Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@couchdb.apache.org
Received-SPF: pass (nike.apache.org: domain of albin.stigo@gmail.com
 designates 74.125.83.52 as permitted sender)
Message-ID: <4FF4A669.2010306@gmail.com>
Date: Wed, 04 Jul 2012 22:24:09 +0200
From: =?UTF-8?B?QWxiaW4gU3RpZ8O2?= <albin.stigo@gmail.com>
User-Agent: Postbox 3.0.4 (Macintosh/20120616)
MIME-Version: 1.0
To: user@couchdb.apache.org
Subject: Re: Cryptograhically signed docs...
References: 
 <CAMc++1U53sht7v24j+ktQyNe=e2cDTkCsdsX3Bm-KY-0rLR=Eg@mail.gmail.com>
 <79061073-7E58-4CBC-9DC1-8A98C6811796@sri.com>
 <0848BFC4-1340-4FF9-A04D-EE6D205A90A0@couchbase.com>
 <CAMc++1VzimcH8sFzYunE2PSANz_8+4ufzv0H0HQoCYRUQpq2oQ@mail.gmail.com>
 <CAKrvCPiuq9DAe_rHVeKW4c2iOe7snopuyJxJFOEexK8pV+o22w@mail.gmail.com>
 <CAMc++1VB-gNi=byzW_1to_EjWmZ4hvKmKC7-jAvupjSu7MQEsg@mail.gmail.com>
 <CAGUGYeiwmNwZ-wYrGOXB7Qym8yE+B-uSqKQyc83hC6qM_jsrCQ@mail.gmail.com>
 <-3046869085809654149@unknownmsgid>
 <A27A23F4B074415BA75CAA7B692F9189@cloudant.com>
 <CAGUGYeiWwoaCoJe7N=qdrUA_p3z2T_qB0HQhnAb66R4n7jJG=g@mail.gmail.com>
 <CAKrvCPjhywT-s30whnsYjPk6bnunhvaYbzSPE0UiGMTMhaPJMg@mail.gmail.com>
 <4FF4A4F8.70809@gmail.com>
 <CAKrvCPhzU+W9AgtpNES5GatTc1+7UjAqxxjGRZui40QcWUE5Pw@mail.gmail.com>
In-Reply-To: 
 <CAKrvCPhzU+W9AgtpNES5GatTc1+7UjAqxxjGRZui40QcWUE5Pw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Key id.

--Albin

Jan Bot wrote:
> But if you don't know the user who signed the document, how are you going
> to select the proper key to test against? Would the user specify which key
> he used to sign a doc?
>
> Jan
>
> On Wed, Jul 4, 2012 at 10:18 PM, Albin Stigö <albin.stigo@gmail.com> wrote:
>
>> It would, but then you also need to be logged in.. Which I guess sometimes
>> is what you want and sometimes not. If you're not logged in the validation
>> function doesn't have access to your userCtx.
>>
>> --Albin
>>
>> Jan Bot wrote:
>>> Hi,
>>>
>>> Wouldn't it be possible to just store the (public) key of a user within a
>>> userdoc (under _users)?
>>>
>>> Cheers,
>>>
>>> Jan
>>>
>>> On Wed, Jul 4, 2012 at 9:31 PM, Bernhard Gschwantner
>>> <bernhard@unserwein.at>wrote:
>>>
>>>> If you are the only one controlling the keys, a really nice approach for
>>>> managing the keys is with (the original python) couchapp: just store
>> each
>>>> key as a single .json file in a subfolder, and couchapp takes care of
>>>> encoding each key as a property of the design doc. From
>>>> validate_doc_update, you can access the whole design doc via the this
>>>> keyword. So this input:
>>>>
>>>> public_keys
>>>>     Alice.json: ...public key as a string...
>>>>     bob.json: ...bob's key....
>>>>
>>>> Should be accessible in the validate function like this:
>>>>
>>>>    var keys = this.public_keys;
>>>>    keys.forEach(function(key){...})
>>>>
>>>> I'm on the iPad, so also a bit brief... ;-)
>>>>
>>>> Bernhard
>>>>
>>>> --
>>>>
>>>> Bernhard Gschwantner
>>>> Unser Wein G&U OG
>>>> Kirchengasse 13/7, 1070 Wien
>>>>
>>>> mobil: +43 (6991) 971 32 96
>>>> tel: +43 (1) 971 32 95
>>>> e-mail: bernhard@unserwein.at <javascript:;>
>>>> twitter: @bernharduw
>>>> web: www.unserwein.at
>>>>
>>>> Am 04.07.2012 um 21:16 schrieb Simon Metson <simon@cloudant.com
>>>> <javascript:;>
>>>>> :
>>>>> You could use CommonJS (
>> http://wiki.apache.org/couchdb/CommonJS_Modules)
>>>> to store the keys, that would make them available to views and
>> validation
>>>> functions, and I think is a bit more efficient than !json (because you
>> can
>>>> use them over multiple functions). It kind of depends on how much
>> turnover
>>>> you expect on the keys.
>>>>> On Wednesday, 4 July 2012 at 20:11, Albin Stigö wrote:
>>>>>
>>>>>> Yes, I agree with you, it can probably be done in JavaScript in a
>>>>>> normal validation function.. The only problem is how to maintain a
>>>>>> list of keys.. For a test version you can just have them stored along
>>>>>> with the code in the validation doc using ie couchapp's !json macro..
>>>>>> But I think it would be really neat with a _keys db..
>>>>>>
>>>>>> Another way of doing it, that I think could be implemented quite
>>>>>> efficiently, is to have a separate worker process listening to changes
>>>>>> stream and have a validation doc that marks all new docs with
>>>>>> "verified: false. The worker process could then change this to true
>>>>>> after it checked the signature. Sorry if I'm a bit brief but I'm
>>>>>> typing this on an iPhone.
>>>>>>
>>>>>> Sendt fra min iPhone
>>>>>>
>>>>>> Den 04/07/2012 kl. 21.00 skrev Bernhard Gschwantner <
>>>> bernhard@unserwein.at <javascript:;> (mailto:bernhard@unserwein.at
>>>> <javascript:;>
>>>> )>:
>>>>>>> I've been following this thread and like the idea. I may be naïve or
>>>>>>> completely wrong, but all this sounds quite easy to solve in a design
>>>>>>> document and with pure javascript, although probably not very
>>>> performant.
>>>>>>> Just take jens' structure proposal and modify openpgp.js a little
>> bit,
>>>> put
>>>>>>> the stuff into a validate_doc_update function, add the allowed public
>>>> keys
>>>>>>> to a design doc (easy with a couchapp), et voilà: you get a
>> completely
>>>>>>> replicable and transparent signature checker ;-)
>>>>>>>
>>>>>>> If I find the time tomorrow, I'll take a shot on a proof of concept.
>>>> The
>>>>>>> building blocks are there already...
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Bernhard
>>>>>>>
>>>>>>> Am Mittwoch, 4. Juli 2012 schrieb Albin Stigö :
>>>>>>>
>>>>>>>> Sounds interesting.. I think I will take this to the developers
>>>> mailing
>>>>>>>> list and see if I will be able to generate some interest in the
>> idea..
>>>>>>>> Albin
>>>>>>>>
>>>>>>>> onsdag den 4. juli 2012 skrev Jan Bot :
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> This would really be a great feature: I'm using CouchDB to manage
>>>> grid
>>>>>>>>> compute jobs and having the ability to sign a document using a
>>>> private
>>>>>>>> key
>>>>>>>>> and check it server side with the public key could really make
>>>> couchdb
>>>>>>>> part
>>>>>>>>> of the grid infrastructure.
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>>
>>>>>>>>> Jan
>>>>>>>>>
>>>>>>>>> On Wed, Jul 4, 2012 at 11:17 AM, Albin Stigö <
>> albin.stigo@gmail.com
>>>> <javascript:;>(mailto:
>>>> albin.stigo@gmail.com <javascript:;>)<javascript:;>
>>>>>>>> <javascript:;>>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> Jens, thanks for the link. Did you ever finish the app where you
>>>> were
>>>>>>>>>> using these techniques?
>>>>>>>>>>
>>>>>>>>>> First I naively thought that it would be enough to hash the body
>> of
>>>>>>>>>> what you are going to PUT/POST and then sign that hash and include
>>>> the
>>>>>>>>>> signature as a custom http header. I guess this would work for
>>>>>>>>>> verifying the data on the first post but you would not be able to
>>>>>>>>>> verify the signature later if couchdb does any parsing of the
>>>>>>>>>> transported data.
>>>>>>>>>>
>>>>>>>>>> What you are suggesting using a canonical representation of of
>> JSON
>>>>>>>>>> seems like a much better idea it also apparently what oauth uses.
>>>>>>>>>>
>>>>>>>>>> I guess this would require some hacking on couchdb. It would be
>>>> really
>>>>>>>>>> neat to have a _keys database much like the _users and for for
>>>>>>>>>> documents to have a _signature field. What do you thin..?
>>>>>>>>>>
>>>>>>>>>> --Albin
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Jul 4, 2012 at 3:07 AM, Jens Alfke <jens@couchbase.com
>>>> <javascript:;>(mailto:
>>>> jens@couchbase.com <javascript:;>)<javascript:;>
>>>>>>>> <javascript:;>>
>>>>>>>>> wrote:
>>>>>>>>>>> On Jul 3, 2012, at 10:01 AM, Jim Klo wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Yes, and as a matter of fact, i just got digital signature
>>>>>>>> validation
>>>>>>>>>> using OpenPGP within a map function working a few minutes ago!
>>>>>>>>>>>> Here's a link to the relevant code:
>> https://github.com/jimklo/TheCollector/blob/master/dataservices/thecollector-resources/views/lib/sig_utils.js
>>>>>>>>>>> As far as I can tell, this code uses a data schema where the
>> signed
>>>>>>>>>> contents are wrapped in some kind of OpenPGP encoding:
>>>>>>>>>>>> var msg_list =
>>>>>>>>>> openpgp.read_message(doc.digital_signature.signature);
>>>>>>>>>>>> for (var i=0; i<msg_list.length; i++) {
>>>>>>>>>>>> isValid |= msg_list[i].verifySignature();
>>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>> It looks like msg_list is the actual document payload, which has
>> to
>>>>>>>> be
>>>>>>>>>> decoded using openpgp.read_message.
>>>>>>>>>>> This is IMHO not a very good solution because it hides the
>> document
>>>>>>>>>> contents away — for example, all the map functions and any app
>> logic
>>>>>>>> that
>>>>>>>>>> uses documents will have to know to call read_message, which will
>>>> also
>>>>>>>>> make
>>>>>>>>>> them slower.
>>>>>>>>>>> The schema I implemented (see my previous message) doesn't alter
>>>> the
>>>>>>>>>> basic document format. The signature is in a nested object but
>>>> applies
>>>>>>>> to
>>>>>>>>>> the entire document contents (minus the signature itself of
>> course).
>>>>>>>>>> There's no need to change any code that reads documents; the only
>>>> time
>>>>>>>>> you
>>>>>>>>>> have to know about the signature scheme is while verifying the
>>>>>>>> signature.
>>>>>>>>>> It's even possible to have multiple signatures on a document.
>>>>>>>>>>> —Jens
>>>>>>> --
>>>>>>>
>>>>>>> Bernhard Gschwantner
>>>>>>> Unser Wein G&U OG
>>>>>>> Kirchengasse 13/7, 1070 Wien
>>>>>>>
>>>>>>> mobil: +43 (6991) 971 32 96
>>>>>>> tel: +43 (1) 971 32 95
>>>>>>> e-mail: bernhard@unserwein.at <javascript:;> (mailto:
>>>> bernhard@unserwein.at <javascript:;>)
>>>>>>> twitter: @bernharduw <http://twitter.com/bernharduw>
>>>>>>> web: www.unserwein.at (http://www.unserwein.at)
>>>>>>>
>>>>>>
>>>> --
>>>>
>>>> Bernhard Gschwantner
>>>> Unser Wein G&U OG
>>>> Kirchengasse 13/7, 1070 Wien
>>>>
>>>> mobil: +43 (6991) 971 32 96
>>>> tel: +43 (1) 971 32 95
>>>> e-mail: bernhard@unserwein.at
>>>> twitter: @bernharduw <http://twitter.com/bernharduw>
>>>> web: www.unserwein.at
>>>>
>