incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: Proposal for digital signatures of documents
Date Sun, 08 Mar 2009 17:14:08 GMT
On Sun, Mar 8, 2009 at 12:49 AM, Jens Alfke <jens@mooseyard.com> wrote:
> I've written a proposal of a schema for digitally signing CouchDB documents:
>
>        http://wiki.apache.org/couchdb/SignedDocuments
>
> Essentially, you add a nested object to the JSON that contains the signature
> data, the document digest, and the public key identifying the signer. This
> is a direct translation from the original YAML of a schema I designed &
> implemented a year ago for an application I was working on. The underlying
> ideas come from the earlier "key-centric identity" systems SDSI and SPKI.

I think this is important stuff (working on a p2p messaging
application right now that will use it). It's not about trusted or
untrusted nodes, it's about validating authors of documents when you
can't trace the provenance.

I think you'll want to add to the signature field, a list of the
signed fields. This way _rev can change freely, and intermediate users
can add new fields, without breaking the signature.

>
> I don't think this would require any changes to CouchDB itself. But most
> uses of it would require verifying signatures in document validation
> functions; this requires doing some serious crypto (like RSA encoding), and
> I don't know if there is any reliable and performant JavaScript
> implementation of that.
>

There are reliable JS md5 and sha1 libs. Will that get you there?

-- 
Chris Anderson
http://jchris.mfdz.com

Mime
View raw message