Skip to content
ygrek edited this page May 8, 2020 · 2 revisions

Overview

SKS is an OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization. That means that a key submitted to one SKS server will quickly be distributed to all key servers, and even wildly out-of-date servers, or servers that experience spotty connectivity, can fully synchronize with rest of the system.

The foundation of SKS is an efficient algorithm for reconciling remote data sets. That algorithm is described in the following papers:

Features

  • Highly efficient and reliable reconciliation algorithm
  • Follows RFC2440 and RFC4880 carefully --- SKS supports new and old style packets, photoID packets, multiple subkeys, and pretty much everything allowed by the RFCs, including Elliptic Curve Public keys (ECDH, ECDSA) found in RFC6637.
  • Fully compatible with PKS system --- can both send and receive syncs from PKS servers, ensuring seamless connectivity.
  • Simple configuration: each host just needs a (partial) list of the other participating key servers. Gossip is used to distribute information without putting a heavy load an any one host.
  • Supports HKP/web-based querying, and machine readable indices

The design of SKS is deliberately simple. The server consists of two single-threaded processes. The first, "sks db", fulfills the normal jobs associated with a public key server, such as answering web requests. The only special functionality of "sks db" is that it keeps a log summarizing the changes to the key database. "sks recon" does all the work with respect to reconciling hosts databases. "sks recon" keeps track of specialized summary information about the database, and can use that information to efficiently determine the differences between its database and that of another host.

Existing Wiki Pages

PageName Summary + Labels
Peering Getting started in the peering mesh, establishing peers.
TLS Configuration Configuring TLS for HKPS and pool compatibility
KeydumpSources Places to get keyserver dumps for initialising your server.
DumpingKeys How to dump keys
Documentation Pointer to useful documentation
WikiSyntax Creole Syntax for Wiki Editors
Clone this wiki locally