-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
search pubic keys of recipients on WKD #1201
Comments
@tomholub Could you show me the logic that you use for the web extension? Where you use the |
Every single time when public key is pulled from external sources, it would use a general It's implemented here: https://github.com/FlowCrypt/flowcrypt-browser/blob/master/extension/js/common/api/pub-lookup.ts When the method is called:
In the code I linked above, there is also a third pubkey source |
Inside the |
I recommend to open above code in vscode so that you can explore it (with ctrl+click) and get a better understanding of where it is used (right click + see usages) or how it fits together. |
As I understand it relates to I'd like to remind you what logic we use:
|
The browser extension logic is here:
I'll file an issue for 3) separately, as we still need a solution for WKD, and it will work by re-fetching by email. I thought we already did that on browser extension - will investigate, and then describe the logic on that issue too. |
It's already |
Even when calling by fingerprint? Just checking :-) |
Yup :) flowcrypt-android/FlowCrypt/src/main/java/com/flowcrypt/email/api/retrofit/FlowcryptApiRepository.kt Line 113 in 4771ba0
|
Ok, then you can follow #1201 (comment) - let me know and I'll be happy to clarify further. |
Btw, does the |
Definitely not - it's an array of public keys, may be zero, one or more than one. Good question. |
For now, our logic works just with a single key. Should I use the first matched? |
Ok but that's only a temporary solution. All public keys returned from WKD should be processed, they should all be inserted or updated in local storage (comparing them by fingerprint), and when sending out a message, instead of choosing the best fitting public key like we did before, we should encrypt for all valid pubkeys that we have for that person. I'll file another issue. |
in that case, we should firstly done the following #1188 |
One more question. As I understand WKD returns keys in RAW format. Is it possible to receive armored keys here or should I always expect RAW keys? |
They always must come in raw. If they cannot be parsed as raw, then the response from WKD is wrong. |
Should I check that? Why I ask. One more question. Should I check that the input contains only pub keys? (throw errors or filter only pub keys, etc.) |
I guess you can be a bit slack here - if PGPainless parses a public key, then consider it valid.
Here we should not be slack. I would throw if a private key was found there. |
Do you intend on running your own WKD for testing? I don't recommend that - WKD can be trivially mocked. To mock it, you can get the right URL here https://metacode.biz/openpgp/web-key-directory for a particular email, and then serve the binary key on that URL. |
No, I don't. That was posted for the history. WKD logic is new for me. I've attached the info that can be useful to refresh info in my mind in the future. |
Need to test the following
https://stackoverflow.com/questions/28170004/how-to-do-local-port-forwarding-with-iptables |
Just for history. To be able to test WKD need to execute the following adb root
adb shell "echo 1 > /proc/sys/net/ipv4/ip_forward"
adb shell "iptables -t nat -A PREROUTING -s 127.0.0.1 -p tcp --dport 443 -j REDIRECT --to 1212"
adb shell "iptables -t nat -A OUTPUT -s 127.0.0.1 -p tcp --dport 443 -j REDIRECT --to 1212" We run a mock web server on https://localhost:1212. For testing we need to route all traffic for |
* Integrated WKD support in the app. Temporary disabled some tests.| #1201 * Renamed CreateMessageActivityTestTest to CreateMessageActivityTest.| #1201 * Refactored code to use PubLookup.| #1201 * Added CreateMessageActivityWkdTest(not completed). Refactored code.| #1201 * Added more tests. Refactored code.| #1201 * Refactored code.| #1201 * Added one more test. Refactored code.| #1201 * Modified ci-wait-for-emulator.sh to route all traffic for localhost to localhost:1212. | #1201 * Modified PubLookup to get first matching key by 'usableForEncryption'. | #1201 * Switched to use "platforms;android-30" fro tests on CI.| #1201 * Modified existed tests.| #1201 * Restored WkdClientTest with a few changes.| #1201 * updated comment, renamed variable * updated comment * Refactored code.| #1201 Co-authored-by: Tom J <[email protected]>
part of #1298
trust it more than results on Attester (search first on WKD, then on Attester if WKD doesn't return public key)
portdoneWkd
class from browser extensionadd tests for it independently of the rest of the codebase, merge the class unuseddoneThe WKD class must be unaffected by
disallow_attester_search_for_domains
The text was updated successfully, but these errors were encountered: