contacts
contacts copied to clipboard
nextcloud
Adding a PGP key into vCard.
It could be great to add a specific pgp public key entry into vcards.
This allows to use a contact pgp key stored only one time and to use it everywhere.
An "autofill" possibility could be added using public key pgp server such as pgp.mit.edu, but the key should be tagged ("verified", "not secure") depending of nextcloud user validation step for this public key.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
For Information: https://github.com/RainLoop/rainloop-webmail/issues/1116
Reference: Examples:
KEY:http://www.example.com/keys/jdoe.cer KEY;MEDIATYPE=application/pgp-keys:ftp://example.com/keys/jdoe KEY:data:application/pgp-keys;base64,MIICajCCAdOgAwIBAgICBE UwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05l <... remainder of base64-encoded data ...>
KEY:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9F0FE587374BBE81 KEY:data:application/x-pgp-fingerprint,5E61C8780F86295CE17D86779F0FE587374BBE81
A simple question, should we set this as a text field or with an upload button to select a file? My heart goes with the textarea one, much easier imho.
There won't be any lookup server provided. But a text field or an upload button is the right way. I will give it some thoughts :)
I'm sorry my knowledge in these case is not the best. My Idea was to get the Information other way then with the public key file. Somebody (like me) are not so skilled in pgp. btw. what happens if a Contact has more then one e-Mail address? As far I know PGP keys are per mail address and not per contact.
I think multiple gpg key's would be a nice feature. They don't have to correspond to email addresses. There can be multiple key's for one email and multiple emails per key. So I don't think we should limit this just upload on or more key's for the Kontakt. Maby add an option to mark a default key if multiple key's are added. I think having a look on https://github.com/nextcloud/server/issues/7310 would be good to to make an integration as easy as possible.
I have created a WIP branch if somebody wants to take a look. But it is depending on my server Branch. More Information in nextcloud/server#7310.
(WIP branches https://github.com/tacruc/server/tree/GPG-Contacts, https://github.com/tacruc/contacts/tree/GPG-Pubkey)
Another approach are OPENPGP4FPR:<fingerprint> URIs. That works fine with Android OpenKeychain.
Please consider, that a single contact might have multiple keys for different protocols (PGP4, OMEMO, ...).
Sharing the public keys via QR-codes would be useful (so related to #158).
Using OPENPGP4FPR URIs in the KEY field has some nice advantages:
- it's the shortest method (
dataURI with the base64-encoded key being the longest), - it's secure, as the fingerprint is directly encoded in the URI (
httpslink targets could be modified), - it's IANA registered (
application/x-pgp-fingerprintis not).
The only drawback is that the key lookup requires an additional HTTPS call, but most of the alternatives do that too.
what happens if a Contact has more then one e-Mail address? As far I know PGP keys are per mail address and not per contact.
A PGP key can have multiple email/identities (UIDs) attached. This is preferred when the owner does not mind having the associated identities linked. PGP primary keys should ideally match up 1:1 with identities, and there isn't much of a reason to have more than one key. If you want a different key on multiple devices, you would want to create subkeys.
A reason to have multiple keys is if you had multiple identities which you did not want publicly linked (e.g. legal public ID and clandestine spy ID). In that case, you don't want to distribute the two key fingerprints in the same vCard anyway.
A reason to have multiple keys is if you had multiple identities which you did not want publicly linked...
Another reason would be the transition period from one key to another, then there would be a small window when you'd be using two keys.
But in general I agree that one key is enough for 99% of cases :+1:
As for the UI design I think it should be just one URI field where one could paste a link to their key (https scheme covers people having keys on keybase or on their servers) or key fingerprint as an openpgp4fpr URI (maybe with a help of how to construct such a URI).
