incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <j...@couchbase.com>
Subject Re: Cryptograhically signed docs...
Date Wed, 04 Jul 2012 01:07:45 GMT

On Jul 3, 2012, at 10:01 AM, Jim Klo wrote:

> Yes, and as a matter of fact, i just got digital signature validation using OpenPGP within
a map function working a few minutes ago!
> Here's a link to the relevant code: https://github.com/jimklo/TheCollector/blob/master/dataservices/thecollector-resources/views/lib/sig_utils.js

As far as I can tell, this code uses a data schema where the signed contents are wrapped in
some kind of OpenPGP encoding:

>         var msg_list = openpgp.read_message(doc.digital_signature.signature);
>         for (var i=0; i<msg_list.length; i++) {
>             isValid |= msg_list[i].verifySignature();
>         }

It looks like msg_list is the actual document payload, which has to be decoded using openpgp.read_message.

This is IMHO not a very good solution because it hides the document contents away — for
example, all the map functions and any app logic that uses documents will have to know to
call read_message, which will also make them slower.

The schema I implemented (see my previous message) doesn't alter the basic document format.
The signature is in a nested object but applies to the entire document contents (minus the
signature itself of course). There's no need to change any code that reads documents; the
only time you have to know about the signature scheme is while verifying the signature. It's
even possible to have multiple signatures on a document.

—Jens
Mime
View raw message