Skip to content

KeyServer

Joshua Thijssen edited this page Sep 30, 2020 · 3 revisions

Somehow we need to fetch information about a receiver. There are two important facts we need from our receiver:

  1. Which mail server handles the given receiver?
  2. What is the public key from the receiver?

The first item is in a regular email system done through DNS. We query the DNS which returns the MX record for the domain. That MX records points to an IP (or CNAME or whatever), that ultimately handles its mail. In the regular mail system, there can be multiple MX records with priorities so mail can be sent to other mail servers in case the first isn't available.

In our system, there is no such thing as DNS, as we don't use domain-name system. It's also not a given that two email addresses from the same organisation is actually handled by the same mail server.

We want to see if we can leverage a DHT system like Kademlia for this. For now, we use a centralized 🤦 system instead.

This is running on https://resolver.bitmaelum.com.

Fetching resolve information

 GET https://resolver.bitmaelum.com/address/<sha256 of address>

This will return something like this:

 {
   "hash": "68ff90bd7573ab2517249ee9ff51315e662541f5cedde9472a7bc9a3a9b73e17", 
   "public_key": "rsa MIICCgKCAgEAp0klq8XpTOK....RocPsF40G/ibEBhlsBYAcRcu08sFAYhJGmuzjcRDz",
   "routing_id": "24cacf5004bf68ae9daad19a5bba391d85ad1cb0b31366e89aec86fad0ab16cb"
   "serial_number": "7171239732187770122"
 }

This tells us that this account is located at the server found in routing ID 24cacf.....

To figure out the actual server, we need to fetch the routing as well:

 GET /routing/24cacf5004bf68ae9daad19a5bba391d85ad1cb0b31366e89aec86fad0ab16cb

This will return the following:

 {
   "hash": "24cacf5004bf68ae9daad19a5bba391d85ad1cb0b31366e89aec86fad0ab16cb",
   "public_key": "rsa MIIBIjANBgkq...AB",
   "routing": "bitmaelum.example.org",
   "serial_number": "7171239732187770122"
 }

There can be multiple routing systems. Irregular endpoints (like tor for instance are prefixed which is a future feature).

Adding resolve information

In order to add new information for an address, you need to send the following:

POST https://resolver.bitmaelum.com/address/

with the following JSON body:

{
  "public_key": "rsa MIIBIjANBgkqhkiG9w0BAQE.....FAAOCAQ8AMIIBCgKCAQEAxl9TRrcsVuUMa8yeDSKv",
  "routing_id": "46346.....",
}

together with a Authorization header with a bearer token. This token is a private key signed block of data including the serial number and hash of the address you want to change. This way only the owner of the private key can change the information. Also, we can't do replay attacks as the serial number will change on every update.

Deleting resolve information

Deleting a key can be done through:

DELETE https://resolver.bitmaelum.org/address/

Again, this only works with an authorization header. Note that removing from the resolver means the address is "free" for others to use.

Clone this wiki locally