Installing

Once again the makefile mostly has you covered here, all you need to do is:

sudo make install

and the makefile will set up a dedicated service user and group called pkd which controls access to the daemon and its resources, as well as setting up the pk server as a systemd service called pk. This will also start the pk server and enable it on startup.

PKCTL Usage

Once installed, you can use the following commands to interface with the pk daemon controller:

systemctl start|stop|restart pk — this controls the daemon's life cycle.

pkctl attach — this starts an interactive session with the daemon, allowing you to control and interface with clients.

Host Key Generation

Once you've installed the pk server you're going to want to change its host key away from the default one which is used for testing purposes and is widely available (read: not secure at all).

This is probably the only complicated part of the whole guide, mostly because I haven't yet built a cute little utility to do it for you yet (I should at some point). You're going to need to do the following (in your pk directory):

python3
>>> import crypto
>>> p,q,n,e,d = crypto.Crypto.keygen(4096)
>>> n

Copy the number that python spits out here.

>>> d

Also copy this number. Keep these two handy as we'll need them later. Now open /etc/pk/server_key.json in your favorite editor and make it read as follows (you can wipe out the current contents):

{"n": <the number n we got from python>, "d": <the number d we got from python>, "e": 65537}

At this point we're almost done, we just have to restart pk to reflect the changes, so run:

sudo systemctl restart pk

and you should be good to go.

Local Users

To allow non-root users on your system to use pkctl attach, you will need to add them to the pkd user group. This is remarkably simple to do on any unix system, just run:

adduser [username] pkd