couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: Proposal for digital signatures of documents
Date Fri, 10 Apr 2009 23:47:16 GMT
On Tue, Mar 10, 2009 at 3:27 PM, Chris Anderson <jchris@apache.org> wrote:
> On Tue, Mar 10, 2009 at 9:01 AM, Brian Candler <B.Candler@pobox.com> wrote:
>> Inventing new cryptosystems is dangerous. Why not an OpenPGP armored
>> detached signature?

Does this hand-waving version of a signed document look like it could work?

    {
      "_id" : "89a7stdg235",
      "_rev" : "1-26476513",
      "signed-content" : {
        "message" : "I said this and I meant it.",
        "date" : "2009/04/09 15:54:08",
        "author" : {
          "name" : "J. Chris Anderson",
          "url" : "http://jchrisa.net",
          "photo" : "http://jchrisa.net/profile.jpg"
        }
      },
      "signature" : {
        "content-hash" : "s7d23fiu7g34awb47e32rso7d54fn3sdf==",
        "content-serializer" : {
          "code" : "http://jchrisa.net/repeatable-json-0.2.2.js",
          "decimal-precision" : 4
        },
        "public-key" :
"5s2457d357f47io46u135h35as5df135oi235ugs4a35df57ou7y5g1s5d5f58ou1s3d4f==",
        "signed-hash" : "h235h345h3147j23j35g1235344j3246h46jg3245j==",
      },
      "foo" : ["this content is not signed", "it's just here"]
    }

I'll try to implement this in the next few weeks. The pseudo base64
above is just more hand-waving. Ideally I'd be compatible with other
implementations of GPG.

Anyone see any obvious flaws in the above?

As far as editing and history go, I think they are valuable, but I'd
rather leave them out of scope for the first round of what I write. I
think they can be added later without too much changes.

Chris

-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message