cert_backend/connector_keyserver
2025-01-09 18:04:08 +01:00
..
mongo_docker connector_keyserver/mongo_docker/README.md hinzugefügt 2025-01-09 17:42:08 +01:00
.env connector_keyserver/.env hinzugefügt 2025-01-09 17:49:14 +01:00
LICENSE.txt Dateien nach „connector_keyserver“ hochladen 2025-01-09 16:52:10 +01:00
nginx.conf connector_keyserver/nginx.conf aktualisiert 2025-01-09 17:47:07 +01:00
README.md connector_keyserver/README.md aktualisiert 2025-01-09 18:04:08 +01:00

  • We need SSL certificates and a DNS entry.
  • Allow only the
/pks/lookup 

URL?

Disable eMail functions

In src/server.js

Change this line

const Email = require('./modules/email');

to

// const Email = require('./modules/email');

Replace this

  const email = new Email();
  email.init(conf.email);

with

  const email = null;
//  const email = new Email();
//  email.init(conf.email);  

In src/modules/public-key.js

Replace this line

await this._email.send({template: tpl.verifyKey, userId, keyId, origin, publicKeyArmored: userId.publicKeyArmored, i18n});

with

// await this._email.send({template: tpl.verifyKey, userId, keyId, origin, publicKeyArmored: userId.publicKeyArmored, i18n});

and this

await this._email.send({template: tpl.verifyRemove, userId, keyId, origin, i18n});

with

// await this._email.send({template: tpl.verifyRemove, userId, keyId, origin, i18n});

REST

Upload new key

POST /api/v1/key
Payload (JSON):
{
  "publicKeyArmored": "-----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----"
}

Use mongodb connection to overwrite all entries in

keyserver.publickey.userIds

list with:

verified: true,
verified: true,
nonce: null

as well as in the

keyserver.publickey

overwrite with

verifyUntil: null

Micromanage the email addresses

Use mongodb connection to control the

keyserver.publickey.userIds

list.

Entries are like:

    userIds: [
      {
        name: 'David Rotermund',
        email: 'davrot@uni-bremen.de',
        verified: true,
        publicKeyArmored: null,
        nonce: null
      }
    ],

If the last email is removed, the

keyserver.publickey

entry needs to be removed completly.

Remove entry with all email addresses

Use mongodb connection to remove the

keyserver.publickey

entry which contains a userIds with the email address.

Notes

mongosh
use keyserver-int
db.createUser({ user:"keyserver", pwd:"REDACTED", roles:[{ role:"readWrite", db:"keyserver-int" }] })

git clone https://github.com/mailvelope/keyserver /app
cd /app
npm install

# Deal with .env  
npm test

mongosh
use keyserver
db.createUser({ user:"keyserver", pwd:"REDACTED", roles:[{ role:"readWrite", db:"keyserver" }] })
db.adminCommand({setParameter:1, ttlMonitorSleepSecs: 86400})
db.publickey.createIndex({"userIds.email" : 1, "userIds.verified" : 1})
db.publickey.createIndex({"keyId" : 1, "userIds.verified" : 1}) 
db.publickey.createIndex({"fingerprint" : 1, "userIds.verified" : 1}) 

npm start