nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

RS IZ; using detached signatures and verification things

Browse source
This commit is contained in:
ilya 2010-07-12 18:31:20 -07:00
parent bb146820bf
commit 406c00aeb6
9 changed files with 92 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/models/person.rb
View file

@ -26,7 +26,7 @@ class Person
validates_true_for :url, :logic => lambda { self.url_unique?}
after_destroy :remove_all_traces
after_destroy :remove_all_traces, :remove_key
scope :friends, where(:_type => "Person", :active => true)
@ -66,6 +66,9 @@ class Person
Comment.delete_all(:person_id => self.id)
end
def remove_key
ctx = GPGME::Ctx.new
ctx.delete_key(key)
end
end

10
app/models/post.rb
View file

@ -47,8 +47,11 @@ class Post
key :owner_signature, String
def verify_signature
return false unless owner_signature && person.key_fingerprint
GPGME.verify(owner_signature){ |signature|
return signature.validity == GPGME::VALIDITY_FULL
GPGME::verify(owner_signature, {:always_trust => true}){ |signature|
return signature.status == GPGME::GPG_ERR_NO_ERROR &&
#signature.to_s.include?("Good signature from ") &&
signature.fpr == person.key_fingerprint
#validity = validity && person.key_fingerprint == signature.fpr
}
#validity = validity && (signed_text == to_xml.to_s)
@ -56,7 +59,8 @@ class Post
protected
def sign_if_mine
if self.person == User.first
self.owner_signature = GPGME::sign(to_xml.to_s,nil,{:armor=> true})
self.owner_signature = GPGME::sign(to_xml.to_s,nil,{
:armor=> true, :mode => GPGME::SIG_MODE_DETACH})
end
end

1
app/models/user.rb
View file

@ -60,6 +60,7 @@ class User < Person
friend_request.activate_friend
friend_request.destroy
else
GPGME.import(friend_request.exported_key)
friend_request.person.save
friend_request.save
end

BIN
gpg/diaspora-test/pubring.gpg
View file

Binary file not shown.

BIN
gpg/diaspora-test/trustdb.gpg
View file

Binary file not shown.

24
spec/fixtures/msg.xml.clear.asc vendored Normal file
View file

@ -0,0 +1,24 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
<status_message>
<message>jimmy's 1 whales</message>
<_id>4c3b7cf9312f91367f000004</_id>
<person>
<email>bob1@aol.com</email>
<url>http://www.example.com/</url>
<_id>4c3b7c64312f913664000005</_id>
<key_fingerprint>0264242496D4B585297BF236BEEFE6DEBE3407AA</key_fingerprint>
<profile>
<first_name>Bob</first_name>
<last_name>Smith</last_name>
</profile>
</person>
</status_message>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkw7qBYACgkQ5hWCpTN+yRI3uwCgj4RhakQQP9K3Lu7fkHYydcEB
J30AnjQZjwY7e1VBkYp6NmL3z2039s5R
=ifDI
-----END PGP SIGNATURE-----

7
spec/fixtures/msg.xml.detached.asc vendored Normal file
View file

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEABECAAYFAkw7p+YACgkQ5hWCpTN+yRIrHgCghpIwNtqODBwaEjL6duFNcTKv
+XYAoKWvcAz76dmAvD71QkTue5F67cq8
=jIOx
-----END PGP SIGNATURE-----

13
spec/fixtures/msg.xml.normal.asc vendored Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)
owGbwMvMwCT4TLRpqXHdSSHGtYxbkthzi9P1KnJzfKyXH7cpLkksKS2Oz00tLk5M
T7XjUlCwgbGzMnNzK9WLFQwVyjMSc1KLbfSRVcVnptiZJBsnmSenWRobGqVZGhqb
macZgICJjT5IFqSqILWoOD8PxARyUnMTM3PskvKTDB0S83P0kvNzbfQhYhD50qIc
u4ySkgIrff3y8nK91IrE3IKcVJA6fRt9kCREGcJmMxOYzWYmYJtN4TYD1WWnVsan
ZealpxYVFGXmldgZGJmZGAGhpZmLiZOphamRpbmTm5GxmZOrq5urmYurk6uxiYG5
o6ONPrpOiHkFRflpmTmpEB6Qn5ZZVFwSn5eYm2rnlJ9ko4/EhynJSYSJBOdmlmTY
6CMEIGbqIxkK5EBDy0YfLVo63FgYBJkY2FiZQJHGwMUpAIvRzhkMC04tX8j8bv3T
QpXm+waPDzQ0HT38p45hntLiCTerfep5uNpMLHWWW75e9vqqAwA=
=k+0d
-----END PGP MESSAGE-----

38
spec/user_encryption_spec.rb
View file

@ -13,6 +13,7 @@ describe 'user encryption' do
@u.send(:assign_key)
@u.save
end
# after :all do
#gpgdir = File.expand_path("../../db/gpg-#{Rails.env}", __FILE__)
#ctx = GPGME::Ctx.new
@ -20,6 +21,17 @@ describe 'user encryption' do
#keys.each{|k| ctx.delete_key(k, true)}
#end
it 'should remove the key from the keyring on person destroy' do
person = Factory.create :person
keyid = person.key_fingerprint
original_key = person.export_key
GPGME.list_keys(keyid).count.should be 1
person.destroy
GPGME.list_keys(keyid).count.should be 0
GPGME.import(original_key)
GPGME.list_keys(keyid).count.should be 1
end
it 'should have a key fingerprint' do
@u.key_fingerprint.should_not be nil
end
@ -65,14 +77,34 @@ describe 'user encryption' do
end
it 'should not be able to verify a message from a person without a key' do
person = Factory.create(:person)
person = Factory.create(:person, :key_fingerprint => "123")
message = Factory.create(:status_message, :person => person)
message.verify_signature.should be false
end
it 'should know if the signature is from the wrong person' do
pending
it 'should verify a remote signature' do
person = Factory.create(:person, :key_fingerprint => GPGME.list_keys("Ilya").first.subkeys.first.fpr)
message = Factory.create(:status_message, :person => person,
:owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.normal.asc").read)
# :owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.detached.asc").read)
# :owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.clear.asc").read)
message.verify_signature.should be true
end
it 'should know if the signature is from the wrong person' do
person = Factory.create(:person, :key_fingerprint => GPGME.list_keys("Ilya").first.subkeys.first.fpr)
message = Factory.create(:status_message, :person => person,
:owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.normal.asc").read)
# :owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.detached.asc").read)
# :owner_signature => File.open(File.dirname(__FILE__) + "/fixtures/msg.xml.clear.asc").read)
message.person = @u
message.verify_signature.should be false
end
it 'should know if the signature is for the wrong text' do
pending
end
end
end