Create an HTTP service which accepts data through a POST command. The data is a signed PGP message, which the server verifies and processes if the signature is valid. (Generic version of the same previous idea.)
The intended use case is for low level tools, perhaps command-line, not a browser and form.
This should be easy. Are there security vulnerabilities in running "gpg -v" on carefully crafted evil messages?
Probably want timestamps or challenge-response to avoid replay attacks.
This feels like reinventing the wheel or inventing my own crypto.
No comments :
Post a Comment