19 décembre 2007

gpgAuth – GnuPG Web Authentication


Après mon article sur FireGPG (extension firefox permettant l’intégration de GPG), voici un système d’authentification basé sur le système clé privée / clé publique. En effet il suffit de s’enregistrer sur le site (site exemple), d’importer la clé publique du service, leur donner notre clé publique, et voila FireGPG fait le reste.

Il existe une implémentation coté serveur utilisant python, pour intégrer le processus dans vos sites. Cependant ce n’est compatible qu’avec Firefox + FireGPG. Peut être une possibilité avec Konqueror + KGpg ?

Plus d’informations


After my post about FireGPG (firefox extension allows GPG integration), this is an authentication system based on the private key / public key system. The only thing you have to do is to import the public key of the service, give them your public key, and voila ! FireGPG just do it !.

There is a server-side implementation using python, to integrate the system into your web applications. But this is only compatible with Firefox + FireGPG. It may be possible to work with Konqueror + Kgpg ?

More informations

No related posts.

It seems that gpgAuth development was abandoned in favor of Enigform? And last time I checked, Enigform was still insecure (open to replay attacks), so there might not be much sense in supporting it.

Personally I’d like to see more support for TLS/OpenPGP.

Commentaire par Christian Henz — 19 décembre 2007 @ 12 h 26 min

And what about mod_openpgp, which the apache server module to support HTTP Signed protocol ?

Commentaire par Zenithar — 19 décembre 2007 @ 16 h 24 min

gpgAuth auth has not been abandoned. The end goal is to work with the authors of Enigform/m_a_o to implement gpgAuth at the server level.. gpgAuth is a mechanism, not a product. It is a process to authenticate users to servers and server to users. gpgAuth is fully supported in the FireGPG firefox extension.

Kyle L. Huff
http://www.gpgauth.com

Commentaire par Kyle L. Huff — 28 décembre 2007 @ 7 h 38 min

Regarding the replay attacks, I’m VERY aware of that, that’s why I just finished implementing SESSION support for Enigform / mod_openpgp.

Feel free to check out http://maotest.buanzo.org, and you’re more than welcome to join me at the official forum:

http://foros.buanzo.com.ar/viewforum.php?f=35

Commentaire par Buanzo — 22 juin 2008 @ 23 h 23 min

Hi! Just to let you know I’ve released an alpha-quality Wordpress Plugin that integrates Enigform into the wordpress admin/users backend.

Commentaire par Buanzo — 10 mars 2009 @ 20 h 43 min

Laisser un commentaire