Skip to content

Add PGP support

Nick Sullivan edited this page Oct 13, 2015 · 1 revision

Allow people to create an account with a PGP public key instead of a password. Accounts of this type can be inter-operable with standard accounts.

On the server when this account is created, the creator includes their PGP public key instead of a password. Use this to encrypt a randomly generated password and store in the key vault. Delegation for this account becomes a multi-step process:

  1. encrypted password is returned to client via an API
  2. client uses a PGP browser plugin or other PGP client to decrypt and send delegate command
  3. On receiving delegation for this account the server generates a new random password and does a password change

This requires additional changes in the web app to select the kind of account to create, and to add an AJAX request for the PGP encrypted password for delegation of accounts of this mode.

Clone this wiki locally