/hagrid

Hagrid as in, "keeper of keys". Verifying OpenPGP keyserver, written in Rust, running on https://keys.openpgp.org

Primary LanguageHandlebarsGNU Affero General Public License v3.0AGPL-3.0

Hagrid

Hagrid is a verifying OpenPGP key server.

You can find general instructions and an API documentation at the running instance at https://keys.openpgp.org.

Please note that Hagrid is built and maintained only for the service at keys.openpgp.org. It is not maintained or officially supported as deployable software.

License

Hagrid is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Hagrid is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with Hagrid. If not, see https://www.gnu.org/licenses/.

Quick Start

Building Hagrid requires a working stable Rust toolchain. The easiest way to get the toolchain is to download rustup.

Additionally, some external dependencies are required. Get them (on Debian or Ubuntu) with

sudo apt install gnutls-bin libssl-dev gcc llvm-dev libclang-dev build-essential pkg-config gettext

After Rust and the other dependencies are installed, copy the config file, then simply compile and run:

cd hagrid
cp Rocket.toml.dist Rocket.toml
cargo run

This will spawn a web server listening on port 8080.

For deployment, a release build should be used (cargo build --release). This will be statically built, and can be copied anywhere. You will also need to adjust Rocket.toml accordingly. Hagrid uses sendmail for mailing, so you also need a working local mailer setup.

Reverse Proxy

Hagrid is designed to defer lookups to reverse proxy server like Nginx. Lookups via /vks/v1/by-finingerprint, /vks/v1/by-keyid, and /vks/v1/by-email can be handled by a robust and performant HTTP server. A sample configuration for nginx is part of the repository (nginx.conf, hagrid-routes.conf). Note that we make use of ngx_http_lua_module to perform some request rewrites.

Community

We're in #hagrid on OFTC IRC, also reachable via Matrix as #hagrid:stratum0.org.