-
@ ▄︻デʟɨɮʀɛȶɛֆƈɦ-ֆʏֆȶɛʍֆ══━一,
2025-02-23 19:53:32
Hockeypuck is an **OpenPGP keyserver** that allows users to publish, search, and retrieve **PGP public keys** for secure communication. It is designed for **federation** with other keyservers and supports a **high-performance, scalable** architecture.
---
## **🛠️ Usage**
### **1. Public PGP Key Directory**
- Organizations, security researchers, and privacy-focused users can **publish and retrieve PGP keys** for encrypted email and document verification.
- Similar to **SKS Keyserver**, but actively maintained and more scalable.
### **2. Enterprise PGP Key Management**
- Companies can **host a private keyserver** for internal teams to share PGP keys securely.
- Prevents reliance on external keyservers like keys.openpgp.org.
### **3. Decentralized Identity and Key Distribution**
- Used in federated **PGP keyserver networks** like **Hockeypuck & SKS pools** to distribute OpenPGP keys across multiple servers.
- Useful for **distributed trust models** where multiple organizations manage keys collaboratively.
### **4. Bitcoin & Nostr Applications**
- Can be used alongside **Nostr** for key verification, ensuring public keys are retrievable for cryptographic signatures.
- Useful in **Bitcoin** applications where PGP-signed messages confirm identity.
### **5. Software Package Signing**
- Developers and package maintainers can **sign software updates** using OpenPGP, and end users can fetch public keys from Hockeypuck to verify authenticity.
- Example: **Debian and Arch Linux package signing**.
### **6. Secure Messaging**
- Supports secure email systems using **PGP-encrypted mail (e.g., ProtonMail, Thunderbird + Enigmail, Mailpile, etc.)**.
---
## **📌 Key Benefits**
✅ **Docker-Based Deployment** → Easily installable with **Docker** and **docker-compose**.
✅ **Federated Keyserver** → Can join existing **PGP keyserver networks**.
✅ **High-Performance Storage** → Uses PostgreSQL for better performance than older SKS keyservers.
✅ **Supports HTTP & HTTPS** → Can be hosted publicly with **TLS encryption**.
✅ **Fully Open Source** → Maintained as a modern alternative to SKS.
## **🔑 Signing a Nostr Event Using PGP & Verifying It on a Relay**
If Alice wants to **prove she controls `npub1xyz...`** using **PGP**, she can sign a Nostr event and publish both the event and signature.
---
### **🔹 Step 1: Create a Nostr Event (Kind 0)**
Alice generates a **Nostr profile metadata event**:
```json
{
"id": "xxxxxxxxxxxxxxxxxx",
"pubkey": "npub1xyz...",
"created_at": 1700000000,
"kind": 0,
"tags": [],
"content": "{ \"name\": \"Alice\", \"about\": \"PGP Verified Nostr User\" }"
}
```
She saves this as **`nostr_event.json`**.
---
### **🔹 Step 2: Sign the Event with PGP**
Alice uses GnuPG to sign the event:
```bash
gpg --clearsign --armor nostr_event.json
```
This creates **`nostr_event.json.asc`**, which contains the event with a **PGP signature**.
🔹 **Example of the signed event:**
```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
{
"id": "xxxxxxxxxxxxxxxxxx",
"pubkey": "npub1xyz...",
"created_at": 1700000000,
"kind": 0,
"tags": [],
"content": "{ \"name\": \"Alice\", \"about\": \"PGP Verified Nostr User\" }"
}
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbGSk4HTlMz5tG0tF0Y8fO3HTQYYFAmS8mOkACgkQ0Y8fO3HT
QYYX4w/+JwzbfM1EZ2F7H3yqbdGBJ2cGd...
-----END PGP SIGNATURE-----
```
---
### **🔹 Step 3: Upload the Signature to a Public Keyserver**
Alice submits her signed Nostr event to the **Hockeypuck keyserver**:
```bash
curl --data-binary @nostr_event.json.asc https://keyserver.example.com/pks/add
```
---
### **🔹 Step 4: Publish the Event to a Nostr Relay**
Alice **publishes the original event** to a Nostr relay:
```bash
curl -X POST https://nostr-relay.example.com/ -d @nostr_event.json
```
---
### **🔹 Step 5: Verification**
Anyone can **fetch Alice’s PGP-signed event** and verify it:
```bash
curl "https://keyserver.example.com/pks/lookup?op=get&search=alice@nostr.example.com" | gpg --verify
```
If successful, it will show:
```
gpg: Good signature from "Alice <alice@nostr.example.com>"
```
---
### **✅ Use Cases**
1. **Proving Ownership of a Nostr Public Key** with PGP.
2. **Bitcoin Applications**: PGP-signed messages can confirm identities for multisig coordination.
3. **Decentralized Web of Trust**: Verifying Nostr users via signed events.
---
Additionally a simple JS or python script could automate signing process.