Closed4
OpenPGPキーサーバーをローカルで走らせてみる
keys.openpgp.orgの様子
デファクトスタンダードになっていると思われる https://keys.openpgp.org/ は、https://keys.openpgp.org/about によると
Technically, keys.openpgp.org runs on the Hagrid keyserver software, which is based on Sequoia-PGP.
とのこと
Hagridをquickstartする
Xubuntu 20.04でやってみます。
$ sudo apt install gnutls-bin nettle-dev gcc llvm-dev libclang-dev build-essential pkg-config gettext
:
The following additional packages will be installed:
lib32gcc-s1 lib32stdc++6 libc6-i386 libclang-10-dev libclang-common-10-dev
libclang-cpp10 libclang1-10 libgnutls-dane0 libobjc-9-dev libobjc4 libopts25
libpfm4 libunbound8 libz3-4 libz3-dev llvm llvm-10 llvm-10-dev
llvm-10-runtime llvm-10-tools llvm-runtime
Suggested packages:
llvm-10-doc
The following NEW packages will be installed:
gnutls-bin lib32gcc-s1 lib32stdc++6 libc6-i386 libclang-10-dev
libclang-common-10-dev libclang-cpp10 libclang-dev libclang1-10
libgnutls-dane0 libobjc-9-dev libobjc4 libopts25 libpfm4 libunbound8 libz3-4
libz3-dev llvm llvm-10 llvm-10-dev llvm-10-runtime llvm-10-tools llvm-dev
llvm-runtime nettle-dev
:
$ sudo snap install --classic rustup
rustup 1.23.1 from Daniel Silverstone (dsilvers) installed
$ git clone https://gitlab.com/hagrid-keyserver/hagrid.git
$ cd hagrid/
$ rustup override set nightly-2020-06-01
info: syncing channel updates for 'nightly-2020-06-01-x86_64-unknown-linux-gnu'
info: latest update on 2020-06-01, rust version 1.45.0-nightly (5fd2f06e9 2020-05-31)
info: downloading component 'cargo'
info: downloading component 'clippy'
info: downloading component 'rust-docs'
info: downloading component 'rust-std'
info: downloading component 'rustc'
info: downloading component 'rustfmt'
info: installing component 'cargo'
info: using up to 500.0 MiB of RAM to unpack components
info: installing component 'clippy'
info: installing component 'rust-docs'
info: installing component 'rust-std'
info: installing component 'rustc'
info: installing component 'rustfmt'
info: override toolchain for '/home/zunda/src/gitlab.com/hagrid-keyserver/hagrid' set to 'nightly-2020-06-01-x86_64-unknown-linux-gnu'
nightly-2020-06-01-x86_64-unknown-linux-gnu installed - rustc 1.45.0-nightly (5fd2f06e9 2020-05-31)
$ cp Rocket.toml.dist Rocket.toml
$ cargo run
:
🔧 Configured for development.
=> address: 0.0.0.0
=> port: 8080
=> log: normal
=> workers: 24
=> secret key: generated
=> limits: forms = 32KiB
=> keep-alive: 5s
=> tls: disabled
:
Opened filesystem database.
keys_internal_dir: 'state/keys-internal'
keys_external_dir: 'state/keys-external'
tmp_dir: 'state/tmp'
Opened stateful token store
token_dir: 'state/tokens'
TemplateOverrides("localized", {})
🛰 Mounting /:
=> GET / (root)
=> GET /about (about)
=> GET /about/news (news)
=> GET /atom.xml (news_atom)
=> GET /about/privacy (privacy)
=> GET /about/api (apidoc)
=> GET /about/faq (faq)
=> GET /about/usage (usage)
=> GET /assets/<file..> (files)
=> GET /about/stats (stats)
=> GET /errors/<code>/<template> (errors)
=> GET /vks/v1/by-email/<email> (vks_v1_by_email)
=> GET /vks/v1/by-fingerprint/<fpr> (vks_v1_by_fingerprint)
=> GET /vks/v1/by-keyid/<kid> (vks_v1_by_keyid)
=> POST /vks/v1/upload application/json (upload_json)
=> POST /vks/v1/upload [2] (upload_fallback)
=> POST /vks/v1/request-verify application/json (request_verify_json)
=> POST /vks/v1/request-verify [2] (request_verify_fallback)
=> GET /search?<q> (search)
=> GET /upload (upload)
=> POST /upload/submit application/x-www-form-urlencoded (upload_post_form)
=> POST /upload/submit multipart/form-data (upload_post_form_data)
=> POST /upload/request-verify application/x-www-form-urlencoded (request_verify_form)
=> POST /upload/request-verify multipart/form-data (request_verify_form_data)
=> POST /verify/<token> (verify_confirm)
=> GET /verify/<token> (verify_confirm_form)
=> PUT / (quick_upload)
=> GET /upload/<token> [2] (quick_upload_proceed)
=> GET /debug?<q> (debug_info)
=> GET /pks/lookup (pks_lookup)
=> POST /pks/add application/x-www-form-urlencoded (pks_add_form)
=> POST /pks/add multipart/form-data (pks_add_form_data)
=> GET /pks/internal/index/<query_string> (pks_internal_index)
=> GET /manage (vks_manage)
=> GET /manage/<token> (vks_manage_key)
=> POST /manage (vks_manage_post)
=> POST /manage/unpublish (vks_manage_unpublish)
=> GET /maintenance/web/<message> (maintenance_error_web)
=> GET /maintenance/json/<message> (maintenance_error_json)
=> GET /maintenance/plain/<message> (maintenance_error_plain)
📡 Fairings:
=> 2 request: Templates, Maintenance Mode
🚀 Rocket has launched from http://0.0.0.0:8080
ローカルのキーサーバとやりとりしてみる
https://zenn.dev/zunda/scraps/ce4b1b1590e3be で作った鍵の公開鍵をアップロードしてみる。
$ gpg --edit-key test
:
gpg> keyserver
Enter your preferred keyserver URL: http://0.0.0.0:8080
sec rsa3072/65CB1C45D7D1375B
created: 2021-04-10 expires: 2023-04-10 usage: SC
trust: ultimate validity: ultimate
ssb rsa3072/9E6693154CD4166E
created: 2021-04-10 expires: never usage: E
[ultimate] (1). test <test@example.com>
gpg> save
$ gpg --send-keys --keyserver http://0.0.0.0:8080 663ABA5F8BD3594700D336F465CB1C45D7D1375B
gpg: sending key 65CB1C45D7D1375B to http://0.0.0.0:8080
$ cargo run
:
POST /pks/add application/x-www-form-urlencoded:
=> Matched: POST /pks/add application/x-www-form-urlencoded (pks_add_form)
2021-04-12
To: test@example.com
Hi,
This is an automated message from localhost.
If you didn't upload your key, please ignore this message.
OpenPGP key: 663ABA5F8BD3594700D336F465CB1C45D7D1375B
This key was just uploaded for the first time, and is now published without
identity information. If you want to allow others to find this key by e-mail
address, please follow this link:
http://localhost:8080/upload/Tm6RKhXsj4I9MpAY3ykhVHSoV4YYhZl41COmOGYcQtCAKtEwj2hTEOY_HxCwEn9X6nyA4QiP09ejfkAm-1bGkjpMaBzNlm8HUouFtXVcGb5dnUWH8W4I5MFH7EuyYA6rvVQeZIMjRB3uRbCa9bBqnoF-m87E_oV_vQBVieLjFqqE4WBqx5UehuHsL0i3MK-7vBp3hyUOa0DEZrKGTfX-
You can find more info at http://localhost:8080/about
--
http://localhost:8080
distributing OpenPGP keys since 2019
Wrote <6ad98dd1-9902-431a-ae77-7730a29dcaea@localhost> message to stdin
=> Outcome: Success
=> Response succeeded.
メールを送るまでやってた。申し訳ない。
developmentモードでの設定
Quickstartをするとdevelopmentモードで起動するようだ。この状態で、
- 設定内容は
Rocket.toml
から読み込まれる (Rocket.toml.dist
ではない) - アップロードした公開鍵は
state/
以下にファイルとして保存された
また
- メールは外部に送られていたので送られないようにしたい:
Rocket.toml
の[development]
にfilemail_into
を設定する - アップロードした公開鍵が外部に送られないことを確認したい
- キーサーバーどうしで公開鍵を同期するようなコードを見つけることはできなかった
-
https://keys.openpgp.org/ で
test@example.com
の公開鍵を検索して見つけることはできなかった
メールの送信
git grep mail_rate_limit
からたどるとsrc/web/mod.rs
でメールの送信をしているようだ。filemail_into
を設定すればメールを送信する代わりにファイルに書いてくれるかもしれない。src/mail.rs
の実装を見るとemail_template_dir
と同様に指定すれば良さそう。
下記をRocket.toml
の[development]
に追加してmkdir -p var/outbox
してみた。
filemail_into = "var/outbox"
cargo run
して下記のコマンドを実行するとvar/outbox/<3a240196-5400-47ce-acc1-42799d883f9e@localhost>.json
ファイルができていた。jq '.message | implode'
でメールのヘッダと本文を取り出すことができる。
$ gpg --send-keys --keyserver http://0.0.0.0:8080 3FC16E4B3DD433D9285736CFB96D35B21DCE133D
このスクラップは2022/05/30にクローズされました