Mercurial > libervia-backend
changeset 3975:c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
a small section has been added to `encryption` to explain the difference with OXPS, and
the `--encrypt-for` arguments are explained.
fix 382
author | Goffi <goffi@goffi.org> |
---|---|
date | Mon, 31 Oct 2022 13:50:12 +0100 (2022-10-31) |
parents | 5e3b983ab2c6 |
children | db45d49518f6 |
files | doc/conf.py doc/encryption.rst doc/libervia-cli/blog.rst doc/libervia-cli/pubsub.rst |
diffstat | 4 files changed, 33 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/doc/conf.py Mon Oct 31 13:48:31 2022 +0100 +++ b/doc/conf.py Mon Oct 31 13:50:12 2022 +0100 @@ -48,6 +48,11 @@ share secrets with :ref:`libervia-cli_pubsub_secret`. Please read :ref:`pubsub-encryption` for more details. +.. |pte_arg| replace:: + You can encrypt a single item to targeted entities with the ``--encrypt-for`` flag (not + to be confused with ``--encrypt`` which is used when a whole node is encrypted). Please + read :ref:`pubsub-encryption` for more details. + .. |sign_arg| replace:: To cryptographically sign an item, you can use the ``-X, --sign`` flag (a mnemonic way to remember the short option is to think of a cross made as a signature on a document).
--- a/doc/encryption.rst Mon Oct 31 13:48:31 2022 +0100 +++ b/doc/encryption.rst Mon Oct 31 13:50:12 2022 +0100 @@ -92,6 +92,26 @@ .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP +Pubsub Targeted Encryption +========================== + +It is also possible to encrypt a single pubsub item for a restricted set of users. This is +different from the pubsub encryption explained above, as if you want to encrypt for a +different set of users, you need to re-encrypt all concerned items, so this is more +adapted for use cases when you only want to encrypt a few items in a pubsub node. + +On the other hand, you have all the properties of the algorithm used (for now, only OMEMO +2 is supported), which means that you can have `Perfect Forward Secrecy`_ for algorithms +supporting it (it's the case for OMEMO.) + +.. note:: + + Pubsub Targeted Encryption(PTE) specification is not currently an official XEP (XMPP + Extension Protocol), it is about to be examinated by "XMPP council". This documentation + will be updated with the evolution of the situation. + +.. _Perfect Forward Secrecy: https://en.wikipedia.org/wiki/Forward_secrecy + Pubsub Signature ================ @@ -124,4 +144,3 @@ .. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher .. _Pubsub Signing protoXEP: https://github.com/xsf/xeps/pull/1228 -
--- a/doc/libervia-cli/blog.rst Mon Oct 31 13:48:31 2022 +0100 +++ b/doc/libervia-cli/blog.rst Mon Oct 31 13:50:12 2022 +0100 @@ -18,6 +18,8 @@ |e2e_arg| +|pte_arg| + |sign_arg| examples @@ -109,6 +111,8 @@ |e2e_arg| +|pte_arg| + |sign_arg| examples
--- a/doc/libervia-cli/pubsub.rst Mon Oct 31 13:48:31 2022 +0100 +++ b/doc/libervia-cli/pubsub.rst Mon Oct 31 13:50:12 2022 +0100 @@ -26,6 +26,8 @@ |e2e_arg| +|pte_arg| + |sign_arg| .. _XEP-0060 ยง7.1.5: https://xmpp.org/extensions/xep-0060.html#publisher-publish-options @@ -85,6 +87,8 @@ |e2e_arg| +|pte_arg| + |sign_arg| example