Key server (cryptographic)
   HOME

TheInfoList



OR:

In
computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
, a key server is a computer that receives and then serves existing cryptographic keys to users or other programs. The users' programs can be running on the same network as the key server or on another networked computer. The keys distributed by the key server are almost always provided as part of a cryptographically protected public key certificates containing not only the key but also 'entity' information about the owner of the key. The certificate is usually in a standard format, such as the OpenPGP public key format, the X.509 certificate format, or the PKCS format. Further, the key is almost always a public key for use with an asymmetric key encryption algorithm.


History

Key servers play an important role in
public key cryptography Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic al ...
. In public key cryptography an individual is able to generate a key pair, where one of the keys is kept private while the other is distributed publicly. Knowledge of the public key does not compromise the security of public key cryptography. An individual holding the public key of a key pair can use that key to carry out cryptographic operations that allow secret communications with strong authentication of the holder of the matching private key. The need to have the public key of a key pair in order to start communication or verify signatures is a bootstrapping problem. Locating keys on the web or writing to the individual asking them to transmit their public keys can be time consuming and unsecure. Key servers act as central repositories to alleviate the need to individually transmit public keys and can act as the root of a
chain of trust In computer security, a chain of trust is established by validating each component of hardware and software from the end entity up to the root certificate. It is intended to ensure that only trusted software and hardware can be used while sti ...
. The first web-based PGP keyserver was written for a thesis by Marc Horowitz, while he was studying at
MIT The Massachusetts Institute of Technology (MIT) is a private research university in Cambridge, Massachusetts, United States. Established in 1861, MIT has played a significant role in the development of many areas of modern technology and sc ...
. Horowitz's keyserver was called the HKP Keyserver after a web-based OpenPGP HTTP Keyserver Protocol (HKP), used to allow people to interact with the keyserver. Users were able to upload, download, and search keys either through HKP on TCP port 11371, or through web pages which ran CGI scripts. Before the creation of the HKP Keyserver, keyservers relied on email processing scripts for interaction.


Enterprise PGP

A separate key server, known as the PGP Certificate Server, was developed by PGP, Inc. and was used as the software (through version 2.5.x for the server) for the default key server in PGP through version 8.x (for the client software), keyserver.pgp.com. Network Associates was granted a
patent A patent is a type of intellectual property that gives its owner the legal right to exclude others from making, using, or selling an invention for a limited period of time in exchange for publishing an sufficiency of disclosure, enabling discl ...
co-authored by
Jon Callas Jon Callas is an American computer security expert, software engineer, user experience designer, and technologist who is the co-founder and former CTO of the global encrypted communications service Silent Circle.http://www.linkedin.com/in/joncal ...
(United States Patent 6336186) on the key server concept. To replace the aging Certificate Server, an
LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed Directory service, directory information services over an Internet Protocol (IP) networ ...
-based key server was redesigned at Network Associates in part by Randy Harmon and
Len Sassaman Leonard Harris Sassaman (April 9, 1980 – July 3, 2011) was an American technologist, information privacy advocate, and the maintainer of the Mixmaster anonymous remailer code and operator of the ''randseed'' remailer. Much of his career gravi ...
, called PGP Keyserver 7. With the release of PGP 6.0, LDAP was the preferred key server interface for Network Associates’ PGP versions. This LDAP and LDAPS key server (which also spoke HKP for backwards compatibility, though the protocol was (arguably correctly) referred to as “HTTP” or “HTTPS”) also formed the basis for the PGP Administration tools for private key servers in corporate settings, along with a
schema Schema may refer to: Science and technology * SCHEMA (bioinformatics), an algorithm used in protein engineering * Schema (genetic algorithms), a set of programs or bit strings that have some genotypic similarity * Schema.org, a web markup vocab ...
for Netscape Directory Server. PGP Keyserver 7 was later replaced by the new
PGP Corporation PGP Corporation was a company that sold Pretty Good Privacy computer software. It was founded in 2002, and acquired by Symantec in 2010, and by Broadcom in 2019. History PGP Corporation was co-founded in June 2002 by Jon Callas and Phil Dunkel ...
PGP Global Directory of 2011 which allows PGP keys to be published and downloaded using HTTPS or LDAP.


OpenPGP

The OpenPGP world largely used its own development of keyserver software independent from the PGP Corporation suite. The main software used until the 2019 spamming attack was "SKS" (Synchronizing Key Server), written by Yaron Minsky. The public SKS pool (consisting of many interconnected SKS instances) provided access via HKPS (HKP with TLS) and HTTPS. It finally shut down in 2021 following a number of
GDPR The General Data Protection Regulation (Regulation (EU) 2016/679), abbreviated GDPR, is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of ...
that it was unable to process effectively. A number of newer pools using other software has been made available following the shutdown of the SKS pool, see .


Public versus private keyservers

Many publicly accessible key servers, located around the world, are computers which store and provide OpenPGP keys over the Internet for users of that
cryptosystem In cryptography, a cryptosystem is a suite of cryptographic algorithms needed to implement a particular security service, such as confidentiality (encryption). Typically, a cryptosystem consists of three algorithms: one for key generation, one ...
. In this instance, the computers can be, and mostly are, run by individuals as a
pro bono ( English: 'for the public good'), usually shortened to , is a Latin phrase for professional work undertaken voluntarily and without payment. The term traditionally referred to provision of legal services by legal professionals for people who a ...
service, facilitating the
web of trust In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the ...
model PGP uses. Several publicly accessibl
S/MIME key servers
are available to publish or retrieve certificates used with the S/MIME cryptosystem. There are also multiple proprietary
public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to fac ...
systems which maintain key servers for their users; those may be private or public, and only the participating users are likely to be aware of those keyservers at all.


Problems with keyservers


Lack of retraction mechanism

The OpenPGP keyservers since their development in 1990s suffered from a few problems. Once a public key has been uploaded, it was purposefully made difficult to remove it as servers auto-synchronize between each other (it was done in order to fight government censorship). Some users stop using their public keys for various reasons, such as when they forget their pass phrase, or if their private key is compromised or lost. In those cases, it was hard to delete a public key from the server, and even if it were deleted, someone else can upload a fresh copy of the same public key to the server. This leads to an accumulation of old fossil public keys that never go away, a form of "keyserver plaque". The lack of a retraction mechanism also breached the European
General Data Protection Regulation The General Data Protection Regulation (Regulation (EU) 2016/679), abbreviated GDPR, is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of ...
, which was cited as a reason for the closure of the SKS pool. Modern PGP keyservers allow deletion of keys. Because only the owner of a key's e-mail address can upload a key (see next section) in such servers, the key stays deleted unless the owner decides otherwise.


Lack of ownership check

The keyserver also had no way to check to see if the key was legitimate (belong to true owner). As consequence anyone can upload a bogus public key to the keyserver, bearing the name of a person who in fact does not own that key, or even worse, use it as vulnerability: the Certificate Spamming Attack. Modern keyservers, starting with the PGP Global Directory, now use the e-mail address for confirmation. This keyserver sent an email confirmation request to the putative key owner, asking that person to confirm that the key in question is theirs. If they confirm it, the PGP Global Directory accepts the key. The confirmation can be renewed periodically, to prevent the accumulation of keyserver plaque. The result is a higher quality collection of public keys, and each key has been vetted by email with the key's apparent owner. But as consequence, another problem arise: because PGP Global Directory allows key account maintenance and verifies only by email, not cryptographically, anybody having access to the email account could for example delete a key and upload a bogus one. The last Internet Engineering Task Force draft for HKP also defines a distributed key server network, based on DNS SRV records: to find the key of ''[email protected]'', one can ask it by requesting ''example.com'''s key server.


Leakage of personal relationships

For many individuals, the purpose of using cryptography is to obtain a higher level of
privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
in personal interactions and relationships. It has been pointed out that allowing a public key to be uploaded in a key server when using decentralized web of trust based cryptographic systems, like PGP, may reveal a good deal of information that an individual may wish to have kept private. Since PGP relies on signatures on an individual's public key to determine the authenticity of that key, potential relationships can be revealed by analyzing the signers of a given key. In this way, models of entire social networks can be developed. (Mike Perry's 2013 criticism of the Web of Trust mentions the issue as already been "discussed at length".) A number of modern key servers remove third-party signatures from the uploaded key. Doing so removes all personal connections into the Web of Trust, thus preventing any leakage from happening. The main goal, however, was to minimize the storage space required, as "signature spamming" can easily add megabytes to a key.


Keyserver examples

These are some keyservers that are often used for looking up keys with gpg --recv-keys. These can be queried via https:// (
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...
) or hkps:// (HKP over TLS) respectively.
keys.openpgp.org



pgp.mit.edu

keyring.debian.org
(only contains keys from Debian project members)
keyserver.ubuntu.com
(default in GnuPG since version 2.3.2)
pgp.surf.nl


See also

*
Lightweight Directory Access Protocol The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory serv ...
*
GnuPG GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's cryptographic software suite PGP. The software is compliant with the now obsoleted , the IETF standards-track specification of OpenPGP. Modern versions of PGP are ...


References


External links


The OpenPGP HTTP Keyserver Protocol (HKP)
(December 2024) * {{SourceForge, pks, OpenPGP Public Key Server - an OpenPGP key server software package distributed under a BSD-style license. It has largely been replaced by Hockeypuck.
Synchronizing Key Server (SKS)
- an OpenPGP key server software package distributed under the GPL. It has largely been replaced by Hockeypuck.
Hockeypuck
- a synchronising OpenPGP keyserver software package distributed under the AGPL.
Hagrid
- a non-synchronising, verifying OpenPGP keyserver software package distributed under the AGPL.
PGP Global Directory
hosted by the
PGP Corporation PGP Corporation was a company that sold Pretty Good Privacy computer software. It was founded in 2002, and acquired by Symantec in 2010, and by Broadcom in 2019. History PGP Corporation was co-founded in June 2002 by Jon Callas and Phil Dunkel ...
. Key management