Kleopatra: Signed group definition
Open, NormalPublic
Actions

Assigned To

None

Authored By

	aheinecke
	Sep 4 2023, 12:47 PM

Description

Since we are now considering sharing groups over a directory service we need to ensure that there can be a rights management implmented about who should be able to add or remove users from a group. For that we need at least the identity of the certficate that modified the group.

We have decided that we do not need to sign the actual keys contained in that file, since esp. with the availability of the Direcotry service we do not need to store the actual keys in the group definition.

My suggestion would be add the signature also as a key/value pair with a Base64 representation of the binary signature (I think a QByteArray is stored in base64? )
And to build the signature over the Key/Value pairs of the other entries of this group. This seems to me the most future proof when we might add more meta information (like uids?!) to the group information.

So something likepseudocode:

QByteArray signature = group.read("Signature").toByteArray();
QByteArray data;
foreach (key: group.keys().sorted()) {
   if (key == "Signature")
       continue;
   data += key.toUtf8();
   data += group.value().toByteArray();
}
verify (data, signature);

Related Objects
Search...

		Status	Assigned	Task
		Open	TobiasFella	T6916 Kleopatra group related improvements
		Open	None	T6703 Kleopatra: Signed group definition

Event Timeline

aheinecke triaged this task as Normal priority.Sep 4 2023, 12:47 PM

aheinecke created this task.

• ebo added a parent task: T6916: Kleopatra group related improvements.Jan 3 2024, 12:05 PM

Kleopatra: Signed group definitionOpen, NormalPublicActions

Description

Related ObjectsSearch...

Event Timeline

Kleopatra: Signed group definition
Open, NormalPublic
Actions

Related Objects
Search...