github.com/slspeek/camlistore_namedsearch@v0.0.0-20140519202248-ed6f70f7721a/server/sigserver/spec.txt

github.com/slspeek/camlistore_namedsearch@v0.0.0-20140519202248-ed6f70f7721a/server/sigserver/spec.txt (about)

     1  Sign:
     2  
     3  (https) POST /camli/sig/sign
     4  WWW-Authenticate: [user] [b64pass]
     5  
     6    json=[json to sign]
     7    keyid=[GnuPG key id / implementation dependent]
     8  
     9  On good response:
    10    HTTP 200 OK
    11    (signed blob)
    12  
    13  else: (if signing fails)
    14    HTTP 4xx/5xx
    15  
    16  
    17  TODO(bslatkin): Should the sign response be a more specific value, so
    18  we can tell the difference between a temporary server error and a signing
    19  failure? For verification purposes we need that characteristic anyways.
    20  
    21  ---
    22  
    23  Verify:
    24  
    25  (https) POST /camli/sig/verify
    26  
    27    sjson=[signed json to verify]
    28    (proposed) keyarmored=[GnuPG armored key]
    29  
    30  On good response:
    31    HTTP 200 OK
    32  
    33    YES
    34  
    35  else: (if verification fails)
    36    HTTP 200 OK
    37  
    38    <any other message that describes the problem>
    39  
    40  
    41  Verify will look in the object to find the "camliSigner" key and use that
    42  blobref's contents (assumed to be a public key) to verify the signature on
    43  the object. Configuring the signing server to have the public key blobref
    44  is out of scope.