBUQMH/1Yr qt4l8ljx5DJf15ZjpnHRJH15ExWLWFeRi63O0sY/zi2DA7D0Xxq4i8MA 35NdAlxIOq9Sv36qJtsk0nIjhyWA7WgwA8F+GboGkWHti4j5ky40AiGh kSdNbCGbeLB7FLnzOGNupqGLRQnA2X2eNhLr4fJ1R9ADBNkRCyr1b7NK zB118QEHef0ZGaprMIebF6XJe7KmzSfvIYWvLP6M8GwYnS3GLTD2lRIS oYXVEsQvaettTIM6gAjALkFAdkAEGb0RTVNfFFKHaoWV21141S58gLRT mGlb1dN6TkBytec81fRo7jEwOVDd2gE7rt3sqcOYdLALoEQHdYaHeiUo zQOIRgQQEQIABgUCNdyvVAAKCRBtIB6DD3RY6j42AJ96SQ340nQrC+lu T/gvVt+zntmahQCeP2u0op6QDnsFdImjQ4UKdADa+9S0ME1pY2hhZWwg U3RlaW5lciA8TWljaGFlbF9TdGVpbmVyQGNvbXB1c2VydmUuY29tPokB FQMFEDXcryJuvuQmP5BhqwEBz4AH/3desEuulJDBl/QJAljMSfYlDR6x pa6xgs9CekQRfaR2QpPgaDv+x814EgpUb9uU3NF3eaJURPcBR+iH8Dyq hM+A9ac1leDCwi+HQubd6PNqf6P6X0zN8bz+f4J7OnCIsvPSVRKEkRLN KqLf7vnVvuzH5W0T5FdxwQYgDGQ7WJo9XhmvXHk3IM/uqAbwV5sszZs2 7MrR8atqJGScpNRrqufBOZdctibbdaODrZ28CyvB2FmQiyxJws+5hCbk xkD8RfDryTRWHOErGEdm+SIpWMm+0q9ZNqcz/wkpwvO12p+KGRAscFCe jv19Oa6s2QVbidG5YcE1aj+0/t6m9ltmnE2IRgQQEQIABgUCNdyvXAAK CRBtIB6DD3RY6lcfAKCa+UALdteSFrb9Bw/gWTsY3NLTqwCg4PXMAvUu /wczQ6ETkP1+BmzA6oo= ;; AUTHORITY SECTION: dnskeys.josefsson.org. 2394 IN NS dnskeys-ns.josefsson.org. ;; Query time: 23 msec ;; SERVER: 212.181.54.2#53(212.181.54.2) ;; WHEN: Sat Jun 12 02:31:50 2004 ;; MSG SIZE rcvd: 1952 jas@latte:~/src/cks-dns$
You can contact the author at [email protected]. Unless the list managers objects, I'd prefer discussion to occur on the gnupg-devel mailinglist or the cks-devl mailinglist
The client software used against this server is gpgkeys_jkp.
$Id: index.html,v 1.11 2004/06/12 17:05:18 jas Exp $ Net::DNS 0.46 port=53 database=pgp_keys user=root creating TCP socket...done. creating UDP socket...done. waiting for connections...UDP connection from 212.181.54.2:49156 query 11084: (DFAC4BA1.dnskeys.josefsson.org, IN, CERT)...Sat Jun 12 02:17:53 2004 keyid DFAC4BA1 NXDOMAIN writing response...done waiting for connections...UDP connection from 212.181.54.2:49156 query 51298: (3F9061AB.dnskeys.josefsson.org, IN, CERT)...Sat Jun 12 02:18:17 2004 keyid 3F9061AB fingerprint 37679D0DD7BB393E94A95D1E3EFF7F01 ecsum vMz8 oid 10483959 rr 3F9061AB.dnskeys.josefsson.org 3600 IN CERT PGP 0 0 mQENAzXcqfYAAAEIAKNQ... NOERROR writing response...done waiting for connections... ^C
Chosing CryptNet as the underlying PGP key server wasn't a trivial chose. I'm sure the alternatives are all Fine And Dandy software. Here are my motivation for not chosing any of the other possible candidates.
doc/ sub-directory as a show of
good faith. And it uses PostgreSQL as the underlaying data storage,
which I believe is preferrable over Berkely DB.