Page MenuHome GnuPG
Create Task
Maniphest T6703

Kleopatra: Signed group definition
Open, NormalPublic
Actions

Description

Since we are now considering sharing groups over a directory service we need to ensure that there can be a rights management implmented about who should be able to add or remove users from a group. For that we need at least the identity of the certficate that modified the group.

We have decided that we do not need to sign the actual keys contained in that file, since esp. with the availability of the Direcotry service we do not need to store the actual keys in the group definition.

My suggestion would be add the signature also as a key/value pair with a Base64 representation of the binary signature (I think a QByteArray is stored in base64? )
And to build the signature over the Key/Value pairs of the other entries of this group. This seems to me the most future proof when we might add more meta information (like uids?!) to the group information.

So something likepseudocode:

QByteArray signature = group.read("Signature").toByteArray();
QByteArray data;
foreach (key: group.keys().sorted()) {
   if (key == "Signature")
       continue;
   data += key.toUtf8();
   data += group.value().toByteArray();
}
verify (data, signature);

Related Objects
Search...

StatusAssignedTask
 OpenNoneT6916 Kleopatra group related improvements
 OpenNoneT6703 Kleopatra: Signed group definition

Event Timeline

aheinecke triaged this task as Normal priority.Sep 4 2023, 12:47 PM
aheinecke created this task.
ebo added a parent task: T6916: Kleopatra group related improvements.Jan 3 2024, 12:05 PM
alexk added a project: to-be-discussed.Apr 30 2024, 5:30 PM
ikloecker added subscribers: werner, ikloecker.Aug 20 2024, 5:05 PM

We discussed a different file format for group definitions. It's based on gpg's --with-colons format.

Example:

grp:group@example.net
key:V4FPR:V5FPR
key:V4FPR2:V5FPR2
...
sig:BASE64-ENCODED-SIGNATURE
grp:another-group@example.net
key:V4FPR5:V5FPR5
key:V4FPR6:V5FPR6
...
sig:BASE64-ENCODED-SIGNATURE

The group names do not need to be email addresses. They are stored as UTF-8-encoded text. The group names "group@example.net" and "another-group@example.net" are unique, i.e. groups with the same name should be treated as the same group on import and Kleopatra should offer to replace the existing group definition with the imported group definition (potentially checking the signature dates to find out which definition is newer).

The signature is created over the grp line and all key lines.

The "group ID" in the current group definitions should become an internal implementation detail that's not stored in the group definition.