incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Albin Stigö <albin.st...@gmail.com>
Subject Re: Cryptograhically signed docs...
Date Wed, 04 Jul 2012 09:17:31 GMT
Hi,

Jens, thanks for the link. Did you ever finish the app where you were
using these techniques?

First I naively thought that it would be enough to hash the body of
what you are going to PUT/POST and then sign that hash and include the
signature as a custom http header. I guess this would work for
verifying the data on the first post but you would not be able to
verify the signature later if couchdb does any parsing of the
transported data.

What you are suggesting using a canonical representation of of JSON
seems like a much better idea it also apparently what oauth uses.

I guess this would require some hacking on couchdb. It would be really
neat to have a _keys database much like the _users and for for
documents to have a _signature field. What do you thin..?

--Albin



On Wed, Jul 4, 2012 at 3:07 AM, Jens Alfke <jens@couchbase.com> wrote:
>
> On Jul 3, 2012, at 10:01 AM, Jim Klo wrote:
>
>> Yes, and as a matter of fact, i just got digital signature validation using OpenPGP
within a map function working a few minutes ago!
>> Here's a link to the relevant code: https://github.com/jimklo/TheCollector/blob/master/dataservices/thecollector-resources/views/lib/sig_utils.js
>
> As far as I can tell, this code uses a data schema where the signed contents are wrapped
in some kind of OpenPGP encoding:
>
>>         var msg_list = openpgp.read_message(doc.digital_signature.signature);
>>         for (var i=0; i<msg_list.length; i++) {
>>             isValid |= msg_list[i].verifySignature();
>>         }
>
> It looks like msg_list is the actual document payload, which has to be decoded using
openpgp.read_message.
>
> This is IMHO not a very good solution because it hides the document contents away —
for example, all the map functions and any app logic that uses documents will have to know
to call read_message, which will also make them slower.
>
> The schema I implemented (see my previous message) doesn't alter the basic document format.
The signature is in a nested object but applies to the entire document contents (minus the
signature itself of course). There's no need to change any code that reads documents; the
only time you have to know about the signature scheme is while verifying the signature. It's
even possible to have multiple signatures on a document.
>
> —Jens

Mime
View raw message