Return-Path: 
 <user-return-21441-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id CB9E4DFC5
	for <apmail-couchdb-user-archive@www.apache.org>;
 Wed,  4 Jul 2012 19:00:37 +0000 (UTC)
Received: (qmail 64765 invoked by uid 500); 4 Jul 2012 19:00:36 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 64682 invoked by uid 500); 4 Jul 2012 19:00:36 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 64672 invoked by uid 99); 4 Jul 2012 19:00:36 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Jul 2012 19:00:36 +0000
X-ASF-Spam-Status: No, hits=2.2 required=5.0
	tests=FSL_RCVD_USER,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [209.85.214.180] (HELO mail-ob0-f180.google.com)
 (209.85.214.180)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Jul 2012 19:00:30 +0000
Received: by obbuo19 with SMTP id uo19so12904962obb.11
        for <user@couchdb.apache.org>; Wed, 04 Jul 2012 12:00:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:x-originating-ip:in-reply-to:references:date
         :message-id:subject:from:to:content-type:x-gm-message-state;
        bh=JXmjT8/in5z967y3LRot79h6SrIJ6oRUFDyJFvyojM0=;
        b=UhqyDTBl/GDoS1BRgwXYqTEnrt+svZx/wVzmEkFAJ/z318sXl0wJlGTMCCYC/HqQVG
         UIlmQskN1xBLXIk+Tp0ktiCxyXRIdiSqUa+eqx0xIRYrSul3ZplF06dvHPYmNVXf6w2I
         qP5D5JajEwwury1GOVM2etHEt9tFLdNbI8yaUGlLijq6igWDdfu4eaopM98+r0dX8RK8
         A8iiA4Eg2zMScnHqJmfgBK7mOHED7NgTSrsRE/fszMThJEbMhlzXQQV/qYebMySXgIxK
         dTV/x6vxnt7JEZQdf2aWOQqJRuEx5uqBfp8B2RnZnSv3sRTEo0sgT8EkuHTVQbRilgIs
         vcFA==
MIME-Version: 1.0
Received: by 10.60.21.198 with SMTP id x6mr2061996oee.24.1341428409148; Wed,
 04 Jul 2012 12:00:09 -0700 (PDT)
Received: by 10.182.125.40 with HTTP; Wed, 4 Jul 2012 12:00:09 -0700 (PDT)
X-Originating-IP: [62.178.167.102]
In-Reply-To: 
 <CAMc++1VB-gNi=byzW_1to_EjWmZ4hvKmKC7-jAvupjSu7MQEsg@mail.gmail.com>
References: 
 <CAMc++1U53sht7v24j+ktQyNe=e2cDTkCsdsX3Bm-KY-0rLR=Eg@mail.gmail.com>
	<79061073-7E58-4CBC-9DC1-8A98C6811796@sri.com>
	<0848BFC4-1340-4FF9-A04D-EE6D205A90A0@couchbase.com>
	<CAMc++1VzimcH8sFzYunE2PSANz_8+4ufzv0H0HQoCYRUQpq2oQ@mail.gmail.com>
	<CAKrvCPiuq9DAe_rHVeKW4c2iOe7snopuyJxJFOEexK8pV+o22w@mail.gmail.com>
	<CAMc++1VB-gNi=byzW_1to_EjWmZ4hvKmKC7-jAvupjSu7MQEsg@mail.gmail.com>
Date: Wed, 4 Jul 2012 21:00:09 +0200
Message-ID: 
 <CAGUGYeiwmNwZ-wYrGOXB7Qym8yE+B-uSqKQyc83hC6qM_jsrCQ@mail.gmail.com>
Subject: Re: Cryptograhically signed docs...
From: Bernhard Gschwantner <bernhard@unserwein.at>
To: "user@couchdb.apache.org" <user@couchdb.apache.org>
Content-Type: multipart/alternative; boundary=e89a8fb1ede8d1a6d604c405a32b
X-Gm-Message-State: 
 ALoCoQmklqXl6HCq4esHs9JzOhx8866yAtE1uZrtlSs4K/kOB04v397bg51zaz+VXI9dyNxCdqD6
X-Virus-Checked: Checked by ClamAV on apache.org

--e89a8fb1ede8d1a6d604c405a32b
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I've been following this thread and like the idea. I may be na=C3=AFve or
completely wrong, but all this sounds quite easy to solve in a design
document and with pure javascript, although probably not very performant.
Just take jens' structure proposal and modify openpgp.js a little bit, put
the stuff into a validate_doc_update function, add the allowed public keys
to a design doc (easy with a couchapp), et voil=C3=A0: you get a completely
replicable and transparent signature checker ;-)

If I find the time tomorrow, I'll take a shot on a proof of concept. The
building blocks are there already...

Cheers,
Bernhard

Am Mittwoch, 4. Juli 2012 schrieb Albin Stig=C3=B6 :

> Sounds interesting.. I think I will take this to the developers mailing
> list and see if I will be able to generate some interest in the idea..
>
> Albin
>
> onsdag den 4. juli 2012 skrev Jan Bot :
>
> > Hi,
> >
> > This would really be a great feature: I'm using CouchDB to manage grid
> > compute jobs and having the ability to sign a document using a private
> key
> > and check it server side with the public key could really make couchdb
> part
> > of the grid infrastructure.
> >
> > Cheers,
> >
> > Jan
> >
> > On Wed, Jul 4, 2012 at 11:17 AM, Albin Stig=C3=B6 <albin.stigo@gmail.co=
m<javascript:;>
> <javascript:;>>
> > wrote:
> >
> > > Hi,
> > >
> > > Jens, thanks for the link. Did you ever finish the app where you were
> > > using these techniques?
> > >
> > > First I naively thought that it would be enough to hash the body of
> > > what you are going to PUT/POST and then sign that hash and include th=
e
> > > signature as a custom http header. I guess this would work for
> > > verifying the data on the first post but you would not be able to
> > > verify the signature later if couchdb does any parsing of the
> > > transported data.
> > >
> > > What you are suggesting using a canonical representation of of JSON
> > > seems like a much better idea it also apparently what oauth uses.
> > >
> > > I guess this would require some hacking on couchdb. It would be reall=
y
> > > neat to have a _keys database much like the _users and for for
> > > documents to have a _signature field. What do you thin..?
> > >
> > > --Albin
> > >
> > >
> > >
> > > On Wed, Jul 4, 2012 at 3:07 AM, Jens Alfke <jens@couchbase.com<javasc=
ript:;>
> <javascript:;>>
> > wrote:
> > > >
> > > > On Jul 3, 2012, at 10:01 AM, Jim Klo wrote:
> > > >
> > > >> Yes, and as a matter of fact, i just got digital signature
> validation
> > > using OpenPGP within a map function working a few minutes ago!
> > > >> Here's a link to the relevant code:
> > >
> >
> https://github.com/jimklo/TheCollector/blob/master/dataservices/thecollec=
tor-resources/views/lib/sig_utils.js
> > > >
> > > > As far as I can tell, this code uses a data schema where the signed
> > > contents are wrapped in some kind of OpenPGP encoding:
> > > >
> > > >>         var msg_list =3D
> > > openpgp.read_message(doc.digital_signature.signature);
> > > >>         for (var i=3D0; i<msg_list.length; i++) {
> > > >>             isValid |=3D msg_list[i].verifySignature();
> > > >>         }
> > > >
> > > > It looks like msg_list is the actual document payload, which has to
> be
> > > decoded using openpgp.read_message.
> > > >
> > > > This is IMHO not a very good solution because it hides the document
> > > contents away =E2=80=94 for example, all the map functions and any ap=
p logic
> that
> > > uses documents will have to know to call read_message, which will als=
o
> > make
> > > them slower.
> > > >
> > > > The schema I implemented (see my previous message) doesn't alter th=
e
> > > basic document format. The signature is in a nested object but applie=
s
> to
> > > the entire document contents (minus the signature itself of course).
> > > There's no need to change any code that reads documents; the only tim=
e
> > you
> > > have to know about the signature scheme is while verifying the
> signature.
> > > It's even possible to have multiple signatures on a document.
> > > >
> > > > =E2=80=94Jens
> > >
> >
>


--=20

Bernhard Gschwantner
Unser Wein G&U OG
Kirchengasse 13/7, 1070 Wien

mobil: +43 (6991) 971 32 96
tel: +43 (1) 971 32 95
e-mail: bernhard@unserwein.at
twitter: @bernharduw <http://twitter.com/bernharduw>
web: www.unserwein.at

--e89a8fb1ede8d1a6d604c405a32b--