Tuesday, July 24, 2007

Apache Frustration :P

Oh well, as I haven't got one reply to all of my questions in modules-dev, and not even one comment regarding mod_openpgp when I introduced it to the httpd-dev guys, and given the fact that I'm stuck with a big issue regarding mod_auth_openpgp (whole-request rewriting, post-decryption), then I've decided to rest for a while regarding the Encryption/Decryption functionality of Enigform and mod_auth_openpgp and finish another interesting feature, that will make OpenPGP auth be easier to adopt by webmasters: Session Control.

The whole idea is similar to what gpgAuth currently offers, but implemented directly into Apache as a feature of mod_openpgp. Kyle Huff, author of gpgAuth and FireGPG's gpgAuth implementation, is helping a lot with the ideas behind it. I'll be posting all the details in the official Enigform / mod_openpgp forum.

Sincerely,
Buanzo

Labels:

Slashdot   Liked it? Submit this post to Slashdot!
posted by Arturo 'Buanzo' Busleiman @ 8:27 AM  
0 comments

Tuesday, July 17, 2007

NEWS: Encryption of HTTP using OpenPGP

As you probably know already if you are a visitor of this blog, then you know I'm working on Enigform and mod_auth_openpgp. And you probably know that I'm currently working on GnuPG-encrypted HTTP Requests (unreleased draft named: "OpenPGP Extensions to the HTTP Protocol").

Now, Enigform is a Mozilla Addon, and it was great to implement signed requests, which is nothing more than some extra http request headers with special values obtained from calling GnuPG, which are then verified by a simple post_read_request hook in the Apache module (mod_auth_openpgp, to be renamed mod_openpgp once I submit it to the ASF). Simple.

BUT encryption is a whole different thing. If you take a look of how the proposed format for an encrypted request looks alike you'll see that the request needs to be decrypted, and then the same request be replaced with the result of the decryption process, and THAT new, cleartext, request is the one apache should handle. Quite complicated, so I had to write an input filter (more details at http://foros.buanzo.com.ar/viewtopic.php?f=37&t=239&p=1061#p1061).

Now, the problem is the browser. For the time being, I'll use some code borrow from Eric Jung's EXCELLENT FoxyProxy extension to call a proxy (one I'm writing that will implement the actual encryption and probably signing as well, and move all the gpg code outside Enigform), until Mozilla provides an input/output filter mechanism.

Labels:

Slashdot   Liked it? Submit this post to Slashdot!
posted by Arturo 'Buanzo' Busleiman @ 5:38 AM  
0 comments