techblog 

The Problem:

We want to maintain a keyserver with the PGP keys of our customers. We should be able to add and delete keys from it as they are added to, and marked as “old” in, a database. There should be no human process required other than maintaining the database (which contains ASCII-armoured keys).

Attempt 1; using the PGPsdk (Version 1.7.1).

We have a script which builds, from scratch, a local keyring according to the database. So the first thing we tried was to modify this script to interact with a keyserver instead.

(ASIDE: There are a number of problems with using the PGPsdk. Routines are, in themselves, fairly well documented. However, there is no real indication as to how it all fits together. So, once you move away from something which is in their example code then you are really on your own.)

Now, in order to be able to delete keys you need an LDAP keyserver. We initially set up the PGP keyserver v7.0 provided by Networks Associates Technology, Inc. on Solaris8 (and windows).

Okay, so starting with the ability to add keys eventually we got something working. However, it would reject some keys when trying to add them to the keyserver. We did not actually get to the bottom of this one; but a quick look suggested that only “PGPsdk 2.0.1″ type keys worked… We can not say this for certain; what we can say though is that ALL the keys were successfully added to a keyfile built at the same time.

Putting that to one side we looked at deleting keys from the keyserver. This proved even less fruitful than adding keys did. The issue here is connecting with sufficient privileges to delete keys, which means connecting as an administrator. From the keyserver point of view it looks like you can assign connections from certain hosts/IP addresses as having administrator privileges; or you can use a shared key.

Despite all attempts we never managed to get this working. The only 2 ways we managed to delete keys was by 1) using the windows PGP client and 2) taking the nuclear option and deleting the keyservers data files. (NOTE: The PGPsdk has changed beyond all recognition between the version that we are using and the current version. We assume that the current keyserver and clients use the new sdk.)

Attempt 2; using the command line.

With the same keyservers we tried using the PGP and GnuPG command lines. Various versions were used but mostly PGP v6.5.8 and GnuPG v1.2.5; both on Linux. Oddly, trying the PGP command line does not work as it claims that whatever key you are trying to delete does not exist. The server logs show subtly different traffic for this transaction compared to a (successful) deletion from the windows client. gpg was even less successful; executing the commands on the same machine as the keyserver did not seem to help either.

We got in contact with the PGP Corporation about the new version of their command line. (Thinking that if it is built with the same version of the PGPsdk as the keyserver that it will have more chance of success.) To date they have not got back in touch (two months at the time of writing).

Attempt 3; fight the power.

Maybe a different keyserver could solve our problems? There are a number of open source keyservers out there; we tried “pks” and “cks” with little success.

There are other keyservers available but you have to draw the line somewhere.

Conclusion.

Because of the way that keyservers synchronise between themselves deleting keys is often futile; they get written back from other keyserver(s). This has led to little or no requirement for being able to delete keys (there are processes in place for the revocation of keys). So deletion is perhaps the least developed aspect of keyserver functionality.

The simplest way to achieve key deletion (without human intervention) is to delete ALL of the keys and rebuild the keyserver from scratch. This takes ~1/2 an hour for our 3,500 keys, which stops us from doing it during work hours.