This is the Java Keyserver project. It supports multiple modes of operation and requires a PostgreSQL database.
Unlike typical key servers, this keyserver supports multiple modes of operation:
- Local
-
-
❏ Implemented
A local keyserver which does not sync, e.g. for company use.
-
- Syncing
-
-
❏ Implemented
An outbound-syncing repository (similar to local, but only syncs outbound).
-
- Mirror
-
-
❏ Implemented
An inbound-syncing repository (only syncs incoming keys).-
Type a: sync everything (like most implementations).
-
Type b: sync only requested keys, like most Maven repository mirrors do.
-
Supports exclusion rules to not query specific email domains upstream.
-
-
- Grouping
-
-
❏ Implemented
Similar to nexus/artifactory groups, can group other upstream key servers for reading.
-
-
❏ Will remove keys after a while (configurable).
-
❏ Sends mails to UIDs for verification (local repositories only) before they go public.
-
❏ Removes signatures which are invalid for longer than one year.
-
❏ Removes revoked/invalid keys after one year unless re-uploaded.
- Prerequisites
-
-
Java 21 or higher
-
A recent PostgreSQL database (see below)
-
Apache Maven is included via the wrapper.
-
# or docker...
podman run --name keyserver-db --rm -e POSTGRES_PASSWORD=test1234 -p 5432:5432 postgres
KEYSERVER_DB_PASSWORD=test1234 mvn package -pl web/openpgp-keyserver-protocol -am liberty:dev