# Keyserver keys.neuro.uni-bremen.de ``` apt update apt upgrade apt install git pkg-config libssl-dev curl mc argon2 ca-certificates net-tools ufw allow 443 ufw allow 80 ufw allow 22 ufw enable # Add root to the /etc/aliases file and add the msmtprc file to /etc apt -y install msmtp msmtp-mta mailutils hostname keys.neuro.uni-bremen.de cat /etc/hostname echo "root: davrot@neuro.uni-bremen.de" > /etc/aliases echo "defaults" > /etc/msmtprc echo "tls on" >> /etc/msmtprc echo "tls_starttls off" >> /etc/msmtprc echo "tls_certcheck off" >> /etc/msmtprc echo "tls_trust_file /etc/ssl/certs/ca-certificates.crt" >> /etc/msmtprc echo "logfile /var/log/msmtp.log" >> /etc/msmtprc echo "" >> /etc/msmtprc echo "# University SMTP server" >> /etc/msmtprc echo "account uni-bremen" >> /etc/msmtprc echo "host smtp.uni-bremen.de" >> /etc/msmtprc echo "port 465" >> /etc/msmtprc echo "from overleaf@uni-bremen.de" >> /etc/msmtprc echo "user overleaf" >> /etc/msmtprc echo "password REDACTED" >> /etc/msmtprc echo "set_from_header on" >> /etc/msmtprc echo "auth on" >> /etc/msmtprc echo "" >> /etc/msmtprc echo "# Set a default account" >> /etc/msmtprc echo "account default : uni-bremen" >> /etc/msmtprc echo "" >> /etc/msmtprc echo "aliases /etc/aliases" >> /etc/msmtprc chmod 644 /etc/msmtprc touch /var/log/msmtp.log ln -s /usr/bin/msmtp /usr/sbin/sendmail echo "Test message" | mail -s "Test subject" root wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | sudo apt-key add - echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list apt-get update apt-get upgrade -y apt install mongodb-org mongod --version systemctl enable mongod systemctl start mongod systemctl status mongod apt install ca-certificates curl gnupg mkdir -p /etc/apt/keyrings curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg NODE_MAJOR=20 echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list apt-get update apt install nodejs node -v npm -v mongosh use keyserver-int db.createUser({ user:"keyserver", pwd:"REDACTED", roles:[{ role:"readWrite", db:"keyserver-int" }] }) git clone https://github.com/mailvelope/keyserver /app cd /app npm install # Deal with .env npm test mongosh use keyserver db.createUser({ user:"keyserver", pwd:"REDACTED", roles:[{ role:"readWrite", db:"keyserver" }] }) db.adminCommand({setParameter:1, ttlMonitorSleepSecs: 86400}) db.publickey.createIndex({"userIds.email" : 1, "userIds.verified" : 1}) db.publickey.createIndex({"keyId" : 1, "userIds.verified" : 1}) db.publickey.createIndex({"fingerprint" : 1, "userIds.verified" : 1}) npm start lynx http://localhost:8888 install nginx systemctl enable nginx cd /etc/nginx mv nginx.conf nginx.conf_old # Put new nginx config here mkdir /certs # Put key.pem and ca.pem here nginx -t systemctl start nginx #Put /etc/systemd/system/keyserver.service into place systemctl daemon-reload systemctl enable keyserver systemctl start keyserver systemctl status keyserver ufw allow 11371 ``` # Generate keys for testing (or using) ``` gpg --full-generate-key # Parameter: # Key type: RSA and RSA # Key size: 4096 bits # Key validity: 0 (never expires) # Real name: Your Name # Email address: Your email address # Comment: Optional, can leave blank # Passphrase: Choose a strong passphrase # Export Public Key gpg --armor --export davrot@uni-bremen.de > public_key.asc # Backup your private key: gpg --armor --export-secret-keys davrot@uni-bremen.de > private_key.asc Thunderbird Account Settings -> End-to-End Encryption -> Add Key -> Import existing OpenPGP key -> private_key.asc ``` # Test the key distribution ``` gpg --keyserver hkp://keys.neuro.uni-bremen.de --search davrot@uni-bremen.de gpg --keyserver hkps://keys.neuro.uni-bremen.de --search davrot@uni-bremen.de ```