YAWKS (Yet Another Web Key Service) is a professional, business-ready OpenPGP key management system. It combines a standard-compliant Web Key Directory (WKD) and Web Key Service (WKS) with advanced corporate features to ensure security, privacy, and administrative control.
- Designated Revoker Injection: Automatically injects a corporate-controlled revocation key into user keys during generation or upload. This allows the organization to revoke keys if a device is lost or an employee leaves.
- Privacy by Design: All cryptographic operations involving private keys (generation, re-signing, revoker injection) occur locally in the user's browser. Private keys are never transmitted to the server.
- Ownership Proof: Every key submission is cryptographically signed by the user's private key, proving possession before registration.
- Modern Interface: A sleek, glassmorphism-inspired dark mode dashboard for employees.
- Key Generator: One-click PGP key generation with automated corporate compliance.
- Key Import: Support for importing existing keys with automated compliance injection.
- Employee Search: Searchable directory for colleagues' public keys, integrated with WKD.
- Admin Dashboard: A protected management interface for administrators.
- Centralized Revocation: Trigger official PGP revocations using the corporate Designated Revoker key.
- Advanced Authentication: Admin actions are protected by API-key security.
- Full WKD Support: Implements both "Advanced" and "Direct" discovery methods.
- RFC Compliance: Adheres to RFC 4880 and the WKD/WKS drafts.
- Traffic Analysis Protection: Implements PGP Padding packets (Tag 21) to normalize response sizes and protect against traffic analysis.
- User ID Filtering: Privacy-preserving key delivery that only serves the requested User ID.
- CORS Support: Ready for integration with browser plugins like Mailvelope.
- Node.js (v18+)
- NPM
- SSL Certificate (e.g., from Certbot)
- Clone the repository:
git clone https://github.com/looserouting/yawks.git cd yawks - Install dependencies:
npm install
- Prepare the frontend:
npm run prepare
- Copy the example config:
cp src/config.js.example src/config.js
- Edit
src/config.jsto set your domains, corporate revoker fingerprint, and admin keys.
node yaws.jsThe server will automatically generate a submission.key upon first start if it doesn't exist.
src/controller/: API logic for WKD, WKS, Search, and Revocation.src/model/: Database schemas (Sequelize/SQLite).src/service/: Core services including Mail (Outgoing), HTTPS, and Key Management.src/service/httpsServer/public/: The premium web dashboard.
YAWKS Corporate Edition is optimized for a modern web workflow:
- Key Creation: User generates or imports a key in the browser.
- Submission: Public key and ownership proof are sent via HTTPS API.
- Validation: Server sends a signed validation email.
- Activation: User clicks the link to publish the key to WKD. This eliminates the need for complex incoming mail setups (IMAP/SMTP-Listening).
This project is open-source and available under the MIT License.