james-project icon indicating copy to clipboard operation
james-project copied to clipboard

Published 20 hours ago verified publisher icon apache

Feature/james 3159 web key directory protocol

Open ManuelB opened this issue 4 years ago • 2 comments

Hi guys, I implemented a proof-of-concept for the Web Key Directory protocol (https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-07.html) including the possibility to submit a key using the auth-submit policy. This means implementation of the confirmation email is still missing.

A corresponding client is implemented here: https://github.com/ManuelB/patientcare/blob/master/frontend/patientcare/manager/Onboarding.js

The demo is currently hosted here but I can't promise that I will host it forever: https://patientcare.incentergy.de/

A video can be seen here: https://www.youtube.com/watch?v=pQreLOkn6lM

Unfortunately I don't have the time to raise the quality of the code to the requested contribution guidelines: https://james.apache.org/contribute.html

Currently at least the following is missing:

  • Confirmation email workflow
  • Javadoc for all methods
  • Test Cases for all methods
  • Documentation for installation
  • More persistence implementation like JPA etc.

Nevertheless I wanted to create this pull request maybe this is useful for somebody else.

Thanks a lot Manuel

ManuelB avatar Jun 05 '20 07:06 ManuelB

Even if not mergeable because of missing parts, your work is very interesting, thank you for demonstrating it's doable.

mbaechler avatar Jun 05 '20 08:06 mbaechler

The main feature is the complete interaction free set up of GPG encryption for a person that enters the web site. The following happens in the client the first time somebody comes to the website:

  1. Generation of an OpenGPG Key Pair that is saved in the local storage
  2. Creation of a James Mailbox using the admin api using the fingerprint of the public key as the local part in the email address and the sha256 sum of the private key as password e.g. EMail: ef076a5103d46d4c00811aecc1949584bdfbfc53@patientcare.incentergy.de Password: e90c0813a17e3785e330c8677d7f80562016468f7a72e55bb5e980eba0b375b1
  3. Connecting the client via the JMap protocoll to the inbox
  4. Sending an public key submission email via JMap to the server
  5. The server saves the public key
  6. The server publishes the key under the correspondig URL

After that it is possible to send and received encrypted emails with the created inbox and email address.

ManuelB avatar Jun 05 '20 08:06 ManuelB

Thanks again for the proof of concept.

This work had not been touched for over 2 years, I'll assume it will stay... a proof of concept. As such I close the related pull request.

Don't hesitate to reopen if I am wrong.

To get this further than a POC we could:

  • Have a specialized James distribution as a web key directory
  • Or repackage it as an extension.

If you are interested in any of those, please re-open.

chibenwa avatar Aug 30 '22 07:08 chibenwa