Re: OpenPGP Signing of HTTP POST

Thread: Re: OpenPGP Signing of HTTP POST

Search this list only Search all lists
Re: OpenPGP Signing of HTTP POST
Argentina	2007-03-08 12:18:19
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Arturo 'Buanzo' Busleiman" <buanzobuanzo.com.ar> writes: > I expect to have a working version by tomorrow (or today, it's raining in Buenos Aires, so...!). Okey, I've finished adding the new features. This is how a signed POST request from browser to server now looks. Pay attention to the X-PGP-* headers and values. Some lines could've been wrapped. ==cut here== POST /pba/postverify.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070226 Firefox/2.0.0.2 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0 .9,text/plain;q=0.8,image/png,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://localhost/pba/ X-PGP-Sig-Fields: body X-PGP-Sig: iD8DBQFF8FIZAlpOsGhXcE0RAh9WAJ42Zo2Sqapu1WXYLF9+lHQd5zAPfQCe PIovixLWkMbebF2NTjo3WrVEZNA==q/ix X-PGP-Version: GnuPG v1.4.6 (GNU/Linux) X-PGP-via: Enigform for Mozilla Firefox Content-Type: application/x-www-form-urlencoded Content-Length: 17 variable=somedata ==cut here== Of course, the X-PGP-Sig header value must be splitted in 3 strings to reconstruct the detached signature, in chunks of 64, 24 and 5 characters (without the rn), respectively. The headers, when combined to form a detached signature, would look like this: - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF8FIZAlpOsGhXcE0RAh9WAJ42Zo2Sqapu1WXYLF9+lHQd5zAPfQCe PIov ixLWkMbebF2NTjo3WrVEZNA= =q/ix - -----END PGP SIGNATURE----- This is much more backwards compatible, and more geared towards standarization. I'll modify the Draft asap to include these changes. - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Enigform - Nueva Seguridad al navegar: http://enigform.mozdev.org Mail Hosting Seguro y Consultoria - http://www.buanzo.com.a r/pro/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF8FNrAlpOsGhXcE0RAhbIAJ431+J6vaSwVNgMG7Dp1mn4/f+NbACe IW5k wzpDqJr9YLuPfzLej0VeeJ4= =qXuA -----END PGP SIGNATURE-----

[1]

about | contact Other archives ( Real Estate discussion Medical topics )