Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Subclassing PGP context #571

Closed
polterguy opened this issue May 24, 2020 · 5 comments
Closed

Subclassing PGP context #571

polterguy opened this issue May 24, 2020 · 5 comments
Labels
enhancement New feature or request question A question about how to do something

Comments

@polterguy
Copy link

How would I start out when wanting to subclass a PGP context, to provide my own (completely custom) persistence layer. Specifically, the idea is to save both public and private keys in a database. This is something I'll have to do, first of all because it's the server itself that "owns" the private key, and for public keys there might be millions, and I also want to have referential integrity towards other database records ...?

Do you have any pointers as to how to get started with this?
jstedfast added a commit that referenced this issue May 24, 2020
@jstedfast
Improved subclassability of OpenPgpContext
df9f540 
Made a number of OpenPgpContext methods virtual as well as reduced code
duplication by making more code use the EnumeratePublic/SecretKey/KeyRings()
methods so that fewer code would need to be overridden in a subclass to make things
work.

Should improve the situation for issue #571
@jstedfast
Copy link
Owner

Hmmm, good question.

Looking at OpenPgpContext, I'll probably need to make some methods virtual (doing it now) so that you can override the following methods to obtain public/secret keys:

  • EnumeratePublicKeys()
  • EnumeratePublicKeyRings()
  • EnumerateSecretKeys()
  • EnumerateSecretKeyRings()

and optionally:

  • EnumeratePublicKeys(MailboxAddress)
  • EnumeratePublicKeyRings(MailboxAddress)
  • EnumerateSecretKeys(MailboxAddress)
  • EnumerateSecretKeyRings(MailboxAddress)

(If your database would make it quicker/faster to do lookups based on an address or fingerprint, you'd want to override the Enumerate methods that take a MailboxAddress - otherwise they are probably not worth overriding).

You'll also need to override:

  • GetPasswordForKey(PgpSecretKey)

I would also recommend overriding the Import() methods - specifically the ones that import PgpPublicKeyRing, PgpSecretKeyRing and the Bundle variants. The other Import() methods just wrap those 4, so it's not necessary to override them.

Does that help?

@jstedfast jstedfast added question A question about how to do something enhancement New feature or request labels May 24, 2020
@polterguy
Copy link
Author

Brilliant, thx as always :)

BTW, what I wanted to do, is to create a "Direct Democracy" server system, allowing people to "vote" on yes/no types of questions. This would require a security mechanism to avoid fake votes to reach the server and be registered as actually votes, which I figure PGP crypto signatures could easily accomplish.

Then I'd have a KYC (Know Your Client) process, that allows people to submit documents proving who they are (images of themselves, identification papers, etc) using the same process.

By using emails as my foundation for accepting both KYC documents, and votes, I get to avoid creating clients for iPhone, Android, Windows, etc - But rather allow others to use their existing email systems, assuming they have some email client allowing them to sign their emails with their private PGP keys :)

The thing I'd specifically need, is the ability to lookup a public key based upon the fingerprint. By overriding the methods taking a MailboxAddress, this would be fairly simple, only requiring one database lookup (normally), for messages signed with only one key, right ...?

The GetPasswordForKey override I already know about, but since the server would only (normally) have one private key, which is the "server key" for sending feedback emails, and answering votes/KYC emails, this would normally only contain a single private key ...

This way during the reading process, I'd fetch the fingerprint, do a lookup into my database, verify the email's signature, and accept a vote (or discard it if it fails) ...

@jstedfast
Copy link
Owner

this would be fairly simple, only requiring one database lookup (normally), for messages signed with only one key, right ...?

That should be the case, yes.

@jstedfast
Copy link
Owner

MimeKit 2.8.0 has just been released with the virtual method changes.

@polterguy
Copy link
Author

Brilliant mate :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request question A question about how to do something
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jstedfast @polterguy