1.1 --- a/README.txt Fri Sep 13 01:05:05 2013 +0200
1.2 +++ b/README.txt Wed Oct 16 01:26:19 2013 +0200
1.3 @@ -40,22 +40,22 @@
1.4
1.5 Import the key into the wiki's GPG homedir:
1.6
1.7 -gpg --homedir wiki/gnupg --import 1C1AAF83.asc
1.8 +gpg --homedir WIKI/gnupg --import 1C1AAF83.asc
1.9
1.10 For the wiki to receive encrypted data, a key for the wiki must be created:
1.11
1.12 -gpg --homedir wiki/gnupg --gen-key
1.13 +gpg --homedir WIKI/gnupg --gen-key
1.14
1.15 For the wiki environment to be able to use the key, password access must be
1.16 disabled. This can be done by either not specifying a password or by removing
1.17 it later using the --edit-key option:
1.18
1.19 -gpg --homedir wiki/gnupg --edit-key 0891463A
1.20 +gpg --homedir WIKI/gnupg --edit-key 0891463A
1.21 passwd
1.22
1.23 Export the wiki's key for encrypting messages sent to the wiki:
1.24
1.25 -gpg --homedir wiki/gnupg --armor --output 0891463A.asc --export 0891463A
1.26 +gpg --homedir WIKI/gnupg --armor --output 0891463A.asc --export 0891463A
1.27
1.28 This exported key can now be imported into your own environment:
1.29
1.30 @@ -75,6 +75,12 @@
1.31 moinmessage_gpg_signing_users_page (optional, default is MoinMessageSigningUserDict)
1.32 This provides a mapping from Moin usernames to key fingerprints.
1.33
1.34 + moinmessage_gpg_relaying_user (optional)
1.35 + This specifies the username of a special user who will sign relayed
1.36 + messages. Partner wikis will need to record the details of this user in
1.37 + their fingerprint-to-user mapping (see moinmessage_gpg_users_page) to be
1.38 + able to receive messages from this wiki.
1.39 +
1.40 moinmessage_gpg_recipients_page (optional, default is MoinMessageRecipientsDict)
1.41 This provides a mapping from recipients to remote URLs and key fingerprints.
1.42 Each user can define the named page as a subpage of their own home page.
1.43 @@ -89,7 +95,7 @@
1.44 This explicitly defines the path to static resources used by Moin, enabling
1.45 such resources to be attached to messages. When set, the path must refer to
1.46 the htdocs directory (possibly renamed) containing the different theme
1.47 - resource directories, together with the robots.txt and favicon.ico files.)
1.48 + resource directories, together with the robots.txt and favicon.ico files.
1.49
1.50 For signature verification to function, the following needs to be added:
1.51
1.52 @@ -126,6 +132,29 @@
1.53
1.54 Each username must correspond to a registered user in the wiki.
1.55
1.56 +If a wiki is to perform message relaying, receiving messages from partner
1.57 +wikis and sending them on, a user is required for this purpose. You could
1.58 +create such a user as follows:
1.59 +
1.60 +moin --config-dir=WIKI account create --name=MessageRelay --email=messagerelay
1.61 +
1.62 +(You may need to run this command as the Web server user to be able to change
1.63 +the wiki installation, as well as indicating the full path to the moin program
1.64 +either as the program name or by setting the PATH.)
1.65 +
1.66 +After doing this, you could define an entry for the relaying user as follows:
1.67 +
1.68 + fingerprint:: MessageRelay
1.69 +
1.70 +Here, "fingerprint" should be substituted for a key fingerprint used by a
1.71 +partner wiki to sign messages that it then sends to this wiki. See the next
1.72 +section for more information on signing keys and identities.
1.73 +
1.74 +It may very well be the case that more than one partner wiki will be sending
1.75 +messages to this wiki: the signing key fingerprint of each partner wiki can be
1.76 +added to this mapping and specify the same relaying user; there is no
1.77 +restriction on each fingerprint needing to map to a different user.
1.78 +
1.79 The Username-to-Signing Key Mapping
1.80 -----------------------------------
1.81
1.82 @@ -142,6 +171,13 @@
1.83 whereas the signing of messages requires access to a private key. Thus, the
1.84 signing process employs a special private key known to the wiki for a user.
1.85
1.86 +If a wiki is to perform message relaying, the special relaying user must be
1.87 +defined in this mapping together with an appropriate key fingerprint. You can
1.88 +use the key generated during the wiki's configuration (see "Configuring GPG
1.89 +for a Wiki" above) for this purpose. This fingerprint can then be used by
1.90 +partner wikis in their fingerprint-to-user mapping in order to verify incoming
1.91 +messages and to process them as relayed messages.
1.92 +
1.93 The Recipients Mapping
1.94 ----------------------
1.95