On 31/07/2009 Maximilien Cuony [The_Glu] wrote:
apparently your mails to the roundcube development list don't reach the list. i don't know what's the problem. maybe you send from an address that's not subscribed to the list?
I seem them here : http://lists.roundcube.net/mail-archive/dev/2009-07/ . Maybe your mail client prevent to show 2 occurences of the same mail. Can someone confirm ? ;)
ok, that may be the reason. you don't need to send me a copy of the message in that case, i do read the list :-)
sure, generate() would be great, but it's not an essential feature for the plugin to be useful. for the beginning users could import secret keys.
*Arg*. You want to lets users send a _private key_, maybe with http (or with https-and-a-not-valid-certificate-as-usual-for-most-of-private-users), on the network, to a remote sever, maybe untrustable ? That again every principles of Gpg/pgp x].
encrypted connection (https) should be required. i see your point to object against import of secrect keys in general. maybe you're correct and that one shouldn't be supported. but in that case the same holds for export_priv_key().
- manipulate key data: impossible to circumvent for the same reason. but here it's at least possible to detect attacks in some cases with the help of a database to verify key data.
I don't agree. Is someone has access to gnupg files, he will probably have access to php files as wall, and can modify them, or at last read the mysql password and create a script to edit the database :p (as your said btw)
yes, you're correct again. at best the mysql verification table would add some security-through-obscurity layer. that may help if the attacker doesn't know the code of roundcube, but for experienced attackers it doesn't add any security. unfortunately i don't see any way to add extra security to the keyring files. regardless were they're stored in the end, the information about how to gain permissions to modify them needs to be stored at some place that's accessable to the webserver user. and other storage solutions (keyring in some kind of database) increase the workload of gnupg operations a lot (i.e. copy keyring from db to disk; modify keyring; write keyring back to db; wipe/shred keyring from disk).
so up to now we don't have any better solution than storing the keyfiles somewhere on disk with write access for the webserver user.
what could be done is display md5/sha1/sha256 sums of the keyring files in the roundcube interface and urge the user to write down and compare everytime. the code for generating the sums doesn't need to be writeable to the webserver user, read access would be enough.
greetings, jonas
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/cq/5HmtSRJ4/signature.asc Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/