kosmos/akkounts
kosmos/akkounts
8
1
Fork 0
Code Issues 19 Pull Requests 1 Actions Packages Releases 12 Activity

Let users upload their OpenPGP public key, and serve WKD response #205

Merged
raucao merged 16 commits from feature/191-gpg_keys_wkd into master 2024-10-14 14:08:32 +00:00
Conversation 4 Commits 16 Files Changed 44 +869 -132
raucao commented 2024-09-23 17:31:22 +00:00
Owner
Copy Link

This changeset allows users to upload their PGP key on the Account settings page. Valid keys are immediately imported to the server's GnuPG keychain. If the key contains the user's account address in one of it's UIDs, then it will be served via the .well-known Web Key Directory endpoint.

See commit messages for details.

closes #191

This changeset allows users to upload their PGP key on the Account settings page. Valid keys are immediately imported to the server's GnuPG keychain. If the key contains the user's account address in one of it's UIDs, then it will be served via the `.well-known` [Web Key Directory](https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/) endpoint. See commit messages for details. closes #191
Screenshot from 2024-09-23 19-30-27.png
162 KiB
Screenshot from 2024-09-23 19-30-51.png
93 KiB
Screenshot from 2024-09-23 19-30-03.png
219 KiB
Screenshot from 2024-09-23 19-30-27.png Screenshot from 2024-09-23 19-30-51.png Screenshot from 2024-09-23 19-30-03.png
raucao added the
feature
kredits-2
 labels 2024-09-23 17:31:22 +00:00
raucao added 7 commits 2024-09-23 17:31:23 +00:00
Add OpenPGP key to LDAP directory and User model
All checks were successful
continuous-integration/drone/push Build is passing
Details
90a8a70c15
Move some Rails app services to UserManager namespace
All checks were successful
continuous-integration/drone/push Build is passing
Details
ba683a7b95 
No need to read the route sources all the time
Allow users to update their OpenPGP pubkey
All checks were successful
continuous-integration/drone/push Build is passing
Details
3042a02a17 
Serve public keys in binary and armored text, if they contain a user's
account address.
Link the key to the ASCII Armor WKD endpoint, if it contains the user's
account address
Whitespace
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
37b106e73c
raucao added 1 commit 2024-09-23 18:36:29 +00:00
Remove example link
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
9f6fa6deba 
Until we have a live example on kosmos.org
raucao added 3 commits 2024-09-24 22:20:46 +00:00
Gracefully handle wrong capitalization of username
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
534e5a9d3c
raucao requested review from Core 2024-09-25 16:37:47 +00:00
raucao commented 2024-09-26 09:27:48 +00:00
Author
Owner
Copy Link

I think I forgot to add the policy endpoint. Will mark it as WIP again, but it's ready to review.

Edit: never mind. The spec is rather vague about it, but it only seems to be necessary if the server supports the submission part of the protocol. And I found at least one major implementation (keys.openpgp.org) that I'm almost certain uses the wrong URL for it, too. Sent a request to the authors to clarify.

Edit 2: Already got a reply. I read it wrong, just needs to be an empty response for us. The spec doesn't specify specific status codes, but obviously 404 shouldn't count. Also, that other server is using the wrong URI for sure.

I think I forgot to add the policy endpoint. Will mark it as WIP again, but it's ready to review. Edit: never mind. The spec is rather vague about it, but it only seems to be necessary if the server supports the submission part of the protocol. And I found at least one major implementation (keys.openpgp.org) that I'm almost certain uses the wrong URL for it, too. Sent a request to the authors to clarify. Edit 2: Already got a reply. I read it wrong, just needs to be an empty response for us. The spec doesn't specify specific status codes, but obviously 404 shouldn't count. Also, that other server is using the wrong URI for sure.
raucao changed title from Let users upload their OpenPGP public key, and serve WKD response to WIP: Let users upload their OpenPGP public key, and serve WKD response 2024-09-26 09:27:56 +00:00
raucao changed title from WIP: Let users upload their OpenPGP public key, and serve WKD response to Let users upload their OpenPGP public key, and serve WKD response 2024-09-26 10:08:36 +00:00
raucao changed title from Let users upload their OpenPGP public key, and serve WKD response to WIP: Let users upload their OpenPGP public key, and serve WKD response 2024-09-26 11:55:56 +00:00
raucao added 1 commit 2024-09-26 21:11:39 +00:00
Add WKD policy endpoint
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
729e4fd566
raucao changed title from WIP: Let users upload their OpenPGP public key, and serve WKD response to Let users upload their OpenPGP public key, and serve WKD response 2024-09-26 21:11:56 +00:00
raucao commented 2024-10-07 10:38:47 +00:00
Author
Owner
Copy Link

@greg @galfert Could one of you have a quick glance over the code here? I'd like to open the follow-up PR with encryption of notification emails...

@greg @galfert Could one of you have a quick glance over the code here? I'd like to open the follow-up PR with encryption of notification emails...
raucao added 1 commit 2024-10-08 09:35:53 +00:00
Re-import user's pubkey on access
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
3ee76e26ab 
Sometimes, the pubkey might not be imported in the local keychain
(anymore), but at this point in the code it had been successfully
imported at least once before. So we just (re-)import every time for it
to never fail.
raucao added a new dependency 2024-10-08 12:11:44 +00:00
#207 Encrypt all system emails for users with PGP key
raucao added the
integration
email
 label 2024-10-08 12:17:33 +00:00
galfert approved these changes 2024-10-10 15:02:07 +00:00
galfert left a comment
Owner
Copy Link

Looks good to me.

Left one question on the web key endpoint.

Looks good to me. Left one question on the web key endpoint.
app/controllers/web_key_directory_controller.rb
@ -0,0 +18,4 @@
respond_to do |format|
format.text do
response.headers['Content-Type'] = 'text/plain'
render plain: @user.pgp_pubkey
galfert commented 2024-10-10 12:27:21 +00:00
Owner
Copy Link

Are any user emails other than the Kosmos address cleared somewhere in the process or are they exposed here?

Found this in the spec under "Security Considerations":

The mail provider MUST make sure to publish a key in a way that only
the mail address belonging to the requested user is part of the User
ID packets included in the returned key. Other User ID packets and
their associated binding signatures MUST be removed before
publication.

Are any user emails other than the Kosmos address cleared somewhere in the process or are they exposed here? Found this [in the spec](https://www.ietf.org/archive/id/draft-koch-openpgp-webkey-service-18.html#name-security-considerations) under "Security Considerations": > The mail provider MUST make sure to publish a key in a way that only the mail address belonging to the requested user is part of the User ID packets included in the returned key. Other User ID packets and their associated binding signatures MUST be removed before publication.
raucao commented 2024-10-11 09:02:55 +00:00
Author
Owner
Copy Link

Good catch. Currently, it offers whatever key is uploaded in its entirety, i.e. including any UIDs that do not contain the user's account address. I'll open a new issue for it, since it's a bit of an edge case IMO.

Good catch. Currently, it offers whatever key is uploaded in its entirety, i.e. including any UIDs that do not contain the user's account address. I'll open a new issue for it, since it's a bit of an edge case IMO.
raucao marked this conversation as resolved
raucao commented 2024-10-11 09:06:38 +00:00
Author
Owner
Copy Link

@galfert Thanks! I added a new issue to address the spec violation you found.

This one still depends on #207 to be merged...

@galfert Thanks! I added a new issue to address the spec violation you found. This one still depends on #207 to be merged...
raucao added 3 commits 2024-10-14 13:39:03 +00:00
Refactor mailer options usage
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
Release Drafter / Update release notes draft (pull_request) Successful in 5s
Details
339462f320
Merge pull request 'Encrypt all system emails for users with PGP key' (#207) from feature/encrypted_system_emails into feature/191-gpg_keys_wkd
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
Release Drafter / Update release notes draft (pull_request) Successful in 4s
Details
3ad1d03785 
Reviewed-on: #207
Reviewed-by: galfert <garret.alfert@gmail.com>
raucao merged commit 8aa3ca9e23 into master 2024-10-14 14:08:32 +00:00
raucao deleted branch feature/191-gpg_keys_wkd 2024-10-14 14:08:33 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
galfert
Labels
Clear labels
integration
btcpay
integration
discourse
integration
ejabberd
integration
email
integration
ldap
integration
lndhub
integration
mastodon
integration
nostr
integration
remotestorage
bug
Something is not working
design
Graphic/visual design
dev environment
Config, builds, CI, deployment, etc.
docs
Documentation
duplicate
This issue or pull request already exists
enhancement
Improving existing functionality
feature
New functionality
good first issue
Dive in, and start contributing
idea
Something to consider
invalid
Not a bug
kredits-1
Small contribution
kredits-2
Medium contribution
kredits-3
Large contribution
on hold
Currently not actionable
ops
Manual IT ops activities
question
Looking for an answer
release
major
release
minor
release
patch
security
All your base are belong to us
ui/ux
User interface, process design, etc.
wontfix
This won't be fixed
No Label
integration
email
feature
kredits-2
Milestone
No items
No Milestone
Assignees
Clear assignees
bkero bumi fsmanuel galfert greg hueso raucao slvrbckt
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Depends on
#207 Encrypt all system emails for users with PGP key
kosmos/akkounts
Reference: kosmos/akkounts#205
No description provided.
Delete Branch "feature/191-gpg_keys_wkd"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?