The Monkeysphere Project is an open-source project to extend the web of trust found in GnuPG and OpenPGP to securely identify servers we connect to. It is designed as a potential solution to eliminate reliance on the certificate authorities found with SSL and make host key checking with OpenSSH much more convenient.

Script Installation

The following instructions were written for Ubuntu 10.04 and may not work on other platforms or versions. If you would like to see additional coverage, please add it yourself or make a request on the wiki's wanted page.

Add the Monkeysphere APT repository to /etc/apt/sources.list .

echo 'deb http://archive.monkeysphere.info/debian experimental monkeysphere deb-src http://archive.monkeysphere.info/debian experimental monkeysphere' | sudo tee -a /etc/apt/sources.list

Then trust the Monkeysphere key after verification.

Now make sure that apt is up to date, install the Monkeysphere packages, and configure Monkeysphere to run.

$ sudo apt-get update $ sudo apt-get install monkeysphere monkeysphere-validation-agent $ echo 'USE_VALIDATION_AGENT=true' >> ~/.monkeysphere/monkeysphere.conf

Browser Plugin Installation

Next, download, compile and install the browser plugin with git.

$ git clone git://git.monkeysphere.info/xul-ext-monkeysphere $ cd xul-ext-monkeysphere $ make

To install the plugin, open the .xul file in your browser and choose the install option.

Lastly, log out and log back in to have the Monkeysphere validation agent launch automatically.

To test, try navigating to https://vtluug.org without the self-signed certificate trusted. A monkey icon in the bottom left should spin as the trust is checked. Eventually, the certificate warning page should be bypassed if the certificate can be authenticated through the web of trust. Otherwise, the monkey face will be crossed out with red.