Key server (cryptographic)
Encyclopedia
In computer security
, a key server is a computer that receives and then serves existing cryptographic key
s to users or other programs. The users' programs can be working on the same network as the key server or on another networked computer.
The keys distributed by the key server are almost always provided as part of a cryptographically-protected identity certificate containing not only the key but also 'entity' information about the owner of the key. The certificate is usually in a standard format, such as the OpenPGP public key format, the X.509
certificate format, or the PKCS
format. Further, the key is almost always a public key for use with an asymmetric key encryption
algorithm.
In public key cryptography an individual is able to generate a key pair, where one of the keys is kept private
while the other is distributed publicly. Knowledge of the public key does not compromise the security of public key cryptography. An
individual holding the public key of a key pair can use that key to carry out cryptographic operations that allow secret communications with or strong authentication of the holder of the matching private key. The
need to have the public key of a key pair in order to start
communication or verify signatures is a bootstrapping problem. Locating keys
on the web or writing to the individual asking them to transmit their public
keys can be time consuming and insecure. Key servers act as central repositories to
alleviate the need to individually transmit public keys and can act as the root of a chain of trust
.
The first web-based PGP
keyserver was written for a thesis by Marc Horowitz,
while he was studying at MIT. Horowitz's keyserver was called the HKP Keyserver
after a web-based OpenPGP HTTP Keyserver Protocol (HKP) it used to allow people to interact with the
keyserver. Users were able to upload, download, and search keys either through
HKP on port 11371, or through web pages which ran CGI
scripts. Before the creation of the HKP Keyserver, keyservers relied on email
processing scripts for interaction.
A separate key server, known as the PGP Certificate Server, was developed by PGP, Inc. and was used as the software (through version 2.5.x for the server) for the default key server in PGP through version 8.x (for the client software), keyserver.pgp.com. Network Associates was granted a patent
co-authored by Jon Callas
(United States Patent 6336186) on the key server concept.
To replace the aging Certificate Server, an LDAP-based key server was redesigned at Network Associates in part by Randy Harmon and Len Sassaman
, called PGP Keyserver 7.0. With the release of PGP 6.0, LDAP was the preferred key server interface for Network Associates’ PGP versions. This LDAP and LDAPS key server (which also spoke HKP for backwards compatibility, though the protocol was (arguably correctly) referred to as “HTTP” or “HTTPS”) also formed the basis for the PGP Administration tools for private key servers in corporate settings, along with a schema
for Netscape Directory Server
. It was later replaced by the new PGP Corporation
Global Directory.
service, facilitating the web of trust
model PGP uses.
Several publicly accessible S/MIME key servers are available to publish or retrieve certificates used with the S/MIME
cryptosystem.
There are also multiple proprietary public key infrastructure
systems which maintain key servers for their users; those may be private or public, and only the participating users are likely to be aware of the those keyservers at all.
level of privacy
in personal interactions and relationships. It has been pointed
out that allowing a public key to be uploaded in a key server when using
decentralized web of trust based cryptographic systems, like PGP, may reveal a
good deal of information that an individual may wish to have kept private. Since
PGP relies on signatures on an individual's public key to determine the
authenticity of that key, potential relationships can be revealed by analyzing
the signers of a given key. In this way, models of entire social networks can be
developed.
To solve these problems, PGP Corp developed a new generation of key server, called the PGP Global Directory. This keyserver sent an email confirmation request to the putative key owner, asking that person to confirm that the key in question is theirs. If they confirm it, the PGP Global Directory accepts the key. This can be renewed periodically, to prevent the accumulation of keyserver plaque. The result is a higher quality collection of public keys, and each key has been vetted by email with the key's apparent owner.
The last IETF draft for HKP also defines a distributed key server network, based on DNS SRV record
s: to find the key of someone@example.com, one can ask it to example.coms key server.
These are some keyservers that are often used for looking up keys with "gpg --recv-key"
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
, a key server is a computer that receives and then serves existing cryptographic key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
s to users or other programs. The users' programs can be working on the same network as the key server or on another networked computer.
The keys distributed by the key server are almost always provided as part of a cryptographically-protected identity certificate containing not only the key but also 'entity' information about the owner of the key. The certificate is usually in a standard format, such as the OpenPGP public key format, the X.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
certificate format, or the PKCS
PKCS
In cryptography, PKCS refers to a group of public-key cryptography standards devised and published by RSA Security.RSA Data Security Inc was assigned the licensing rights for the patent on the RSA asymmetric key algorithm and acquired the licensing rights to several other key patents as well...
format. Further, the key is almost always a public key for use with an asymmetric key encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
algorithm.
History
Key servers are made possible by the invention of public key cryptography.In public key cryptography an individual is able to generate a key pair, where one of the keys is kept private
while the other is distributed publicly. Knowledge of the public key does not compromise the security of public key cryptography. An
individual holding the public key of a key pair can use that key to carry out cryptographic operations that allow secret communications with or strong authentication of the holder of the matching private key. The
need to have the public key of a key pair in order to start
communication or verify signatures is a bootstrapping problem. Locating keys
on the web or writing to the individual asking them to transmit their public
keys can be time consuming and insecure. Key servers act as central repositories to
alleviate the need to individually transmit public keys and can act as the root of a chain of trust
Chain of trust
In computer security, a chain of trust is established by validating each component of hardware and software from the bottom up. It is intended to ensure that only trusted software and hardware can be used while still remaining flexible.-Introduction:...
.
The first web-based PGP
Pretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
keyserver was written for a thesis by Marc Horowitz,
while he was studying at MIT. Horowitz's keyserver was called the HKP Keyserver
after a web-based OpenPGP HTTP Keyserver Protocol (HKP) it used to allow people to interact with the
keyserver. Users were able to upload, download, and search keys either through
HKP on port 11371, or through web pages which ran CGI
scripts. Before the creation of the HKP Keyserver, keyservers relied on email
processing scripts for interaction.
A separate key server, known as the PGP Certificate Server, was developed by PGP, Inc. and was used as the software (through version 2.5.x for the server) for the default key server in PGP through version 8.x (for the client software), keyserver.pgp.com. Network Associates was granted a patent
Patent
A patent is a form of intellectual property. It consists of a set of exclusive rights granted by a sovereign state to an inventor or their assignee for a limited period of time in exchange for the public disclosure of an invention....
co-authored by Jon Callas
Jon Callas
Jon Callas is an American computer security expert and Chief Technical Officer of Entrust. Callas has a long history of work in the computer security field, and is a frequent speaker at industry conferences. Additionally, Callas is a contributor to multiple IETF RFCs...
(United States Patent 6336186) on the key server concept.
To replace the aging Certificate Server, an LDAP-based key server was redesigned at Network Associates in part by Randy Harmon and Len Sassaman
Len Sassaman
Len Sassaman was an advocate for privacy, maintainer of the Mixmaster anonymous remailer code and remop of the randseed remailer.He was employed as the security architect and senior systems engineer for Anonymizer...
, called PGP Keyserver 7.0. With the release of PGP 6.0, LDAP was the preferred key server interface for Network Associates’ PGP versions. This LDAP and LDAPS key server (which also spoke HKP for backwards compatibility, though the protocol was (arguably correctly) referred to as “HTTP” or “HTTPS”) also formed the basis for the PGP Administration tools for private key servers in corporate settings, along with a schema
Database schema
A database schema of a database system is its structure described in a formal language supported by the database management system and refers to the organization of data to create a blueprint of how a database will be constructed...
for Netscape Directory Server
Fedora Directory Server
The 389 Directory Server is an LDAP server developed by Red Hat, as part of Red Hat's community-supported Fedora Project. 389 Directory Server is identical to the Red Hat Directory Server, just rebranded...
. It was later replaced by the new PGP Corporation
PGP Corporation
PGP Corporation, co-founded by Jon Callas and Phil Dunkelberger, is based in Menlo Park, California. PGP Corporation was funded by Rob Theis, General Partner, Doll Capital Management and Terry Garnett, General Partner, Venrock Associates. The company is the current owner of the Pretty Good Privacy...
Global Directory.
Public versus private keyservers
Many publicly accessible key servers, located around the world, are computers which store and provide OpenPGP keys over the Internet for users of that cryptosystem. In this instance, the computers can be, and mostly are, run by individuals as a pro bonoPro bono
Pro bono publico is a Latin phrase generally used to describe professional work undertaken voluntarily and without payment or at a reduced fee as a public service. It is common in the legal profession and is increasingly seen in marketing, technology, and strategy consulting firms...
service, facilitating the web of trust
Web of trust
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure ,...
model PGP uses.
Several publicly accessible S/MIME key servers are available to publish or retrieve certificates used with the S/MIME
S/MIME
S/MIME is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFCs. S/MIME was originally developed by RSA Data Security Inc...
cryptosystem.
There are also multiple proprietary public key infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
systems which maintain key servers for their users; those may be private or public, and only the participating users are likely to be aware of the those keyservers at all.
Privacy concerns
For many individuals, the purpose of using cryptography is to obtain a higherlevel of privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
in personal interactions and relationships. It has been pointed
out that allowing a public key to be uploaded in a key server when using
decentralized web of trust based cryptographic systems, like PGP, may reveal a
good deal of information that an individual may wish to have kept private. Since
PGP relies on signatures on an individual's public key to determine the
authenticity of that key, potential relationships can be revealed by analyzing
the signers of a given key. In this way, models of entire social networks can be
developed.
Problems with keyservers
The OpenPGP keyservers developed in the 1990s suffered from a few problems. Once a public key has been uploaded, it is difficult to remove. Some users stop using their public keys for various reasons, such as when they forget their pass phrase, or if their private key is compromised or lost. In those cases, it was hard to delete a public key from the server, and even if it were deleted, someone else can upload a fresh copy of the same public key to the server. This leads to an accumulation of old fossil public keys that never go away, a form of "keyserver plaque". Another problem is that anyone can upload a bogus public key to the keyserver, bearing the name of a person who in fact does not own that key. The keyserver had no way to check to see if the key was legitimate.To solve these problems, PGP Corp developed a new generation of key server, called the PGP Global Directory. This keyserver sent an email confirmation request to the putative key owner, asking that person to confirm that the key in question is theirs. If they confirm it, the PGP Global Directory accepts the key. This can be renewed periodically, to prevent the accumulation of keyserver plaque. The result is a higher quality collection of public keys, and each key has been vetted by email with the key's apparent owner.
The last IETF draft for HKP also defines a distributed key server network, based on DNS SRV record
SRV record
A Service record is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services. It is defined in RFC 2782, and its type code is 33...
s: to find the key of someone@example.com, one can ask it to example.coms key server.
These are some keyservers that are often used for looking up keys with "gpg --recv-key"
- keyserver hkp://subkeys.pgp.net
- keyserver hkp://pgp.mit.edu
- keyserver hkp://pool.sks-keyservers.net (random server)
- keyserver hkp://keys.nayr.net
- keyserver http://keys.gnupg.net
- keyserver http://wwwkeys.xx.pgp.net where xx is a two-letter country code.
External links
- Marc Horowitz's Thesis
- OpenPGP HTTP Keyserver Protocol (HKP)
- OpenPGP Public Key Server (PKS) - an OpenPGP key server software package distributed under a BSD-style license (with advertising clause). It has largely been supplanted by SKS.
- Synchronizing Key Server (SKS) - an OpenPGP key server software package distributed under the GPL.
- PGP Global Directory
- Pool of SKS Keyservers