incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Albin Stigö <albin.st...@gmail.com>
Subject Re: Cryptograhically signed docs...
Date Wed, 04 Jul 2012 20:24:09 GMT
Key id.

--Albin

Jan Bot wrote:
> But if you don't know the user who signed the document, how are you going
> to select the proper key to test against? Would the user specify which key
> he used to sign a doc?
>
> Jan
>
> On Wed, Jul 4, 2012 at 10:18 PM, Albin Stigö <albin.stigo@gmail.com> wrote:
>
>> It would, but then you also need to be logged in.. Which I guess sometimes
>> is what you want and sometimes not. If you're not logged in the validation
>> function doesn't have access to your userCtx.
>>
>> --Albin
>>
>> Jan Bot wrote:
>>> Hi,
>>>
>>> Wouldn't it be possible to just store the (public) key of a user within a
>>> userdoc (under _users)?
>>>
>>> Cheers,
>>>
>>> Jan
>>>
>>> On Wed, Jul 4, 2012 at 9:31 PM, Bernhard Gschwantner
>>> <bernhard@unserwein.at>wrote:
>>>
>>>> If you are the only one controlling the keys, a really nice approach for
>>>> managing the keys is with (the original python) couchapp: just store
>> each
>>>> key as a single .json file in a subfolder, and couchapp takes care of
>>>> encoding each key as a property of the design doc. From
>>>> validate_doc_update, you can access the whole design doc via the this
>>>> keyword. So this input:
>>>>
>>>> public_keys
>>>>     Alice.json: ...public key as a string...
>>>>     bob.json: ...bob's key....
>>>>
>>>> Should be accessible in the validate function like this:
>>>>
>>>>    var keys = this.public_keys;
>>>>    keys.forEach(function(key){...})
>>>>
>>>> I'm on the iPad, so also a bit brief... ;-)
>>>>
>>>> Bernhard
>>>>
>>>> --
>>>>
>>>> Bernhard Gschwantner
>>>> Unser Wein G&U OG
>>>> Kirchengasse 13/7, 1070 Wien
>>>>
>>>> mobil: +43 (6991) 971 32 96
>>>> tel: +43 (1) 971 32 95
>>>> e-mail: bernhard@unserwein.at <javascript:;>
>>>> twitter: @bernharduw
>>>> web: www.unserwein.at
>>>>
>>>> Am 04.07.2012 um 21:16 schrieb Simon Metson <simon@cloudant.com
>>>> <javascript:;>
>>>>> :
>>>>> You could use CommonJS (
>> http://wiki.apache.org/couchdb/CommonJS_Modules)
>>>> to store the keys, that would make them available to views and
>> validation
>>>> functions, and I think is a bit more efficient than !json (because you
>> can
>>>> use them over multiple functions). It kind of depends on how much
>> turnover
>>>> you expect on the keys.
>>>>> On Wednesday, 4 July 2012 at 20:11, Albin Stigö wrote:
>>>>>
>>>>>> Yes, I agree with you, it can probably be done in JavaScript in a
>>>>>> normal validation function.. The only problem is how to maintain
a
>>>>>> list of keys.. For a test version you can just have them stored along
>>>>>> with the code in the validation doc using ie couchapp's !json macro..
>>>>>> But I think it would be really neat with a _keys db..
>>>>>>
>>>>>> Another way of doing it, that I think could be implemented quite
>>>>>> efficiently, is to have a separate worker process listening to changes
>>>>>> stream and have a validation doc that marks all new docs with
>>>>>> "verified: false. The worker process could then change this to true
>>>>>> after it checked the signature. Sorry if I'm a bit brief but I'm
>>>>>> typing this on an iPhone.
>>>>>>
>>>>>> Sendt fra min iPhone
>>>>>>
>>>>>> Den 04/07/2012 kl. 21.00 skrev Bernhard Gschwantner <
>>>> bernhard@unserwein.at <javascript:;> (mailto:bernhard@unserwein.at
>>>> <javascript:;>
>>>> )>:
>>>>>>> I've been following this thread and like the idea. I may be naïve
or
>>>>>>> completely wrong, but all this sounds quite easy to solve in
a design
>>>>>>> document and with pure javascript, although probably not very
>>>> performant.
>>>>>>> Just take jens' structure proposal and modify openpgp.js a little
>> bit,
>>>> put
>>>>>>> the stuff into a validate_doc_update function, add the allowed
public
>>>> keys
>>>>>>> to a design doc (easy with a couchapp), et voilà: you get a
>> completely
>>>>>>> replicable and transparent signature checker ;-)
>>>>>>>
>>>>>>> If I find the time tomorrow, I'll take a shot on a proof of concept.
>>>> The
>>>>>>> building blocks are there already...
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Bernhard
>>>>>>>
>>>>>>> Am Mittwoch, 4. Juli 2012 schrieb Albin Stigö :
>>>>>>>
>>>>>>>> Sounds interesting.. I think I will take this to the developers
>>>> mailing
>>>>>>>> list and see if I will be able to generate some interest
in the
>> idea..
>>>>>>>> Albin
>>>>>>>>
>>>>>>>> onsdag den 4. juli 2012 skrev Jan Bot :
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> This would really be a great feature: I'm using CouchDB
to manage
>>>> grid
>>>>>>>>> compute jobs and having the ability to sign a document
using a
>>>> private
>>>>>>>> key
>>>>>>>>> and check it server side with the public key could really
make
>>>> couchdb
>>>>>>>> part
>>>>>>>>> of the grid infrastructure.
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>>
>>>>>>>>> Jan
>>>>>>>>>
>>>>>>>>> On Wed, Jul 4, 2012 at 11:17 AM, Albin Stigö <
>> albin.stigo@gmail.com
>>>> <javascript:;>(mailto:
>>>> albin.stigo@gmail.com <javascript:;>)<javascript:;>
>>>>>>>> <javascript:;>>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> Jens, thanks for the link. Did you ever finish the
app where you
>>>> were
>>>>>>>>>> using these techniques?
>>>>>>>>>>
>>>>>>>>>> First I naively thought that it would be enough to
hash the body
>> of
>>>>>>>>>> what you are going to PUT/POST and then sign that
hash and include
>>>> the
>>>>>>>>>> signature as a custom http header. I guess this would
work for
>>>>>>>>>> verifying the data on the first post but you would
not be able to
>>>>>>>>>> verify the signature later if couchdb does any parsing
of the
>>>>>>>>>> transported data.
>>>>>>>>>>
>>>>>>>>>> What you are suggesting using a canonical representation
of of
>> JSON
>>>>>>>>>> seems like a much better idea it also apparently
what oauth uses.
>>>>>>>>>>
>>>>>>>>>> I guess this would require some hacking on couchdb.
It would be
>>>> really
>>>>>>>>>> neat to have a _keys database much like the _users
and for for
>>>>>>>>>> documents to have a _signature field. What do you
thin..?
>>>>>>>>>>
>>>>>>>>>> --Albin
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Jul 4, 2012 at 3:07 AM, Jens Alfke <jens@couchbase.com
>>>> <javascript:;>(mailto:
>>>> jens@couchbase.com <javascript:;>)<javascript:;>
>>>>>>>> <javascript:;>>
>>>>>>>>> wrote:
>>>>>>>>>>> On Jul 3, 2012, at 10:01 AM, Jim Klo wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Yes, and as a matter of fact, i just got
digital signature
>>>>>>>> validation
>>>>>>>>>> using OpenPGP within a map function working a few
minutes ago!
>>>>>>>>>>>> Here's a link to the relevant code:
>> https://github.com/jimklo/TheCollector/blob/master/dataservices/thecollector-resources/views/lib/sig_utils.js
>>>>>>>>>>> As far as I can tell, this code uses a data schema
where the
>> signed
>>>>>>>>>> contents are wrapped in some kind of OpenPGP encoding:
>>>>>>>>>>>> var msg_list =
>>>>>>>>>> openpgp.read_message(doc.digital_signature.signature);
>>>>>>>>>>>> for (var i=0; i<msg_list.length; i++)
{
>>>>>>>>>>>> isValid |= msg_list[i].verifySignature();
>>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>> It looks like msg_list is the actual document
payload, which has
>> to
>>>>>>>> be
>>>>>>>>>> decoded using openpgp.read_message.
>>>>>>>>>>> This is IMHO not a very good solution because
it hides the
>> document
>>>>>>>>>> contents away — for example, all the map functions
and any app
>> logic
>>>>>>>> that
>>>>>>>>>> uses documents will have to know to call read_message,
which will
>>>> also
>>>>>>>>> make
>>>>>>>>>> them slower.
>>>>>>>>>>> The schema I implemented (see my previous message)
doesn't alter
>>>> the
>>>>>>>>>> basic document format. The signature is in a nested
object but
>>>> applies
>>>>>>>> to
>>>>>>>>>> the entire document contents (minus the signature
itself of
>> course).
>>>>>>>>>> There's no need to change any code that reads documents;
the only
>>>> time
>>>>>>>>> you
>>>>>>>>>> have to know about the signature scheme is while
verifying the
>>>>>>>> signature.
>>>>>>>>>> It's even possible to have multiple signatures on
a document.
>>>>>>>>>>> —Jens
>>>>>>> --
>>>>>>>
>>>>>>> Bernhard Gschwantner
>>>>>>> Unser Wein G&U OG
>>>>>>> Kirchengasse 13/7, 1070 Wien
>>>>>>>
>>>>>>> mobil: +43 (6991) 971 32 96
>>>>>>> tel: +43 (1) 971 32 95
>>>>>>> e-mail: bernhard@unserwein.at <javascript:;> (mailto:
>>>> bernhard@unserwein.at <javascript:;>)
>>>>>>> twitter: @bernharduw <http://twitter.com/bernharduw>
>>>>>>> web: www.unserwein.at (http://www.unserwein.at)
>>>>>>>
>>>>>>
>>>> --
>>>>
>>>> Bernhard Gschwantner
>>>> Unser Wein G&U OG
>>>> Kirchengasse 13/7, 1070 Wien
>>>>
>>>> mobil: +43 (6991) 971 32 96
>>>> tel: +43 (1) 971 32 95
>>>> e-mail: bernhard@unserwein.at
>>>> twitter: @bernharduw <http://twitter.com/bernharduw>
>>>> web: www.unserwein.at
>>>>
>

Mime
View raw message