incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Klo <jim....@sri.com>
Subject Re: Cryptograhically signed docs...
Date Tue, 03 Jul 2012 17:01:48 GMT
Yes, and as a matter of fact, i just got digital signature validation using OpenPGP within
a map function working a few minutes ago!

Here's a link to the relevant code: https://github.com/jimklo/TheCollector/blob/master/dataservices/thecollector-resources/views/lib/sig_utils.js

I'm using my own slightly edited version of the OpenPGP.js (http://openpgpjs.org/) project
library.  Essentially all I did was add a CommonJS exports.openpgp declaration and some mock
object declaration (navigator, localStorage, etc)

The problem you run into however with what you want to do, is you will not have access to
the a user object inside or a userCtx since you're not actually authenticating to pair a valid
keyid with. The best you might do is use a validate update doc function with a fixed set of
whitelisted public keys stored in your design doc. It's not very scalable, but really your
only solution since you can't break the idempotency to fetch additional external public keys.


Jim Klo
Senior Software Engineer
Center for Software Engineering
SRI International

On Jul 3, 2012, at 8:53 AM, Albin Stigö wrote:

Hi,

Did anyone experiment with cryptographically signing docs as a method
of "authentication"..? I was thinking something along these lines:
Instead of using name/password login all posted docs must be signed
with a private key. The server has a list of the public keys that are
allowed to post. If the signature is not correct the validation
function rejects the new/updated doc.

I think this scheme could have many interesting use cases... It might
also be a way of maintaining "ownership" across replication.

Did anyone try this?

--Albin


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message