Use external store for OpenPGP keys #119

New Issue

Open

opened 2023-03-08 12:43:14 +01:00 by wiktor · 2 comments

wiktor commented

2023-03-08 12:43:14 +01:00

Contributor

Hi,

I've noticed that GnuPG module uses GnuPG specific store for public keys.

I think it would be good to make these functions use some non-implementation specific store (e.g. Sqlite database mapping emails to keys). This way it's easier to migrate to/from Sequoia.

There are additional benefits: for example currently one user could overwrite other's keys if they add UserID with e-mail of the other user or if they try to upload multiple keys. One additional issue is that since secret keys and public keys are in one place a rogue user could mess with secret key packets of the signing key.

I'm volunteering for providing a patch but would like to have "ack" beforehand if you don't mind :) and of course I'm open for suggestions about the backend to use or any other things.

Thanks and have a nice day! 👋

Hi, I've noticed that [GnuPG module uses GnuPG specific store](https://git.disroot.org/Disroot/gpg-lacre/src/branch/main/GnuPG/__init__.py#L115-L125 ) for public keys. I think it would be good to make these functions use some non-implementation specific store (e.g. Sqlite database mapping emails to keys). This way it's easier to migrate to/from Sequoia. There are additional benefits: for example currently one user could overwrite other's keys if they add UserID with e-mail of the other user or if they try to upload multiple keys. One additional issue is that since secret keys and public keys are in one place a rogue user could mess with secret key packets of the signing key. I'm volunteering for providing a patch but would like to have "ack" beforehand if you don't mind :) and of course I'm open for suggestions about the backend to use or any other things. Thanks and have a nice day! 👋

👍 1

pfm added the

IDEA

label 2023-03-11 11:07:09 +01:00

pfm added this to the Sequoia Integration milestone 2023-03-11 11:16:13 +01:00

pfm commented

2023-03-11 11:41:11 +01:00

Collaborator

Thank you, I like this idea a lot -- we'd need fewer calls to external processes as well.

However, it doesn't need to be fixed to one RDBMS (SQLite). We already use administrator-configured database to store keys submitted via web form. See webgate-cron.py for details.

Thank you, I like this idea a lot -- we'd need fewer calls to external processes as well. However, it doesn't need to be fixed to one RDBMS (SQLite). We already use administrator-configured database to store keys submitted via web form. See [webgate-cron.py](https://git.disroot.org/Disroot/gpg-lacre/src/commit/7389dc8fde9e32f72d93f9c0b74dd1304ee8977c/webgate-cron.py#L74-L90) for details.

wiktor commented

2023-03-14 15:14:34 +01:00

Author

Contributor

We already use administrator-configured database to store keys submitted via web form. See webgate-cron.py for details.

Yep, this sounds good. Will investigate!

> We already use administrator-configured database to store keys submitted via web form. See webgate-cron.py for details. Yep, this sounds good. Will investigate!