Encrypt RSS feeds

Events happening in the community are now at Drupal community events on www.drupal.org.
Posted by bobbyaldol on January 9, 2013 at 8:41pm

The discussion here
http://groups.drupal.org/node/9719 consists of a great idea to encrypt RSS feeds of private posts. But the discussion there has been dead and not updated for quite some time.
I want to see whether this service has been achieved or not(in my knowledge it isnt.)
As on the discussion on the page, this module one created is very helpful but requires a great deal of work. So I need some guidance in doing this and I also have some doubts regarding the details that the module should contain in the project page.

Firstly it says "The project would be to develop a module which generates and consumes syndicated feeds, where reading them in only possible behind a login."
But later in the details section it says that "With this module, two separate bloggers that use drupal should be able to share their private posts with each other without necessarily requiring a user name." Why does it say initally that reading them should be possible only behind a login but sharing private posts with each other shouldnt require a username.

Categories: ,

Comments

A solution I have thought for this.

Posted by bobbyaldol on January 17, 2013 at 4:03pm

I only had one thing in my mind while thinking about this, how would two bloggers using drupal able to share their private posts.

There are basically two main problems:
1. How to authenticate the blogger for private posts?
2. After authentication, the blogger will receive the private data, but we want the data not to be decrypted by the aggregator. One reason for this is that the feeds are stored in the database. One hack of the database by an adversary and the whole private information is flooded all over the internet. So the key is to store the feeds in the encrypted form itself in the database and decrypt it using javascript whenever the user is viewing it.

So this module provides for an token based authentication system. (I still havent figured out how to implement it).
Once the user has been authenticated, the blog providing the service asks for the public key of the user. Once the public key is obtained
it is then used to encrypt the secret key that will be used for the feed transmission only for this time. The encrypted key is received by the client ,decrypted using their private key and then the key is stored. The client sends an acknowledgement back, and the service providing blogger then encrypts the feeds using the shared secret (I am thinking of an AES encryption system) . Once the rss tagged with "encrypted" is received it is picked up by the javascript running in the browser(nothing but AES in js). The decrypted message is then displayed.

So even if the feeds are transmitted over an unsecure channel ( without SSL) the data is secure.

Sandbox created

Posted by bobbyaldol on January 26, 2013 at 2:09pm

I have created a sandbox for the module here http://drupal.org/sandbox/AnuroopKuppam/1895988
Any more ideas and views regarding this please leave them in the issue queue.

RSS & Aggregation

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

AltStyle によって変換されたページ (->オリジナル) /