The Monkeysphere Validation Agent (msva)
Networked programs tend to encounter public keys offered by remote entities. These programs need some way to ensure that the public key in question actually belongs to the expected remote entity.
The Monkeysphere Validation Agent (
msva) is a daemon that provides a
simple interface for any program to check the validity of an offered
public key (or cryptographic certificate).
How to install
On recent Debian or Debian-derived systems, you should be able to
install a functional
# aptitude install monkeysphere-validation-agent
Please see the download page for more info and for instructions for other distributions.
On other systems, we currently recommend porting
Please let us know if you're working on this!
How to use
If you are using debian or debian-derived systems with
version 0.29-1 or later, you can ensure that an
msva runs for your
entire X11 session by setting
true in your
monkeysphere.conf. For example:
$ mkdir -p ~/.monkeysphere $ echo 'USE_VALIDATION_AGENT=true' >> ~/.monkeysphere/monkeysphere.conf
Then log out, log back in, and the agent will be available.
If you'd like to use
msva independently of this mechanism, please
monkeysphere-validation-agent(1) man page.
The Monkeysphere Validation Agent offers a local service for systems to validate certificates (both X.509 and OpenPGP) and other public keys in their proper contexts.
Among other reasons, having a validation agent is a good thing because:
- Multiple tools can rely on the same PKI (e.g. the user's web browser and the user's ssh client).
- A single validation agent can present a consistent UI to the user (when used in an end-user context), or provide a unified trust model to various services (when used in a server-side context).
- Authentication/certificate validation code can potentially be isolated to a protected environment.
How it works
msva is a minimalistic web server bound to the loopback interface
that accepts (and returns) JSON objects. Compatible tools are made
aware of the agent (and how to find it) with the
MONKEYSPHERE_VALIDATION_AGENT_SOCKET environment variable.
You might also be interested in details about the messages passed between the agent and its clients.
The general pattern of user/system workflow for
msva was modeled
ssh-agent, a very effective and minimalistic cryptographic
agent. The hope is that the two agents can be used in a compatible
Developing for the
If you are writing a client that needs to validate certificates or
public keys, you might want to read
about how to develop clients to use the