Keyserver/README.md

# Keyserver

keys.neuro.uni-bremen.de 

```
apt update
apt upgrade
apt install git pkg-config libssl-dev curl mc argon2 ca-certificates net-tools

ufw allow 443
ufw allow 80
ufw allow 22
ufw enable

# Add root to the /etc/aliases file and add the msmtprc file to /etc
apt -y install msmtp msmtp-mta mailutils
hostname keys.neuro.uni-bremen.de
cat /etc/hostname
echo "root: davrot@neuro.uni-bremen.de" > /etc/aliases
echo "defaults" > /etc/msmtprc
echo "tls            on" >> /etc/msmtprc
echo "tls_starttls off" >> /etc/msmtprc
echo "tls_certcheck off" >> /etc/msmtprc
echo "tls_trust_file /etc/ssl/certs/ca-certificates.crt" >> /etc/msmtprc
echo "logfile        /var/log/msmtp.log" >> /etc/msmtprc
echo "" >> /etc/msmtprc
echo "# University SMTP server" >> /etc/msmtprc
echo "account        uni-bremen" >> /etc/msmtprc
echo "host           smtp.uni-bremen.de" >> /etc/msmtprc
echo "port           465" >> /etc/msmtprc
echo "from           overleaf@uni-bremen.de" >> /etc/msmtprc
echo "user           overleaf" >> /etc/msmtprc
echo "password       REDACTED" >> /etc/msmtprc
echo "set_from_header on" >> /etc/msmtprc
echo "auth on" >> /etc/msmtprc
echo "" >> /etc/msmtprc
echo "# Set a default account" >> /etc/msmtprc
echo "account default : uni-bremen" >> /etc/msmtprc
echo "" >> /etc/msmtprc
echo "aliases /etc/aliases" >> /etc/msmtprc
chmod 644 /etc/msmtprc
touch /var/log/msmtp.log
ln -s /usr/bin/msmtp /usr/sbin/sendmail
echo "Test message" | mail -s "Test subject" root


wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | sudo apt-key add -
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
apt-get update
apt-get upgrade -y 
apt install mongodb-org
mongod --version
systemctl enable mongod
systemctl start mongod
systemctl status mongod

apt install ca-certificates curl gnupg
mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
NODE_MAJOR=20
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list
apt-get update
apt install nodejs
node -v
npm -v

mongosh
use keyserver-int
db.createUser({ user:"keyserver", pwd:"REDACTED", roles:[{ role:"readWrite", db:"keyserver-int" }] })

git clone https://github.com/mailvelope/keyserver /app
cd /app
npm install

# Deal with .env  
npm test

mongosh
use keyserver
db.createUser({ user:"keyserver", pwd:"REDACTED", roles:[{ role:"readWrite", db:"keyserver" }] })
db.adminCommand({setParameter:1, ttlMonitorSleepSecs: 86400})
db.publickey.createIndex({"userIds.email" : 1, "userIds.verified" : 1})
db.publickey.createIndex({"keyId" : 1, "userIds.verified" : 1}) 
db.publickey.createIndex({"fingerprint" : 1, "userIds.verified" : 1}) 

npm start

lynx http://localhost:8888

install nginx
systemctl enable nginx
cd /etc/nginx
mv nginx.conf nginx.conf_old
# Put new nginx config here
mkdir /certs
# Put key.pem and ca.pem here
nginx -t

systemctl start nginx

#Put /etc/systemd/system/keyserver.service into place
systemctl daemon-reload
systemctl enable keyserver
systemctl start keyserver
systemctl status keyserver

ufw allow 11371

```

# Generate keys for testing (or using)

```
gpg --full-generate-key

# Parameter: 
# Key type: RSA and RSA
# Key size: 4096 bits
# Key validity: 0 (never expires)
# Real name: Your Name
# Email address: Your email address
# Comment: Optional, can leave blank
# Passphrase: Choose a strong passphrase

# Export Public Key
gpg --armor --export davrot@uni-bremen.de > public_key.asc

# Backup your private key:
gpg --armor --export-secret-keys davrot@uni-bremen.de > private_key.asc

Thunderbird 
Account Settings -> End-to-End Encryption -> Add Key -> Import existing OpenPGP key -> private_key.asc
```

# Test the key distribution

```
gpg --keyserver hkp://keys.neuro.uni-bremen.de --search davrot@uni-bremen.de
gpg --keyserver hkps://keys.neuro.uni-bremen.de --search davrot@uni-bremen.de
```