MIT CA (https://ca.mit.edu/ca/) signs MIT users' public keys in x509 certificate format.
pgp.xvm.mit.edu
signs PGP public key UID-s if
- the public key was prevously signed by MIT CA
- the person is a student (otherwise MIT might not have checked their identity throughly)
- the name on the UID matches the name on MIT records
Everything pgp.xvm.mit.edu
does or does not do is publicly logged at http://pgp.xvm.mit.edu:8000/, allowing everyone to verify that we adhere to this policy. If you wish to do so, sipb-pgpsign-server.go
should be suitable for this purpose if modified to not send emails to people.
You will need the standard distribution of the go
programming language (golang
). Install the relevant package from your package manager and then do the following:
mkdir ~/go
export GOPATH=~/go
go get code.google.com/p/gopass code.google.com/p/go.crypto/openpgp
go run sipb-pgpsign-client.go
Some keys cannot be submitted to sipb using that method. If the server fails to parse your key, copy the certificate the previous command produced to file cert.pem
and run ( cat cert.pem; gpg --export --armor $KEYID ) | nc pgp.xvm.mit.edu 7564
.
GPLv3+, but not religious about it. If you'd like to use this code in an open source project, contact me.