Installing the OpenSKS keyserver

I've been trying to install a PGP keyserver for some time, then found sks.
It's in the Ubuntu repositories, so actually installing it is a breeze :

# sudo apt-get install sks

However, configuring it is a little more complicated, here are the steps I took :

  • Open a terminal window
  • Create the database to store the keys
    # sudo sks build
  • Start sks, then close it, to ensure that all files it requires are created correctly
    # sudo sks db ^C
  • Set database permissions on the database used by sks to store keys
    # sudo chown -Rc debian-sks:debian-sks /var/lib/sks/DB
  • To start the server automatically, set initstart=yes in /etc/default/sks
  • Edit /etc/init.d/sks to automatically create the/var/run/sks directory on startup.
    At (approx) line 71 (after the check for /etc/default/sks & before 'echo -n "sksdb.."') add
    mkdir -p `dirname "$SKSDBPID"`
    chown debian-sks `dirname "$SKSDBPID"`
  • The log archive script which is run daily from cron assumes that sks is using db4.1.
    Under Ubuntu the database used is db4.6.
    In /etc/cron.daily/sks change db4.1_archive to db4.6_archive.
  • The keyserver can be started

# sudo /etc/init.d/sks start

It listens on port 11371, and can be used with the encryption tools provided by Ubuntu, Thunderbird & Evolution

Now, to configure the web-interface, I had to find two files which weren't included in the distribution.
These are :

  • index.html : main keyserver web-page
  • keys.jpg : image displayed on the keyserver web-page

You can download an archive containing these files from here to your machine.
To install the files :

  • Unzip the archive
    # tar cvjf sks_www.tar.bz2
  • Edit index.html and change the three references to your.site.name (currently at lines 20, 36 & 62) to the url of your keyserver (in my case keyserver.rainydayz.org)
  • Make a directory for the files where the keyserver will look for them
    # sudo mkdir /var/lib/sks/www
  • Copy the files
    # sudo cp index.html /var/lib/sks/www/
    # sudo cp keys.jpg /var/lib/sks/www/
  • Change permissions on the files
    # sudo chown -R debian-sks:debian-sks /var/lib/sks/www
You should now be able to browse to your server on port 11371 and search for, upload & download keys. As example, my keyserver can be found at http://keyserver.rainydayz.org:11371