1. Server Administration

An administrator may perform limited admin tasks by submitting signed requests over HTTP. All such tasks require an admin key or keys to be set in the configuration file:

[hockeypuck]
adminKeys=[
    "DECAFBADDECAFBADDECAFBADDECAFBADDECAFBAD",
]

A plaintext request (below called request.txt) follows a standard format:

The first line is the path of the operation, e.g. /pks/delete or /pks/replace. This helps prevent signature-reuse attacks, and must match exactly.
The remaining lines of the request are the message data.

The plaintext request is signed (as text, not binary!) by one of the admin keys using e.g. gosop:

gosop sign --as text $SECRET_KEY < request.txt > sig.asc

Where $SECRET_KEY is a file containing the admin secret key. It can then be submitted via e.g. curl:

curl https://keys.example.com/$PATH --data-urlencode keytext@request.txt --data-urlencode keysig@sig.asc

Where $PATH is the path of the operation.

1.1. Key Deletion and Replacement

BEWARE that deletion and replacement actions do not prevent the old key data from being resubmitted or resynced from the server's peers. To prevent changes being overwritten, the key's fingerprint should be added to the server's blacklist first.

To delete a key, the path is /pks/delete
To replace a key, the path is /pks/replace

In both cases, the message data is a valid ASCII-armored copy of the key to be deleted or replaced. In the case of replacement, this copy of the key is the one that will replace the one on disk.

Authors

Andrew Gallagher

https://hockeypuck.io