[cap-talk] ARG! Source Code

John Carlson john.carlson3 at sbcglobal.net
Sat Nov 18 15:23:32 CST 2006


Here's the source code to a file and directory capability system w/  
identity implemented on top of GPG.  It needs a way to deal with GPG
without GPG asking for a passphrase all the time.  It uses NetBeans  
components for the GUI.  I have examples of how to
use GPG to implement Jed's Managing Domains, section 13.  It uses a  
different algorithm than Jed's I think.  It would be good
if someone would review the differences--see the shell script use  
cases in the main folder.  It also needs a better GUI--I could
probably combine it with some work I've done with Jed on building  
modules for his Impact architecture or other code.  The only
form of revocation in this system is removing the public key from the  
server's public key ring, hence it is an ACL based system as
well as  a capability-based system.

Please keep this code within the cap-talk community.   I am terribly  
embarrassed by the hard to use GUI.  I have done better.  Soon
Java will have better drag and drop.  That will help.  I haven't  
touched or tested this code for years.  It's a bit musty.

http://schizophrenics.net/capabilitywacls.tar.gz

[ yes, this is my personal web site--I take medications, they're good  
for you!  I am not some capability or security guru, I would
rather spend my time doing stuff like this: http://schizophrenics.net/ 
3Dgraphics.html  ]

Jed, how would you prevent a DOS against someone requesting new  
public/private key pairs in section 13?

This is not an out of the box package, sorry.  It is a prototype that  
shows that capabilities can be used with public key cryptography
(ACLs).  If you don't check the public key ring, then it isn't an ACL  
system, and has no form of revocation.

Jed's name is on the code because he contributed the ideas.  I don't  
think any of the code is his.  It's my coding style, and if
you don't like it, write your own version after stealing the ideas.    
The idea is to get some code out there for people to look at
Jed's ideas to see if they are valid or not.

That said, I didn't post this code with Jed's permission either.   
Permission is granted to download the code onto one or more computers.

John


More information about the cap-talk mailing list