couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <>
Subject Re: Cryptograhically signed docs...
Date Thu, 05 Jul 2012 15:48:05 GMT

On Jul 4, 2012, at 1:21 PM, Jan Bot wrote:

> But if you don't know the user who signed the document, how are you going
> to select the proper key to test against? Would the user specify which key
> he used to sign a doc?

Generally you put the public key itself (possibly wrapped in a certificate) into the document
along with the signature.

Note that with signed documents, it becomes almost unimportant who the uploader of the document
is. If someone PUTs a signed document to your database, its author is the principal who originally
signed it; it doesn't matter who uploaded it. It could be uploaded anonymously and the system
wouldn't necessarily lose any security. (This is very useful when designing P2P systems where
documents might get routed/replicated to you via someone who's nearby but not necessarily

View raw message