GPG key servers

HKP (HTTP Keyserver Protocol) servers are used to publish and retrieve PGP public keys. With InterDiode, you can create HKP servers and add GPG keys to them in several ways, to facilitate their transfer to the internal network.

Creation

Usage

Several methods are available to add a GPG key when you have the permission:

  • Directly copy a GPG key,

  • Provide the URL of a GPG key,

  • Receive a key from another existing HKP server with its identifier,

  • Submit one via command line by calling the provided API.

Added keys will be automatically transferred to the internal network and the HKP API will be fully available. Since the HKP protocol only allows specifying a domain name, all keys from freely accessible created servers will be available to HKP clients.

Access Control

Several permission levels are available and can be assigned to users individually or by groups. The accesses granted by default to anonymous or simply authenticated users can also be selected.

  • no access: has no access at all..

  • reader: can only read GPG keys..

  • simple writer: can also add new GPG keys and change its own keys..

  • writer: can add new GPG keys and change or update any added key, including those added by someone else..

  • admin: can change settings and access controls..

Only local administrators can change access controls, and default permissions for anonymous and simply authenticated users are transferred to the red side only during the first synchronization.

User preferences

Each user can set their own preferences, like pining it as a favorite source or creating a authentication token specific to it.

Resolve transfer issues

If a problem occurred during a transfer and both sides are out of sync, it is possible to force a resynchronization by sending all or part of the data again.

Deletion

If you want to delete this source, you must delete on both sides, starting with the black side to avoid any risk of data transfer to the red side after deletion. Once deleted, the source will no longer be available, and the related data will be removed during background cleanup tasks.

Propositions

A user with the appropriate permission can make a proposition, which must be validated by an administrator.