Mercurial > libervia-backend
comparison doc/encryption.rst @ 4282:8da377040ba6
doc (encryption): update pubsub encryption specifications.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sat, 13 Jul 2024 17:45:47 +0200 |
| parents | c4418949aa37 |
| children |
comparison
equal
deleted
inserted
replaced
| 4281:9e63e02318ec | 4282:8da377040ba6 |
|---|---|
| 41 | 41 |
| 42 Pubsub is not encrypted the same way as messages, because you generally need to access all | 42 Pubsub is not encrypted the same way as messages, because you generally need to access all |
| 43 items of a pubsub node, even if you get access to the node once items have already been | 43 items of a pubsub node, even if you get access to the node once items have already been |
| 44 published. | 44 published. |
| 45 | 45 |
| 46 E2ee is currently done using `OpenPGP`_ (or OX for PubSub: OXPS). Each item is encrypted | 46 E2ee is currently done using `OpenPGP`_ (`XEP-0473: OpenPGP for XMPP Pubsub`_). Each item is encrypted |
| 47 using a **symmetric** encryption, which mean that the same key (called "shared secret") is | 47 using a **symmetric** encryption, which mean that the same key (called "shared secret") is |
| 48 used both to encrypt and decrypt an item, and is shared between all people who must access | 48 used both to encrypt and decrypt an item, and is shared between all people who must access |
| 49 or publish to the pubsub node (i.e. blog, event calendar, etc). This is done this way to | 49 or publish to the pubsub node (i.e. blog, event calendar, etc). This is done this way to |
| 50 make it easy to add a new members, who can then access all archives of the node, but this | 50 make it easy to add a new members, who can then access all archives of the node, but this |
| 51 also means that if the shared secret is compromised (i.e. somebody who should not has | 51 also means that if the shared secret is compromised (i.e. somebody who should not has |
| 52 obtained a copy), all items made with this secret are accessible to the persons in | 52 obtained a copy), all items made with this secret are accessible to the persons in |
| 53 possession of the secret. | 53 possession of the secret. |
| 54 | |
| 55 .. note:: | |
| 56 | |
| 57 OXPS specification is not currently an official XEP (XMPP Extension Protocol), it is | |
| 58 about to be examinated by "XMPP council". This documentation will be updated with the | |
| 59 evolution of the situation. You can read current specification proposal at | |
| 60 https://xmpp.org/extensions/inbox/pubsub-encryption.html (which is inaccessible due to | |
| 61 a 404 error at the time of writting, this should be fixed hopefully when you read this | |
| 62 documentation). | |
| 63 | 54 |
| 64 To make an encrypted pubsub node accessible to somebody, you need to share the secret with | 55 To make an encrypted pubsub node accessible to somebody, you need to share the secret with |
| 65 them. | 56 them. |
| 66 | 57 |
| 67 You can see that as the key of a house: everybody who has a copy of the key can go inside | 58 You can see that as the key of a house: everybody who has a copy of the key can go inside |
| 90 To handle encrypted pubsub node shared secrets from command line, you may use | 81 To handle encrypted pubsub node shared secrets from command line, you may use |
| 91 :ref:`libervia-cli_pubsub_secret`. | 82 :ref:`libervia-cli_pubsub_secret`. |
| 92 | 83 |
| 93 .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP | 84 .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP |
| 94 | 85 |
| 86 .. _XEP-0473: OpenPGP for XMPP Pubsub: https://xmpp.org/extensions/xep-0473.html | |
| 87 | |
| 88 | |
| 95 Pubsub Targeted Encryption | 89 Pubsub Targeted Encryption |
| 96 ========================== | 90 ========================== |
| 97 | 91 |
| 98 It is also possible to encrypt a single pubsub item for a restricted set of users. This is | 92 It is also possible to encrypt a single pubsub item for a restricted set of users. This is |
| 99 different from the pubsub encryption explained above, as if you want to encrypt for a | 93 different from the pubsub encryption explained above, as if you want to encrypt for a |
| 118 By default, identity of the publisher of a pubsub item is difficult to authenticate: it | 112 By default, identity of the publisher of a pubsub item is difficult to authenticate: it |
| 119 may be specified by the pubsub service (using the `"publisher" attribute`_), but this | 113 may be specified by the pubsub service (using the `"publisher" attribute`_), but this |
| 120 attribute is not set by all pubsub services, and it can be spoofed by the service or the | 114 attribute is not set by all pubsub services, and it can be spoofed by the service or the |
| 121 XMPP server. | 115 XMPP server. |
| 122 | 116 |
| 123 To strongly authenticate the publisher of a pubsub item, it is possible to cryptographically sign an item. This can work with any pubsub item, encrypted or not, and it can be done after the item has been published. The process use `Pubsub Signing protoXEP`_ | 117 To strongly authenticate the publisher of a pubsub item, it is possible to cryptographically sign an item. This can work with any pubsub item, encrypted or not, and it can be done after the item has been published. The process use `XEP-0476: Pubsub Signing: OpenPGP Profile`_. |
| 124 | |
| 125 .. note:: | |
| 126 | |
| 127 Pubsub Signing specification is not currently an official XEP (XMPP Extension | |
| 128 Protocol), it is about to be examinated by "XMPP council". This documentation will be | |
| 129 updated with the evolution of the situation. | |
| 130 | 118 |
| 131 .. attention:: | 119 .. attention:: |
| 132 | 120 |
| 133 Signature only certifies that the signers strongly link themselves with this version of | 121 Signature only certifies that the signers strongly link themselves with this version of |
| 134 the item, not that the signers are the original authors of the item. In other words, it | 122 the item, not that the signers are the original authors of the item. In other words, it |
| 141 To handle pubsub signatures from command line, you may use | 129 To handle pubsub signatures from command line, you may use |
| 142 :ref:`libervia-cli_pubsub_signature`. | 130 :ref:`libervia-cli_pubsub_signature`. |
| 143 | 131 |
| 144 .. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher | 132 .. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher |
| 145 | 133 |
| 146 .. _Pubsub Signing protoXEP: https://github.com/xsf/xeps/pull/1228 | 134 .. _XEP-0476: Pubsub Signing: OpenPGP Profile: https://xmpp.org/extensions/xep-0476.html |
| 135 |