Skip to content
This repository has been archived by the owner on Jan 25, 2021. It is now read-only.

PGP signing support #11

Open
wants to merge 25 commits into
base: master
Choose a base branch
from
Open

PGP signing support #11

wants to merge 25 commits into from

Conversation

raftario
Copy link
Member

@raftario raftario commented Apr 27, 2019

Automatically create a detached PGP signature for every uploaded mod.
This is meant to increase security, remove the need for hashes, and permit the creation of mirrors. The detached key is really small and the signature generation delay is barely noticeable.

A few things are needed for it to work :

  • A private key (keys/privkey.asc file)
  • The passphrase for the private key (PASSPHRASE environment variable)

The key can be generated using any tool that follows the OpenPGP standard or by running keygen with npm.

(I'm working on client side integration and on a tool to create mirrors automatically.)

Edit :
Acessing the API using /api/v1/pgpmod instead of /api/v1/mod returns a PGP cleartext signed message instead of plain JSON.
/api/v1/pgpmod only supports listing mods.

/api/v1/mod now support the pgp query parameter, which returns a signed cleartext message instead of plain JSON (ie. https://beatmods.com/api/v1/mod?status=approved&pgp

@raftario
Copy link
Member Author

API signing fully implemented and working as expected.

@PlasmaPower
Copy link
Member

It seems to me like the mod uploader and approver signing the mod is a lot more important than the server signing it. Also, what's the point in the server signing the mod, especially if it's signed before it's approved?

@raftario
Copy link
Member Author

The idea came from a PR that I made to the mod installer to allow mirrors. The problem was that a mirror could easily change what was being downloaded.
The main goal is to prove that the mod comes from BeatMods and this seemed like the easiest and fastest way to do it.
Nothing stops an uploader from signing their mods btw.

@PlasmaPower
Copy link
Member

If we're taking this approach, we should probably add a timestamp or expiration to the response.

@PlasmaPower
Copy link
Member

The .sig file should probably be updated when the mod is edited.

@raftario
Copy link
Member Author

raftario commented May 11, 2019

ModService.create is used everytime the mod file changes so that would be useless.

@PlasmaPower
Copy link
Member

My bad, I thought you were signing the metadata.

@PlasmaPower
Copy link
Member

Looks good to me then 👍

@williums williums requested a review from PlasmaPower May 16, 2019 04:58
Copy link
Member

@PlasmaPower PlasmaPower left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but has merge conflicts

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants