May 18, 2010

How To Setup A Free PGP Key Server in Ubuntu

Happy Tuesday everybody! Thought I would sit down and jot a little something about one of my little pet projects I decided to do at work. Every once in a while I get a wild hair to try something out for experience and it turns out to be useful for work too. I did it at my last company with Openfire, which according to friends that still work there, they still use!

This time I got the idea that we as an IT department should have the option to send each other encrypted email because due to the nature of our business, we often deal with sensitive data. Sometimes we deal with data that if it were to fall into the wrong hands could cost our company millions of dollars. Data like that needs to be protected.

One of the first blog articles I wrote here at Bauer-Power was about GPG email encryption. GPG uses the OpenPGP standard to encrypt, and sign email for privacy, security and verification. Not to mention it is really easy to implement!

One thing I had never done before though was setup my own key server. I felt that If I was going to set this up for the company, I should make an easy way for internal users, and perhaps certain external contractors to store their public keys for easy retrieval. There are a number of public PGP key servers out there, but if we wanted to make sure we had some level of trust, we wanted to maintain and control our own key server. Well it turns out that in Ubuntu, setting up a PGP/GPG key server is just as easy as setting up PGP/GPG in general.

Just do the following:

  1. Install the sks package

    >sudo apt-get install sks
  2. Build the key database

    >sudo sks build
  3. Set database permissions

    >sudo chown -Rc debian-sks:debian-sks /var/lib/sks/DB


  4. Set the server to start automatically at boot

    set initstart=yes in /etc/default/sks
  5. Start the service

    >sudo /etc/init.d/sks start


That is it! Now your server is listening on port 11371 for key requests. You can now send and retrieve keys to and from the server using your favorite key manager!

If that is not good enough for you, then you can also add a web interface to handle your key searches and requests. To do that you will need to install Apache:

>sudo apt-get install apache2


Once installed create a directory called www in /var/lib/sks/. Download the index.html and keys.jpg file you will need here: (OpenSKS Web Interface)

Extract the contents to /var/lib/sks/www/. Edit index.html and change the three references to your.site.name (currently at lines 20, 36 & 62) to the url of your keyserver, for example keys.bauer-power.net. Now set the correct permissions on that directory:


>sudo chown -R debian-sks:debian-sks /var/lib/sks/www


Now if you browse to http://your.server.name:11371 you will see a nice, user-friendly web interface for doing public key exchanges!

Does your company use email encryption? Do you use PGP/GPG? Do you use S/MIME? What do you think is easier to implement? What do you prefer and why? Let us know in the comments!

[Via RainyDayz]

Technorati Tags: , , , , , , , , ,



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam