Skip to content

JobDoesburg/rde-keyserver

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

RDE keyserver

This repository contains the RDE keyserver. This key server is a simple Django application that provides a public key register for RDE enrollment parameters. It provides a simple web interface that allows users to register their e-passports for RDE. The key server also provides a REST API that allows other applications to retrieve the public keys of users, based on their email address. User authentication is handled via SAML.

Installation

Probably you want to use the RDE POC server config repository to install the keyserver. This uses Docker and uwsgi to run the keyserver, which is configured to run with 1 worker and 10 threads.

The following environment variables can be passed to the container:

  • DJANGO_SECRET_KEY: The secret key used by Django.
  • DJANGO_ALLOWED_HOSTS: The allowed hosts for Django, comma separated, e.g. keyserver.example.com or keyserver.example.com,keyserver2.example.com.
  • DJANGO_DEBUG: Whether to enable debug mode for Django, e.g. True or False.
  • DJANGO_BASE_URL: The base url of the RDE keyserver, e.g. https://keyserver.example.com. This is also used as entity id for SAML.
  • DJANGO_SAML_IDP_METADATA_URL: The url of the SAML IdP metadata, e.g. https://metadata.test.surfconext.nl/idp-metadata.xml.

These environment variables are used in settings.py.

The key server is exposed on port 8000.

Static (and media) files

Static (and media) files are not served by the keyserver, but should be served by a separate keyserver. These directories are available at /code/static and /code/media respectively and can be mounted as volumes.

SAML

Configuration of SAML is done in settings.py. We refer to the Django SAML2 SP documentation for more information.

SAML requires a private.key and public.cert file to be present in the keyserver/config/saml directory. A sample command to generate these files is openssl req -x509 -newkey rsa:4096 -keyout private.key -out public.cert -days 365.

Database

The current configuration uses an SQLite database in keyserver/db.sqlite3 for data storage.

Usage

The keyserver provides a simple web interface that allows users to view and register their RDE documents. The web interface is protected by SAML authentication. Users can register a new RDE document by clicking the "Enroll new document" button. This will generate a ticket that can be used to enroll the document using the API, and will display a QR code that can be scanned by the RDE client app to enroll the document. The ticket will expire when a new ticket is created. In production, the ticket should be also have a max lifetime.

This process is not production ready. In production, the enrollment process should have more user interaction and feedback.

API

Search for a public key (enrollment parameters)

The keyserver provides a REST API that allows other applications to retrieve the public keys of users, based on their email address. This API can be queries using /api/search?email=<email>. The API will return a JSON object with the enrollment parameters for the user with the given email address. If no user is found, the API will return a 404 error.

Register an RDE document

The keyserver also provides a REST API that allows users to register their RDE documents. This API can be queries using /api/enroll/<ticket>/. Here the <ticket> should be replaced with the ticket that was generated by the key server when the user requests to register a new RDE document (via the frontend web interface). The API expects a JSON object with the enrollment parameters for the RDE document and will return these parameters if the enrollment was successful.

Right now, the keyserver does not verify the enrollment parameters. This means that any user can enroll with any parameters, even invalid ones (in fact, any JSON object is accepted). This is not a problem for the prototype, but should be fixed in production. For this, a python version of the RDE JS library should be implemented, and the JS library should be integrated in the keyserver as well, so users can verify their own enrollment parameters in the browser, too.

Privacy considerations

Right now the key server acts as a PGP-like public key register. This means that anyone can retrieve the public key of any user as long as they know the email address of the user. It might be desirable to add some form of authentication to the API, so that only authorized users or applications can access the register, and to add some form of rate limiting. This is not a priority at the moment, but should be considered in the future.

Security considerations

Within the RDE prototype, the purpose of the keyserver is to provide a register for RDE enrollment parameters and to link those to email addresses of users. The keyserver is to be trusted for this binding. Other than that, the keyserver does not have any special security requirements. It does not receive or process any secret data within the RDE prototype infrastructure.

Dependencies

The keyserver depends on the following python packages:

About

Keyserver for the Remote Document Encryption prototype

Resources

Stars

0 stars

Watchers

1 watching

Forks

Contributors