From the user's point of view this is simply a confirm dialog which pops up.

Same here, +0 :) JV. On Fri, Aug 6, 2010 at 11:46 AM, Thomas Mortagne <thomas.mortagne(a)xwiki.com> wrote: _______________________________________________ devs mailing list devs(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/devs

+0 Jerome. ----- Original Message ----- From: "Caleb James DeLisle" <calebdelisle(a)lavabit.com> To: "XWiki Developers" <devs(a)xwiki.org> Sent: Thursday, August 5, 2010 11:38:48 AM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna Subject: [xwiki-devs] [proposal] Add cryptography api component and script service to xwiki Hello all, I you have been watching on irc and in the sandbox commit notifications you know Alex and I have been working hard on developing some high quality cryptographic services, I think it is ready to add to the core. What xwiki-crypto provides: * PasswordVerificationFunction provides ability to protect ("hash") a password using functions which require a configurable amount of processor power and RAM. This allows a configurable level of difficulty for password guessing attacks and configurable memory costs even frustrate hardware (GPU) based cracking attempts. This uses a standards conforming implementation of what is a truly state of the art password hashing technology developed by Colin Percival, deputy security officer for FreeBSD operating system. The design paper is here: http://www.tarsnap.com/scrypt/scrypt.pdf This will be able to be used for http://jira.xwiki.org/jira/browse/XWIKI-70 (Safe password storage) * Password based encryption using the function defined above for converting the password to the encryption key. The default encryption algorithm is CAST-5 which has been used by PGP encryption system. * RSA-2048 key generation and text signature. Option #1: Generate key in user's browser (Supports Firefox and Opera, possible to add IE support.) and be able to use the crypto.signText function in javascript allowing for signature which are unforgable even by the administrator (or hacker) of the server. Option #2: Generate key on the server and store password encrypted (see above) allowing for "pretty good" level of signature non-reputability. What this will look like to a script: ## Password Encryption #set($ciphertext = $services.crypto.passwd.encryptText("this is a secret", "hopefully a strong password")) ## Password Decryption #set($plaintext = $services.crypto.passwd.decryptText($ciphertext, "hopefully a strong password")) ## Protecting a password (so can be validated but the original can't be derived from the protected password and it's hard to do password guessing attacks) #set($safePassword = $services.crypto.passwd.protectPassword($userSuppliedPlaintextPassword) ## Validating a password against the "safe password" #if($services.crypto.passwd.isPasswordCorrect($userSuppliedPlaintextPassword, $safePassword) you win! #end ## Generating a key in the user's browser (this won't likely be used often) ## $spkac is a public key given by the browser when the user clicks on the create certificate button, this is compatible with FOAFSSL. ## 365 is the number of days the certificate should be valid for. ## this returns 2 certificate, one is the user's and the other is a self signed authority which trusts it. #set($certAndAuthority = $services.crypto.x509.certsFromSpkac($spkac, 365)) ## Generating a key (x509 certificate + private key) on the server side (this won't likely be used often) ## this returns an XWikiX509KeyPair #set($privateKeyAndCert = $services.crypto.x509.newCertAndPrivateKey(365, "password for protecting private key") ## Serializing a keyPair to a base64 string (this does not conform to any standard because no decent standard was available) #set($keyPairAsString = $privateKeyAndCert.serializeAsBase64()) ## Deserializing the keypair back from the string #set($privateKeyAndCert = $services.crypto.x509.keyPairFromBase64($keyPairAsString) ## Signing text with a "$privateKeyAndCert" ## This outputs a base64 String representing the signature. #set($signature = $services.crypto.x509.signText("this is the text I want to sign", $privateKeyAndCert, "password for protecting private key") ## Verifying text (this verifies text signed with either the above signText function or with the mozilla/opera javascript crypto.signtText function.) ## this outputs an XWikiX509Certificate object which can then be compared to known trusted certificates. #set($signingCertificate = $services.crypto.x509.verifyText("this is the text I want to sign", $signature)) ## Serializing a certificate as a String in conforming PEM format (readable by OpenSSL) #set($pemString = $signingCertificate.toPEMString()) ## Deserializing a certificate from PEM format #set($signingCertificate = $services.crypto.x509.certFromPEM($pemString) The interfaces: http://svn.xwiki.org/svnroot/xwiki/contrib/sandbox/xwiki-crypto/src/main/ja… http://svn.xwiki.org/svnroot/xwiki/contrib/sandbox/xwiki-crypto/src/main/ja… http://svn.xwiki.org/svnroot/xwiki/contrib/sandbox/xwiki-crypto/src/main/ja… http://svn.xwiki.org/svnroot/xwiki/contrib/sandbox/xwiki-crypto/src/main/ja… WDYT? Caleb _______________________________________________ devs mailing list devs(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/devs _______________________________________________ devs mailing list devs(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/devs

+1 Any patch that makes XWiki more secure is welcome ;-)

Guillaume On Mon, Aug 9, 2010 at 17:59, Caleb James DeLisle <calebdelisle(a)lavabit.com>wrote;wrote: _______________________________________________ devs mailing list devs(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/devs