Use external store for OpenPGP keys #119
Labels
No Label
ANSIBLE
BUG
CODE
DEVELOPMENT
DOCUMENTATION
FEEDBACK
FIX
HOWTOs
IDEA
INFRA
ISSUE
MAILSERVER
TESTS
To-Be-Reviewed
WEB
WEBSITE
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Disroot/gpg-lacre#119
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi,
I've noticed that GnuPG module uses GnuPG specific store for public keys.
I think it would be good to make these functions use some non-implementation specific store (e.g. Sqlite database mapping emails to keys). This way it's easier to migrate to/from Sequoia.
There are additional benefits: for example currently one user could overwrite other's keys if they add UserID with e-mail of the other user or if they try to upload multiple keys. One additional issue is that since secret keys and public keys are in one place a rogue user could mess with secret key packets of the signing key.
I'm volunteering for providing a patch but would like to have "ack" beforehand if you don't mind :) and of course I'm open for suggestions about the backend to use or any other things.
Thanks and have a nice day! 👋
Thank you, I like this idea a lot -- we'd need fewer calls to external processes as well.
However, it doesn't need to be fixed to one RDBMS (SQLite). We already use administrator-configured database to store keys submitted via web form. See webgate-cron.py for details.
Yep, this sounds good. Will investigate!