Installing the OpenSKS keyserver on Debian like machines

I’ve been trying to install a PGP keyserver for some time, then found sks.

It’s in the Ubuntu repositories, so actually installing it is a breeze :

# sudo apt-get install sks

However, configuring it is a little more complicated, here are the steps I took :

  • Open a terminal window
  • Create the database to store the keys
    # sudo sks build
  • Start sks, then close it, to ensure that all files it requires are created correctly
    # sudo sks db ^C
  • Set database permissions on the database used by sks to store keys
    # sudo chown -Rc debian-sks:debian-sks /var/lib/sks/DB
  • To start the server automatically, set initstart=yes in /etc/default/sks
  • Edit /etc/init.d/sks to automatically create the/var/run/sks directory on startup.
    At (approx) line 71 (after the check for /etc/default/sks & before ‘echo -n “sksdb..”‘) add

    mkdir -p dirname `"$SKSDBPID"`
     chown debian-sks dirname `"$SKSDBPID"`
  • The log archive script which is run daily from cron assumes that sks is using db4.1.
    Under Ubuntu the database used is db4.6.
    In /etc/cron.daily/sks change db4.1_archive to db4.6_archive.

    • index.html : main keyserver web-page
    • keys.jpg : image displayed on the keyserver web-page
    • Unzip the archive
      # tar cvjf sks_www.tar.bz2
    • Edit index.html and change the three references to (currently at lines 20, 36 & 62) to the url of your keyserver (in my case
    • Make a directory for the files where the keyserver will look for them
      # sudo mkdir /var/lib/sks/www
    • Copy the files
      # sudo cp index.html /var/lib/sks/www/
      # sudo cp keys.jpg /var/lib/sks/www/
    • Change permissions on the files
      # sudo chown -R debian-sks:debian-sks /var/lib/sks/www
  • The keyserver can be started

    # sudo /etc/init.d/sks start

    It listens on port 11371, and can be used with the encryption tools provided by Ubuntu, Thunderbird & Evolution

    Now, to configure the web-interface, I had to find two files which weren’t included in the distribution.
    These are :

    You can download an archive containing these files from here to your machine.
    To install the files :

    You should now be able to browse to your server on port 11371 and search for, upload & download keys.

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Turn on pictures to see the captcha *