About NCSA Projects User Info News

University of Illinois
at Urbana-Champaign

sels Logo

Download SELS brochure

SELS Brochure


Quick links: Install Quick Usage Detailed Usage
A List Moderator creates a SELS list on the SELS List Server. He/she then subscribes users OR approves subscription requests. Then he/she generates keys for the list and each subscribed user. A List Moderator MUST download the SELS code to achieve this.


  1. Download the tarball or zipfile from here to an appropriate location.
  2. Untar using tar xfzo sels-X.X.tar.gz if using Linux or MacOS. Use Winzip in case of Windows.
  3. cd selsX-X/LM/bin
  4. To check SELS prerequisites execute the following script.
    python -i
    Install any missing software and upgrade to appropriate versions if necessary.
    1. Check if you have the Unlimited Strength Policy files for your Java version using:
      python -p
    2. If you do not see a message "Unlimited Strength Policy Test Successful" then these files are not installed in your system correctly. To install them in the appropriate location follow these steps. Download the appropriate Java version Unlimited Strength Policy files, for example, for Java 1.6 download the zip archive from here to a temporary folder, say ~/tmp or C:\temp in Windows. Unpack the zip archive. On Linux and Mac OS run "locate" command to find the location of the files namely US_export_policy.jar, local_policy.jar, COPYRIGHT.html and README.txt. These files must be present with the default version of Java installed on your machine. On Windows XP, usually the location of these files is C:\Program Files\Java\jre\lib\security . Copy the "Unlimited Strength" files from ~/tmp or C:\temp in Windows, to overwrite these files. Repeat Step 5a.
  5. Edit ~LM/bin/ to set up some defaults.
    For Example:
    keyexp: An integer value for key expiration time in years. Default = 1
    keysize: An integer value for key length. Can be either 1024 or 2048. Default = 1024
    SubPass: A password string used during user subscription (both batch and individual).
    If you choose to leave it blank then you will be prompted for the value during script execution when subscribing a single user. For batch subscription a random password will be generated for each user and stored in a file at sels-X.X/LM/lists/<listname&gt/SELS-<listname>.txt Distribute this password to the user by some secure means.

Quick Usage

  1. Send email with subject "Request to create list <listname>" and attach your public (signature verification key).
  2. You will receive three emails from the List Server Admin
    • The first email contains LS Admin's public key. Import it to your keyring via your client or using "gpg --import LSadminkey.asc"
    • Second email contains your list password. Login to the list admin page, for e.g. NCSA List Server, to create the list, change settings for list, subscribe users, etc. Also change your password after first use.
    • The third email notifies you that all manual steps are complete and you are ready to generate keys for list and subscribed users.
  3. Go to ~selsX.X/LM/bin and run
    python -l <listname> --createLMkeys
  4. You will receive an email from the List Server containing the List Server (LS) public key. Execute the script as shown, and follow directions.
    python -l <listname> --createListkeys
  5. You will receive an email notification from List Server informing you that you are ready to "subscribe users" i.e. generate list key pair for users subscribed to your list.
    • For subscribing one user at a time execute the following command.
      python -l <listname> --subscribeUser 

      Make a note of the password you used to create subscriber's key pair in step 5. You will have to give this password to the user by some secure means , example phone call.

    • You will receive a notification email from the List Server informing you that Corresponding (or proxy) keys have been generated for user at the List Server. This is the final step.
    • newSELS release 1.0 introduces a new feature for "Key update". A Moderator can update the existing keys for a list and all the subscribers with a simple command executed as follows:
      python -l <listname> --updatekeys --batch <inFile.txt>  
      This command creates a new List Key and Subscriber keys for the list and sends them out to the List Server and all the subscribers. A revocation certificate for the previous List Key is included in the set of keys sent to each subscriber. This revocation certifcate automatically disables the previous List Key on import. Note: The revocation certificate is not supported in PGP Desktop. Refer FAQ
    • newSELS release 1.0 introduces another new feature "Delete a subscriber". This feature allows a Moderator to easily unsubscribe users from the Mailman list web interface. The user's coreesponding keys on the List Server are automatically deleted and the user cannot decrypt new messages till he is subscribed again by the moderator.

Detailed Usage

For detailed List Moderator instructions go here

Copyright 2000-2008 Board of Trustees of the University of Illinois.