Hockeypuck OpenPGP Public Keyserver

1. Server Administration

An administrator may perform limited admin tasks by submitting signed requests over HTTP. All such tasks require an admin key or keys to be set in the configuration file:

[hockeypuck]
adminKeys=[
    "DECAFBADDECAFBADDECAFBADDECAFBADDECAFBAD",
]
    

A plaintext request (below called request.txt) follows a standard format:

The plaintext request is signed by one of the admin keys using e.g. gosop:

gosop sign $SECRET_KEY < request.txt > sig.asc
  

Where $SECRET_KEY is a file containing the admin secret key. It can then be submitted via e.g. curl:

curl https://keys.example.com/$PATH --data-urlencode keytext@request.txt --data-urlencode keysig@sig.asc
  

Where $PATH is the path of the operation.

1.1. Key Deletion and Replacement

BEWARE that deletion and replacement actions do not prevent the old key data from being resubmitted or resynced from the server's peers. To prevent changes being overwritten, the key's fingerprint should be added to the server's blacklist first.

In both cases, the message data is a valid ASCII-armored copy of the key to be deleted or replaced. In the case of replacement, this copy of the key is the one that will replace the one on disk.

Authors

Andrew Gallagher