Software

Standards

This keyserver supports OpenPGP keys, as defined in RFC 2440 and RFC 4880.

KeyServer software

This keyserver uses the Synchronising Key Server (SKS), an open source OpenPGP keyserver.

The keyserver is accessed using the HTTP KeyServer Protocol (HKP), originally known as the Horowitz KeyServer Protocol, normally available on port 11371. This started as an undergraduate project that specified a new HTTP interface for keyservers.

If you don't have an HKP compliant tool to hand then you can use the simple web interface on port 11371 that implements the commands of HKP. Most keyservers have a very similar interface but we have tidied ours up a bit.

Whereas older PKS keyservers used slow email-based synchronisation, which SKS supports, SKS introduced a protocol called Gossip that provides fast reconciliation, based on a [rigorous mathematical framework. Gossip is generally implemented over port 11370.

The geeks amongst you might be interested to know SKS is written in Objective CAML (OCAML).

Clients

The only client we recommend is Gnu Privacy Guard (GPG), which is a fully featured command line tool. There are some frontends for it that you might like linked to from the GPG site.

Libraries

There are a number of libraries available but take note that many of them actually use GPG in the background rather than provide the functionality themselves.

  • GPGME is the standard C library that interfaces with GPG and is produced by the same people.
  • OpenPGP SDK is an almost complete C library that uses OpenSSL for the crypto side and has no dependence on GPG.

Mail Plugins

As we use OSX the only mail plugin we can recommend is GPGTools, which works seamlessly with Apple Mail and GPG.

GPG Best Practices

We reccommend following the Riseup GPG best practices, this document includes information on how to set up your GPG key(s) and how to properly interact with GPG keyservers.