keys keys

The SKS OpenPGP
Key Server

SKS is a new OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization.  That means that a key submitted to one SKS server will quickly be distributed to all key servers, and even wildly out-of-date servers, or servers that experience spotty connectivity, can fully synchronize with rest of the system. You can see SKS in action here:

And there are many more. Go here to see a graph of the complete SKS network, as well as some other interesting statistics.

The foundation of SKS is a fast new algorithm for reconciling remote data sets.  That algorithm is described in the following papers:

Downloading

You can download SKS from the Savannah site. Get involved! There's a mailing list for the SKS keyserver that you can subscribe to here. There's also a new Documentation Wiki where you can find more help on installing and using SKS.

Features

  • Highly efficient and reliable reconciliation algorithm
  • Follows RFC2440 and RFC2440bis carefully --- unlike PKS, SKS supports new and old style packets, photoID packets, multiple subkeys, and pretty much everything allowed by the RFCs.
  • Fully compatible with PKS system --- can both send and receive syncs from PKS servers, ensuring seamless connectivity.
  • Simple configuration:  each host just needs a (partial) list of the other participating key servers.  Gossip is used to distribute information without putting a heavy load an any one host.
  • Supports HKP/web-based querying, and soon-to-be-standard machine readable indices
Here's a graph of the current SKS network. The green nodes are active SKS nodes, and the gray nodes represent PKS nodes to which updates to the SKS system are forwarded.

SKS Keyserver Map

The design of SKS is deliberately simple.  The server consists of two single-threaded processes.  The first, "sks db", fulfills the normal jobs associated with a public key server, such as answering web requests.  The only special functionality of "sks db" is that it keeps a log summarizing the changes to the key database.   "sks recon" does all the work with respect to reconciling hosts databases.   "sks recon" keeps track of specialized summary information about the database, and can use that information to efficiently determine the differences between its database and that of another host.

An important aspect of this design is that "sks recon" is largely decoupled from "sks db".  This means that with a bit of work, it should be possible to augment existing key servers to use the same reconciliation system.  Indeed, there isn't much about "sks recon" that is specific to PGP, and so the same code could be extended to apply to other databases.