jeblad added a comment.
Note that there are several options to do PGP/GPG signing and encryption in the browser. One example in Javacript is OpenPGP.js <https://openpgpjs.org/>, but it is probably better to use Web Cryptography API <https://www.w3.org/TR/WebCryptoAPI/> if available. (It is almost universally available now, and should be used.) During upload **Given** I have edited a statement **And** I have provided a private key **When** I publish the edits **Then** the usual arguments are wrapped in a container **And** the wrapped container is signed Key management is a problem, as you must use private key to sign a doc, and keep the private key in an unsecure environment. This is like begging for problems, as it is almost to easy to make an exploit. Note also that I believe existence of available keys is the only thing that matter, and if they exist then they should be used. That means no additional buttons, you provide the keys, then the interface will use those keys to sign the uploads. On the server **Given** an API request arrives **When** it is wrapped in a signed container **Then** check the signature **And** unwrap the arguments **And** create a faux request **And** append the original signed container to the revision The previous should in fact be the same no matter if it is statements on Wikidata or content on Wikipedia. During reading/verification **Given** I read a statement **When** I click "provenance" **Then** I am shown a list of edits to this statement **And** some of them has a notice "signed by …" **And** a link to the actual revision **And** the revision has the original wrapped container with the digital signature Note that when you (or someone else) checks the signed contribution then the complete container with the signature is available. There are no need to visually inspect anything. The wrapped container could even be verified at the client machine, either it is verified or it is not, and the result can be provided. It is not necessary to show the whole changeset. This is quite simple to implement in various scripting languages, as it require no additional requests to a remote server. It only requires a repackaging of the existing arguments. Always sign or encode on your local machine before sending anything anywhere, don't sign or encrypt (!) anything someone claims to be the same. Especially if it is Unicode, but that is another (and quite funny) discussion. TASK DETAIL https://phabricator.wikimedia.org/T138708 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: jeblad Cc: jeblad, CalebMoses, Fliptrail, Cirdan, Salgo60, AndrewSu, Mineo, Hjfocs, Scott_WorldUnivAndSch, Jan_Dittrich, RazShuty, Joshi-Jay-31, srishakatux, Jonas, rosalieper, EddyAfful, BamLifa, MichaelSchoenitzer, psinghal20, Nikhil-nk, Liuxinyu970226, BVershbow_WMF, PDrouin-WMF, Astinson, Ramsey-WMF, Quoth, Daniel_Mietchen, Tpt, Glorian_Yapinus, Micru, Jane023, DarTar, Abbe98, I9606, YULdigitalpreservation, Tallerone, abian, Scott_WUaS, johl, jayvdb, tfmorris, Spinster, TomT0m, Denny, Eloquence, JanZerebecki, T.seppelt, Aklapper, daniel, Zppix, Lydia_Pintscher, alaa_wmde, Dinadineke, Nandana, tabish.shaikh91, Lahi, Gq86, GoranSMilovanovic, Soteriaspace, Jayprakash12345, JakeTheDeveloper, QZanden, merbst, LawExplorer, _jensen, Wikidata-bugs, aude, TheDJ, Mbch331
_______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
