Commits on Aug 8, 2022

1. Add decryption authorization …

   The default behaviour of tangd is to reply correctly to all key recovery
   requests.  In some deployments it may be needed to control when a key
   recovery should be allowed or not.  This patch extends the tangd server
   with a very simple authorization method.
   
   When tangd is started with a second argument, this need to point at a
   directory to be used for authorizations.  When a key recovery request
   occurs, the tangd server will check if this directory contains the
   filename of the client key fingerprint (thp/kid).  If a file (which
   can be empty) exists with the name of a client fingerprint, the
   request is authorized and the decryption can be performed successfully.
   
   Signed-off-by: David Sommerseth <[email protected]>

   

   dsommers committed Aug 8, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 4ad7364
   • Browse repository at this point

   Copy the full SHA

   4ad7364 View commit details

   Browse the repository at this point in the history

2. systemd: Make use of a configuration file for tangd args …

   To enable the client authorization directory before this change, the
   main systemd service unit file needed to be modified.  This is less
   ideal and we can use EnvironmentFile= feature in the unit file to read a
   file with environmental variables the [email protected] will use for the
   command line.
   
   Signed-off-by: David Sommerseth <[email protected]>

   

   dsommers committed Aug 8, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 907ad36
   • Browse repository at this point

   Copy the full SHA

   907ad36 View commit details

   Browse the repository at this point in the history