Home GnuPG
Diffusion libphutil 2ed0bc456971

Allow Conduit requests to be signed with a public/private keypair
2ed0bc456971Unpublished
Actions

Unpublished Commit ยท Learn More

Repository Importing: This repository is still importing.

Description

Allow Conduit requests to be signed with a public/private keypair

Summary:
This allows callers (in the future, servers in a cluster or instances) to sign Conduit requests with an asymmetric keypair instead of a certificate or token.

Overall we could get away without this, but it seems worth doing for a few reasons:

  • By binding Device identity to SSH keys, we can also authorize them over (real) SSH easily, and not need separate conduit / SSH keys.
  • Asymmetric key cryptography is strong and well understood, and we never have to share or transmit private keys.
  • This is potentially useful to third parties for device identity, in a way that custom Conduit stuff wouldn't be.

Test Plan:

  • Added unit tests.
  • Will actually test once I mess with the other half of this.

Reviewers: hach-que, #blessed_reviewers, btrahan

Reviewed By: #blessed_reviewers, btrahan

Subscribers: epriestley, Korvin

Maniphest Tasks: T6240

Differential Revision: https://secure.phabricator.com/D10402

Details

Provenance
epriestley <git@epriestley.com>Authored on Nov 15 2014, 12:37 PM
Parents
rPHUTIL0135e57181a9: Assume utf8mb4 support
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHUTIL2ed0bc456971: Allow Conduit requests to be signed with a public/private keypair (authored by epriestley <git@epriestley.com>).Nov 15 2014, 12:37 PM

Changes (4)

PathSize
src/
conduit/

rPHUTIL2ed0bc456971

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/conduit/ConduitClient.php

Loading...
View Options

src/conduit/__tests__/ConduitClientTestCase.php

Loading...