annotate doc/encryption.rst @ 4296:ffc43219e0b2

core (models): add new models for `DiscoIdentity` and `JID`: `JIDType` `StrictJIDType` can be used when a Twisted JID is expected in a Pydantic model.
author Goffi <goffi@goffi.org>
date Fri, 06 Sep 2024 17:40:32 +0200
parents 8da377040ba6
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3950
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
1 .. _encryption:
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
2
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
3 ===========================
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
4 Encryption in Libervia/XMPP
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
5 ===========================
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
6
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
7 Libervia being an XMPP client, it handles encryption between client and server, then the
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
8 message is encrypted between servers, and finally to deliver to target client(s).
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
9
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
10 This avoid the communication to be accessible from people having access to the network,
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
11 but the communications are available to server administrators, or administrators of
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
12 services that you may use (e.g. pubsub service).
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
13
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
14 To make your communications inaccessible to anybody but your recipient(s), end-to-end
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
15 encryption (or e2ee) may be used. This page aims to explain roughly how it is done in
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
16 Libervia and XMPP so end-user can understand and exploit it correctly.
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
17
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
18 .. note::
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
19
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
20 this page is work in progress, it will be completed over time to explain the whole
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
21 machanism. Is something is not clear, please contact the development team at the XMPP
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
22 room `libervia@chat.jabberfr.org <xmpp:libervia@chat.jabberfr.org?join>`__ to get
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
23 details and help to improve this documentation.
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
24
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
25
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
26 .. _pubsub-encryption:
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
27
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
28 Pubsub Encryption
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
29 =================
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
30
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
31 By default, pubsub items are in plain text (i.e. not encrypted, beside the normal
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
32 encryption between client and server, and between servers). This is often the desired
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
33 behaviour as pubsub is often used for public matters (public blogs, events, or other kind
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
34 of data).
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
35
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
36 However, pubsub may also be used for private matters, to keep safe some of your own data,
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
37 or to uses all other kind of features privately (private blog, event organization, etc).
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
38
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
39 To make private pubsub node, in addition to the access model which restrict entities which
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
40 can retrieve its item, it is possible to use end-to-end encryption.
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
41
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
42 Pubsub is not encrypted the same way as messages, because you generally need to access all
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
43 items of a pubsub node, even if you get access to the node once items have already been
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
44 published.
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
45
4282
8da377040ba6 doc (encryption): update pubsub encryption specifications.
Goffi <goffi@goffi.org>
parents: 3975
diff changeset
46 E2ee is currently done using `OpenPGP`_ (`XEP-0473: OpenPGP for XMPP Pubsub`_). Each item is encrypted
3950
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
47 using a **symmetric** encryption, which mean that the same key (called "shared secret") is
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
48 used both to encrypt and decrypt an item, and is shared between all people who must access
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
49 or publish to the pubsub node (i.e. blog, event calendar, etc). This is done this way to
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
50 make it easy to add a new members, who can then access all archives of the node, but this
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
51 also means that if the shared secret is compromised (i.e. somebody who should not has
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
52 obtained a copy), all items made with this secret are accessible to the persons in
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
53 possession of the secret.
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
54
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
55 To make an encrypted pubsub node accessible to somebody, you need to share the secret with
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
56 them.
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
57
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
58 You can see that as the key of a house: everybody who has a copy of the key can go inside
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
59 the house, and bring something or take pictures. Sharing the secret is like making
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
60 a copy of the key and giving it to the person.
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
61
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
62 If you think that your shared secret is compromised (obtained by somebody who shouldn't),
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
63 or if you want to remove access to somebody, you can "rotate" the secret, which means that
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
64 every existing key is revoked (flagged as "you should not use it anymore to write
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
65 something", but you can still use it to read archives), and a new one is created (to write
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
66 new items).
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
67
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
68 With the house analogy, it's like changing the locks, and giving new keys to trusted
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
69 people: people with the older keys can't go inside the house anymore, but if they have
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
70 taken pictures before the key has been changed, theirs pictures is still in their
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
71 possession.
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
72
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
73 .. attention::
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
74
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
75 If you rotate the shared secret, new items are using the new secret, but all items
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
76 which were existing before the secret rotation stay accessible to people who had access
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
77 to former secrets (the pubsub node can refuse access to them though). If malicious
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
78 people had access to items before, they could have made copy anytime, thus there is
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
79 little point in reencrypting everything.
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
80
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
81 To handle encrypted pubsub node shared secrets from command line, you may use
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
82 :ref:`libervia-cli_pubsub_secret`.
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
83
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
84 .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP
8f87ff449a34 doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff changeset
85
4282
8da377040ba6 doc (encryption): update pubsub encryption specifications.
Goffi <goffi@goffi.org>
parents: 3975
diff changeset
86 .. _XEP-0473: OpenPGP for XMPP Pubsub: https://xmpp.org/extensions/xep-0473.html
8da377040ba6 doc (encryption): update pubsub encryption specifications.
Goffi <goffi@goffi.org>
parents: 3975
diff changeset
87
8da377040ba6 doc (encryption): update pubsub encryption specifications.
Goffi <goffi@goffi.org>
parents: 3975
diff changeset
88
3975
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
89 Pubsub Targeted Encryption
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
90 ==========================
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
91
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
92 It is also possible to encrypt a single pubsub item for a restricted set of users. This is
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
93 different from the pubsub encryption explained above, as if you want to encrypt for a
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
94 different set of users, you need to re-encrypt all concerned items, so this is more
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
95 adapted for use cases when you only want to encrypt a few items in a pubsub node.
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
96
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
97 On the other hand, you have all the properties of the algorithm used (for now, only OMEMO
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
98 2 is supported), which means that you can have `Perfect Forward Secrecy`_ for algorithms
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
99 supporting it (it's the case for OMEMO.)
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
100
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
101 .. note::
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
102
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
103 Pubsub Targeted Encryption(PTE) specification is not currently an official XEP (XMPP
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
104 Extension Protocol), it is about to be examinated by "XMPP council". This documentation
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
105 will be updated with the evolution of the situation.
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
106
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
107 .. _Perfect Forward Secrecy: https://en.wikipedia.org/wiki/Forward_secrecy
c4418949aa37 doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents: 3966
diff changeset
108
3966
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
109 Pubsub Signature
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
110 ================
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
111
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
112 By default, identity of the publisher of a pubsub item is difficult to authenticate: it
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
113 may be specified by the pubsub service (using the `"publisher" attribute`_), but this
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
114 attribute is not set by all pubsub services, and it can be spoofed by the service or the
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
115 XMPP server.
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
116
4282
8da377040ba6 doc (encryption): update pubsub encryption specifications.
Goffi <goffi@goffi.org>
parents: 3975
diff changeset
117 To strongly authenticate the publisher of a pubsub item, it is possible to cryptographically sign an item. This can work with any pubsub item, encrypted or not, and it can be done after the item has been published. The process use `XEP-0476: Pubsub Signing: OpenPGP Profile`_.
3966
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
118
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
119 .. attention::
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
120
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
121 Signature only certifies that the signers strongly link themselves with this version of
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
122 the item, not that the signers are the original authors of the item. In other words, it
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
123 prevents somebody to say that somebody else has published something (the signature
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
124 would be missing or invalid), but the published data may come from anywhere. Also keep
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
125 in mind that a security breach (stolen encryption keys, major bug somewhere) is always
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
126 possible.
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
127
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
128
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
129 To handle pubsub signatures from command line, you may use
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
130 :ref:`libervia-cli_pubsub_signature`.
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
131
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
132 .. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher
9f85369294f3 doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents: 3950
diff changeset
133
4282
8da377040ba6 doc (encryption): update pubsub encryption specifications.
Goffi <goffi@goffi.org>
parents: 3975
diff changeset
134 .. _XEP-0476: Pubsub Signing: OpenPGP Profile: https://xmpp.org/extensions/xep-0476.html
8da377040ba6 doc (encryption): update pubsub encryption specifications.
Goffi <goffi@goffi.org>
parents: 3975
diff changeset
135