We are pleased to announce the availability of a new stable SKS release: Version 1.1.4. SKS is an OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization. That means that a key submitted to one SKS server will quickly be distributed to all key servers, and even wildly out-of-date servers, or servers that experience spotty connectivity, can fully synchronize with rest of the system. What's New in 1.1.4 ==================== - Fix X-HKP-Results-Count so that limit=0 returns no results, but include the header, to let a client poll for how many results exist, without retrieving any. Submitted by Phil Pennock. See: http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00015.html - Add UPGRADING document to explain upgrading Berkeley DB without rebuilding. System bdb versions often change with new SKS releases for .deb and .rpm distros. - Cleanup build errors for bdb/bdb_stubs.c. Patch from Mike Doty - Update cryptokit from version 1.0 to 1.5 without requiring OASIS build system or other additional dependencies - build, fastbuild, & pbuild fixed to ignore signals USR1 and USR2 - common.ml and reconSC.ml were using different values for minumimum compatible version. This has been fixed. - Added new server mime-types, and trying another default document (Issue 6) In addition to the new MIME types added in 1.1.[23], the server now looks over a list and and serves the first index file that it finds Current list: index.html, index.htm, index.xhtml, index.xhtm, index.xml. - options=mr now works on get as well as (v)index operations. This is described in http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00 sections 3.2.1.1. and 5.1. - Updated copyright notices in source files - Added sksclient tool, similar to old pksclient - Add no-cache instructions to HTTP response (in order for reverse proxies not to cache the output from SKS) - Use unique timestamps for keydb to reduce occurrances of Ptree corruption. - Added Interface specifications (.mli files) for modules that were missing them - Yaron pruned some no longer needed source files from the tree. - Improved the HTTP status and HTTP error codes returned for various situations and added checks for more error conditions. - Add a suffix to version (+) indicating non-release or development builds - Add an option to specify the contact details of the server administrator that shows in the status page of the server. The information is in the form of an OpenPGP KeyID and set by server_contact: in sksconf - Add a `sks version` command to provide information on the setup. - Added configuration settings for the remaining database table files. If no pagesize settings are in sksconf, SKS will use 2048 bytes for key and 512 for ptree. The remainining files' pagesize will be set by BDB based on the filesystem settings, typically this is 4096 bytes. See sampleConfig/sksconf.typical for settings recommended by db_tuner. - Makefile: Added distclean target. Dropped autogenerated file from VCS. - Allow tuning BDB environment before creation in [fast]build and pbuild. If DB_CONFIG exists in basedir, copy it to DB dir before DB creation. Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree over DB_CONFIG. - Add support for Elliptic Curve Public keys (ECDSA, ECDH) - Add check if an upload is a revocation certificate, and if it is, produce an error message tailored for this. Note when upgrading from earlier versions of SKS ==================== The default values for pagesize settings have changed. To continue using an existing DB without rebuilding, explicit settings have to be added to the sksconf file. pagesize: 4 ptree_pagesize: 1 Getting the Software ==================== SKS can be downloaded from https://bitbucket.org/skskeyserver/sks-keyserver Prerequisites ==================== There are a few prerequisites to building this code. You need: * ocaml-3.10.2 or later. Get it from ocaml-3.12.x is recommended, ocaml-4.x is not recommended at this time * Berkeley DB version 4.6.* or later, whereby 4.8 or later is recommended. You can find the appropriate versions at Verifying the integrity of the download ==================== Releases of SKS are signed using the SKS Keyserver Signing Key available on public keyservers with the KeyID 0x41259773973A612A and has a fingerprint of C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A. Using GnuPG, verification can be accomplished by, first, retrieving the signing key using gpg --keyserver pool.sks-keyservers.net --recv-key 0x41259773973A612A followed by verifying that you have the correct key gpg --keyid-format long --fingerprint 0x41259773973A612A should produce: pub 4096R/41259773973A612A 2012-06-27 Key fingerprint = C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A A check should also be made that the key is signed by trustworthy other keys; gpg --list-sigs 0x41259773973A612A and the fingerprint should be verified through other trustworthy sources. Once you are certain that you have the correct key downloaded, you can create a local signature, in order to remember that you have verified the key. gpg --lsign-key 0x41259773973A612A Finally; verifying the downloaded file can be done using gpg --keyid-format long --verify sks-x.y.z.tgz.asc The resulting output should be similar to gpg: Signature made Wed Jun 27 12:52:39 2012 CEST gpg: using RSA key 41259773973A612A gpg: Good signature from "SKS Keyserver Signing Key" Thanks ==================== We have to thank all the people who helped with this release, by discussions on the mailing list, submitting patches, or opening issues for items that needed our attention. Happy Hacking, The SKS Team (Yaron, John, Kristian, Phil, and the other contributors)