Store reference to GPG key used to encrypt submission and replies in database #5195
Comments
emkll
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
emkll
changed the title
Description
For each submission or reply, we should track the GPG key used to encrypt this submission or reply.
This will provide the base for server-side key management, allowing for better handling of rotation use-cases and providing functionality required for future support of submission/per journalist keys(as described in #2841)
There are several ways this can be implemented, the key fingerprint as a field in Submissions or Reply table, or creating a new table and a foreign key reference to that key (fingerprint, and other useful metadata, such as time of validity of the key).
How should we handle existing submissions and replies? Ideally we would want all (including all past) submissions and replies to have metadata about the associated key, but it might be impractical to implement a migration around this for historical submissions and replies.
Ref: freedomofpress/securedrop-client#140
The text was updated successfully, but these errors were encountered: