Yes, and as a matter of fact, i just got digital signature validation using OpenPGP within a map function working a few minutes ago!
Here's a link to the relevant code: https://github.com/jimklo/TheCollector/blob/master/dataservices/thecollector-resources/views/lib/sig_utils.js I'm using my own slightly edited version of the OpenPGP.js (http://openpgpjs.org/) project library. Essentially all I did was add a CommonJS exports.openpgp declaration and some mock object declaration (navigator, localStorage, etc) The problem you run into however with what you want to do, is you will not have access to the a user object inside or a userCtx since you're not actually authenticating to pair a valid keyid with. The best you might do is use a validate update doc function with a fixed set of whitelisted public keys stored in your design doc. It's not very scalable, but really your only solution since you can't break the idempotency to fetch additional external public keys. Jim Klo Senior Software Engineer Center for Software Engineering SRI International On Jul 3, 2012, at 8:53 AM, Albin Stigö wrote: Hi, Did anyone experiment with cryptographically signing docs as a method of "authentication"..? I was thinking something along these lines: Instead of using name/password login all posted docs must be signed with a private key. The server has a list of the public keys that are allowed to post. If the signature is not correct the validation function rejects the new/updated doc. I think this scheme could have many interesting use cases... It might also be a way of maintaining "ownership" across replication. Did anyone try this? --Albin
