GlobaLeaks
GlobaLeaks copied to clipboard
Password protect submissions for a given context
This ticket is to introduce a functionality to password-protect the ability for a whistleblower to make a submission, globally, or only for a given context.
The requirement comes from Sardinia Region anticorruption authority, that have the need to internet-expose a shared anticorruption platform for multiple smaller/controlled public agencies.
The submission platform maybe available only to internal employee and employee of contractors, they shall be able to make also anonymously submissions.
Being the system internet reachable, having the need to prevent non-employee ability to make submission, we come up with the idea to enable password protection to do a submission.
The password to make a submission will be published on the internal/intranet portale of the public agency and this will provide a reasonable level of protection/blocking against unknown persons (from outside the organization) doing submissions.
The password could be configurable globally, at node level, or at context-level and works only for submissions (not to insert a receipt).
The password inquiry must be available also in the "embedded" mode/way of globaleaks.
A related feature is something I have been thinking of for a while and discussed with a couple of people.
The basic idea is to have some tokens that you can give out to people though various means (via business cards, with paper strips posted on some wall etc.). These paper strips are a blind signed token that will allow the person to authenticate to the platform as a valid receiver of them (hence an "authenticated whistleblower") and perform a submission with it.
It's important that there is no linkability between the token issued and the one presented to the note and chaums blind signature scheme is perform for this use case.
Here is an implementation I wrote of chaums blind signature scheme using cryptography
: https://gist.github.com/hellais/1d6a7ce672f0130b8f63