Of course, at some point, a desktop implementation would be great as it stays the most secure way to generate PGP keys!
Android pgp client side encryption ejabberd install#
What about future developments?Īt this stage, no need to install anything, the tool is web-based and the encryption logic is fully client-side. Don't hesitate to check the Github repo to see how it is implemented.įor this project, I decided to rely on OpenPGP.js, a JavaScript implementation of the OpenPGP protocol. Stimulus.js is used to connect to the HTML elements and retrieve the user inputs. The whole encryption logic is built with Javascript. Ruby & Ruby on rails as I think it would be the easiest way to implement further back-end features and it is currently my favorite web-app framework.Stimulus.js, a Javascript framework, simple and modern.HTML & CSS as for the basis of the web app.Keys are currently generated with the following params: decrypt messages with your private key.encrypt messages with a public PGP key, and.generate PGP key pairs ( elliptic-curve cryptography(ECC)),.Or quite simply: curl -oauth2-bearer erHymcBiT2r0QsuOpDjIrsEvnOS4grkj \ Now, when sending an API query, provide the authentication for that account: curl -H "Authorization: Bearer erHymcBiT2r0QsuOpDjIrsEvnOS4grkj" \ A quick way is using ejabberdctl: ejabberdctl oauth_issue_token 3600 ejabberd:adminĮrHymcBiT2r0QsuOpDjIrsEvnOS4grkj 3600 seconds
User: can then configure the OAuth commands you want to expose and who can use them: api_permissions: Top-level option to allow token creation: oauth_access: all # You can set ip to 0.0.0.0 to open it widely, but be careful! # oauth and API only listen on localhost interface for security reason # differently than BOSH and WebSocket HTTP interface. # Using a separate port for oauth and API to make it easy to protect it Here are example entries to check / change in your ejabberd You need to configure OAuth support in ejabberd. Res = requests.post(url, json=data, "somePass"))īefore using OAuth to interact with ejabberd API, Now, when sending an API query, provide the authentication for that account: curl -basic -user \ Register it: ejabberdctl register john localhost somePass User: only that ACL to use the API: api_permissions: Quite probably you will want to require authentication to execute API queries,Īssuming you have the simple listener: listen:ĭefine an ACL with the account that you will use to authenticate: acl: If you are using a self-signed certificate, you can bypass the corresponding error message: curl -insecure '' If you already defined certificates and your connection is not on a local network,
Now you can query the API, for example: curl '127.0.0.1:5281/api/registered_users?host=localhost' They are consider too sensitive to be exposed through API.
Note: stop and start commands are disabled in that example as they are usually restricted to ejabberdctl command-line tool. "API used from localhost allows all calls": The ip option ensures it listens only on the local interface (127.0.0.1) instead of listening on all interface (0.0.0.0).īy defining api_permissions, you can then allow HTTP request from a specific IP to trigger API commands execution without user credentials: api_permissions: On a given root URL and on a desired port: listen: If you are planning to use ejabberd API for admin purpose, it is often enough to configure it to be available local commands.Īccess is thus generally limited by IP addresses, either restricted to localhost only, or restricted to one of your platform back-end.
0 kommentar(er)
