Zenn
Closed4

OpenPGPキーサーバーをローカルで走らせてみる

Rust
#
OpenPGP
#
hagrid
zundazunda

Hagridをquickstartする

https://gitlab.com/hagrid-keyserver/hagrid#quick-start

Xubuntu 20.04でやってみます。

$ sudo apt install gnutls-bin nettle-dev gcc llvm-dev libclang-dev build-essential pkg-config gettext
  :
The following additional packages will be installed:
  lib32gcc-s1 lib32stdc++6 libc6-i386 libclang-10-dev libclang-common-10-dev
  libclang-cpp10 libclang1-10 libgnutls-dane0 libobjc-9-dev libobjc4 libopts25
  libpfm4 libunbound8 libz3-4 libz3-dev llvm llvm-10 llvm-10-dev
  llvm-10-runtime llvm-10-tools llvm-runtime
Suggested packages:
  llvm-10-doc
The following NEW packages will be installed:
  gnutls-bin lib32gcc-s1 lib32stdc++6 libc6-i386 libclang-10-dev
  libclang-common-10-dev libclang-cpp10 libclang-dev libclang1-10
  libgnutls-dane0 libobjc-9-dev libobjc4 libopts25 libpfm4 libunbound8 libz3-4
  libz3-dev llvm llvm-10 llvm-10-dev llvm-10-runtime llvm-10-tools llvm-dev
  llvm-runtime nettle-dev
  :
$ sudo snap install --classic rustup
rustup 1.23.1 from Daniel Silverstone (dsilvers) installed
$ git clone https://gitlab.com/hagrid-keyserver/hagrid.git
$ cd hagrid/
$ rustup override set nightly-2020-06-01
info: syncing channel updates for 'nightly-2020-06-01-x86_64-unknown-linux-gnu'
info: latest update on 2020-06-01, rust version 1.45.0-nightly (5fd2f06e9 2020-05-31)
info: downloading component 'cargo'
info: downloading component 'clippy'
info: downloading component 'rust-docs'
info: downloading component 'rust-std'
info: downloading component 'rustc'
info: downloading component 'rustfmt'
info: installing component 'cargo'
info: using up to 500.0 MiB of RAM to unpack components
info: installing component 'clippy'
info: installing component 'rust-docs'
info: installing component 'rust-std'
info: installing component 'rustc'
info: installing component 'rustfmt'
info: override toolchain for '/home/zunda/src/gitlab.com/hagrid-keyserver/hagrid' set to 'nightly-2020-06-01-x86_64-unknown-linux-gnu'

  nightly-2020-06-01-x86_64-unknown-linux-gnu installed - rustc 1.45.0-nightly (5fd2f06e9 2020-05-31)

$ cp Rocket.toml.dist Rocket.toml
$ cargo run
  :
🔧 Configured for development.
    => address: 0.0.0.0
    => port: 8080
    => log: normal
    => workers: 24
    => secret key: generated
    => limits: forms = 32KiB
    => keep-alive: 5s
    => tls: disabled
  :
Opened filesystem database.
keys_internal_dir: 'state/keys-internal'
keys_external_dir: 'state/keys-external'
tmp_dir: 'state/tmp'
Opened stateful token store
token_dir: 'state/tokens'
TemplateOverrides("localized", {})
🛰  Mounting /:
    => GET / (root)
    => GET /about (about)
    => GET /about/news (news)
    => GET /atom.xml (news_atom)
    => GET /about/privacy (privacy)
    => GET /about/api (apidoc)
    => GET /about/faq (faq)
    => GET /about/usage (usage)
    => GET /assets/<file..> (files)
    => GET /about/stats (stats)
    => GET /errors/<code>/<template> (errors)
    => GET /vks/v1/by-email/<email> (vks_v1_by_email)
    => GET /vks/v1/by-fingerprint/<fpr> (vks_v1_by_fingerprint)
    => GET /vks/v1/by-keyid/<kid> (vks_v1_by_keyid)
    => POST /vks/v1/upload application/json (upload_json)
    => POST /vks/v1/upload [2] (upload_fallback)
    => POST /vks/v1/request-verify application/json (request_verify_json)
    => POST /vks/v1/request-verify [2] (request_verify_fallback)
    => GET /search?<q> (search)
    => GET /upload (upload)
    => POST /upload/submit application/x-www-form-urlencoded (upload_post_form)
    => POST /upload/submit multipart/form-data (upload_post_form_data)
    => POST /upload/request-verify application/x-www-form-urlencoded (request_verify_form)
    => POST /upload/request-verify multipart/form-data (request_verify_form_data)
    => POST /verify/<token> (verify_confirm)
    => GET /verify/<token> (verify_confirm_form)
    => PUT / (quick_upload)
    => GET /upload/<token> [2] (quick_upload_proceed)
    => GET /debug?<q> (debug_info)
    => GET /pks/lookup (pks_lookup)
    => POST /pks/add application/x-www-form-urlencoded (pks_add_form)
    => POST /pks/add multipart/form-data (pks_add_form_data)
    => GET /pks/internal/index/<query_string> (pks_internal_index)
    => GET /manage (vks_manage)
    => GET /manage/<token> (vks_manage_key)
    => POST /manage (vks_manage_post)
    => POST /manage/unpublish (vks_manage_unpublish)
    => GET /maintenance/web/<message> (maintenance_error_web)
    => GET /maintenance/json/<message> (maintenance_error_json)
    => GET /maintenance/plain/<message> (maintenance_error_plain)
📡 Fairings:
    => 2 request: Templates, Maintenance Mode
🚀 Rocket has launched from http://0.0.0.0:8080
zundazunda

ローカルのキーサーバとやりとりしてみる

https://zenn.dev/zunda/scraps/ce4b1b1590e3be で作った鍵の公開鍵をアップロードしてみる。

 $ gpg --edit-key test
  :
gpg> keyserver
Enter your preferred keyserver URL: http://0.0.0.0:8080

sec  rsa3072/65CB1C45D7D1375B
     created: 2021-04-10  expires: 2023-04-10  usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa3072/9E6693154CD4166E
     created: 2021-04-10  expires: never       usage: E   
[ultimate] (1). test <test@example.com>

gpg> save
$ gpg --send-keys --keyserver http://0.0.0.0:8080 663ABA5F8BD3594700D336F465CB1C45D7D1375B
gpg: sending key 65CB1C45D7D1375B to http://0.0.0.0:8080

$ cargo run
  :
POST /pks/add application/x-www-form-urlencoded:
    => Matched: POST /pks/add application/x-www-form-urlencoded (pks_add_form)
2021-04-12
To: test@example.com
Hi,

This is an automated message from localhost.
If you didn't upload your key, please ignore this message.

OpenPGP key: 663ABA5F8BD3594700D336F465CB1C45D7D1375B

This key was just uploaded for the first time, and is now published without
identity information. If you want to allow others to find this key by e-mail
address, please follow this link:

    http://localhost:8080/upload/Tm6RKhXsj4I9MpAY3ykhVHSoV4YYhZl41COmOGYcQtCAKtEwj2hTEOY_HxCwEn9X6nyA4QiP09ejfkAm-1bGkjpMaBzNlm8HUouFtXVcGb5dnUWH8W4I5MFH7EuyYA6rvVQeZIMjRB3uRbCa9bBqnoF-m87E_oV_vQBVieLjFqqE4WBqx5UehuHsL0i3MK-7vBp3hyUOa0DEZrKGTfX-

You can find more info at http://localhost:8080/about

-- 

http://localhost:8080
distributing OpenPGP keys since 2019

Wrote <6ad98dd1-9902-431a-ae77-7730a29dcaea@localhost> message to stdin
    => Outcome: Success
    => Response succeeded.

メールを送るまでやってた。申し訳ない。

zundazunda

developmentモードでの設定

Quickstartをするとdevelopmentモードで起動するようだ。この状態で、

  • 設定内容はRocket.tomlから読み込まれる (Rocket.toml.distではない)
  • アップロードした公開鍵はstate/以下にファイルとして保存された

また

  • メールは外部に送られていたので送られないようにしたい: Rocket.toml[development]filemail_intoを設定する
  • アップロードした公開鍵が外部に送られないことを確認したい
    • キーサーバーどうしで公開鍵を同期するようなコードを見つけることはできなかった
    • https://keys.openpgp.org/test@example.comの公開鍵を検索して見つけることはできなかった

メールの送信

git grep mail_rate_limitからたどるとsrc/web/mod.rsでメールの送信をしているようだ。filemail_intoを設定すればメールを送信する代わりにファイルに書いてくれるかもしれない。src/mail.rsの実装を見るとemail_template_dirと同様に指定すれば良さそう。

下記をRocket.toml[development]に追加してmkdir -p var/outboxしてみた。

filemail_into = "var/outbox"

cargo runして下記のコマンドを実行するとvar/outbox/<3a240196-5400-47ce-acc1-42799d883f9e@localhost>.jsonファイルができていた。jq '.message | implode'でメールのヘッダと本文を取り出すことができる。

$ gpg --send-keys --keyserver http://0.0.0.0:8080 3FC16E4B3DD433D9285736CFB96D35B21DCE133D
このスクラップは2022/05/30にクローズされました