Results 1 to 5 of 5

Thread: gpg proxy

  1. #1
    Join Date
    Mar 2006
    Location
    Venice, ITALY
    Beans
    37
    Distro
    Ubuntu 13.10 Saucy Salamander

    gpg proxy

    I got an idea, it is so simple that it would be amazing if someone have already found a solution.

    My idea is this
    A proxy P runs on port 8181 (or whatever) and it only forward the connections to the apache on port 80 only if the user connecting has signed a random script from the proxy. Did that, the proxy is transparent for that IP (for the next -say- 6 hours).

    The Apache http server only accepts connection coming from localhost (the proxy P, so if the client tries to go directly to the server all it gets is an error).

    It can work with a wiki, wordpress, ..., whatever would be running on the http server.

    I googled a lot without finding anything, which is strange as it seems pretty easy. If it wasn't there either I'm a genius or I'm dumb and I'm missing something.

    Anybody can give a hint?

    Thanks

    Fede

  2. #2
    Join Date
    Feb 2005
    Location
    Texas
    Beans
    Hidden!
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: gpg proxy

    If your goal is to authenticate a user (or users) by way of cryptographic keys, try searching the 'net for "ssl client authentication".

  3. #3
    Join Date
    Mar 2006
    Location
    Venice, ITALY
    Beans
    37
    Distro
    Ubuntu 13.10 Saucy Salamander

    Re: gpg proxy

    Quote Originally Posted by anomie View Post
    If your goal is to authenticate a user (or users) by way of cryptographic keys, try searching the 'net for "ssl client authentication".
    Thank for the reply.

    But, for what I understood SSL doesn't work with the OpenPGP (GnuPG) standard. Is it the same thing? Can the SSL framework handle a self-created key created with gpg exported in key-server (eventually signed by a well known third party)?

  4. #4
    Join Date
    Feb 2005
    Location
    Texas
    Beans
    Hidden!
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: gpg proxy

    I'm not sure. But it may be that I am not understanding your idea:

    If your goal is client authentication (i.e. the client is going to sign a random string from the server), how will public key distribution help anyway? You need to have a secure way to distribute secret keys (i.e. private keys) to the clients, right?

  5. #5
    Join Date
    Mar 2006
    Location
    Venice, ITALY
    Beans
    37
    Distro
    Ubuntu 13.10 Saucy Salamander

    Re: gpg proxy

    Quote Originally Posted by anomie View Post
    I'm not sure. But it may be that I am not understanding your idea:

    If your goal is client authentication (i.e. the client is going to sign a random string from the server), how will public key distribution help anyway? You need to have a secure way to distribute secret keys (i.e. private keys) to the clients, right?
    OK, my idea is this

    Code:
    +-------+     +------+
    |   P   |<--->|   U  |
    +-------+     +------+
     ^
     |
    \/
    +-------+
    |   WA  |
    +-------+
    P is the proxy (say on port 8383)
    WA is a web application (say a wiki on port 80)
    P and WA are on the same machine running apache and whose name is www.example.com

    The user (U) points his browser to www.example.org:8383 and gets a mask asking for a e-mail address and a field where the user crypt a random text (supplied by P) with the secret key of that email address.

    If the same text crypted by P using the public key is equal to the one given from the user, the user is authorized to access WA via port 8383.

    (WA accepts only localhost request, so anybody has to go thought the proxy and not directly to WA.)

    (Details: P looks for the public key on a certain key server and it has to generated from more than n days.)

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •