mod_auth_openpgp 0.1.0 released

UPDATE: Version 0.2.0 released.

Hi! mod_auth_openpgp 0.1.0, which is Apache’s counterpart for Firefox’s Enigform, is an OpenPGP verification module for incoming signed HTTP requests which, along mod_access, lets web administrators implement access authorization for valid, OpenPGP-signed requests.

Quick-Building instructions:

  1. Edit build.sh to suit your needs/desires.
  2. Run it: ./build.sh
  3. Modify your Apache’s configuration as needed (see below)

Requires:

I’m using gpgme 1.1.2 and libgpg-error 1.0. It also benefits from mod_access, although the X-Auth-OpenPGP header that gets added to signed requests can be checked using PHP, CGI, etc.

Load it into Apache with:

LoadModule auth_openpgp_module modules/mod_auth_openpgp.so

Configuration:

Turn it on for specific virtual hosts (or server globally) using the «OpenPGPEngine on» command and with mod_access directives, for example:
<VirtualHost *:80>
ServerName localhost
ServerAdmin [email protected]
DocumentRoot «/var/www/localhost/htdocs»
Options FollowSymlinks

<ifmodule mpm_peruser_module>
ServerEnvironment apache apache
</ifmodule>

# Turn on the OpenPGP Engine for this VirtualHost
OpenPGPEngine on

# if the X-Auth-OpenPGP header has the «true» value,
# then set the valid_signature env var to be used as
# decisive factor in the Allow sentence of mod_access.
# X-Auth-OpenPGP cannot be spoofed, as it gets resetted
# if the module has been enabled for the vhost.
# In the future, valid signed requests will also
# have a header which tells mod_access the keyid, eMail address
# and fingerprint of each user [TODO for 0.2.0]

SetEnvIf X-Auth-OpenPGP ^true valid_signature
<directory «/var/www/localhost/htdocs/pba»>
Order Deny,Allow
Deny from all
Allow from env=valid_signature
</directory>

</virtualhost>

And that’s it. Go grab Enigform and try it out. Of course, the ‘apache’ user needs a valid gpg configuration and keyring, or mod_auth_openpgp won’t be able to verify signed requests.

Sincerely,
Arturo ‘Buanzo’ Busleiman
buanzo at buanzo com ar

Acerca de Buanzo

Io que se!
Esta entrada ha sido publicada en Sin categoría y etiquetada como . Guarda el enlace permanente.

3 respuestas a mod_auth_openpgp 0.1.0 released

  1. Necdet Yücel dijo:

    Nice work, congrats…

  2. Arturo 'Buanzo' Busleiman dijo:

    Thanks! I’ve already seen your blog posts about mod_auth_openpgp, but couldn’t much understand them. Anyway, they seemed good ones 🙂

  3. Gabriel dijo:

    Yes, well done

Los comentarios están cerrados.