[cups.general] [PyKota] signing print jobs with pgp and using that to allow print jobs through (using cups)?

Walter Tautz wtautz at cs.uwaterloo.ca
Mon Jun 16 08:01:49 PDT 2008 

Jerome Alet wrote:
> Hi,
>
> On Mon, Jun 09, 2008 at 02:12:26PM -0400, Walter Tautz wrote:
>   
>> Hi, I was wondering if it would be possible to have print jobs
>> be signed with a pgp key. I suppose this boils down to some
>> kind of prefilter in cups? Perhaps it would be easier to to
>> Pykota? Thoughts? Admittedly this notion doesn't really have
>> anything directly to do with quota but, instead, with authorization
>> but it would be neat to have such a feature somewhere within the bowels
>> of the print infrastructure of cups+pykota.
>>     
>
> The problem is : where do you want the job to be signed, and where
> do you want the signature to be checked.
>   
Signed: on the client (could be difficult on non-unix platforms)
Checked: on the cups server by querying key server

> I don't know much about digital signatures but I think the only 
> place to sign a print job is on the client. 
>
> Unfortunately, usually CUPS will modify the datas it receives from the
> client (unless you print in raw mode), so the client's signature is
> useless.
>   
Cups would have to modified presumably. Probably a Hash of
the print data would be signed rather than the data itself. Similar
to mail signed with gpg? I am not an expert either. Perhaps Michael Sweet
 would have some ideas. I have cc'ed the cups mail list.
> Then CUPS will send these modified datas to a printer, but how
> do you expect the printer to validate the signature, even if
> a way existed to preserve it from the client to the printer ?
>   
The printer wouldn't as noted above. Obviously we have to assume that 
the connection
to the printer from the cups server is "secure".
> I don't see how to implement such signed print jobs, from what I 
> understand, it's not possible, unless (maybe) the final printer is 
> not a real printer but a virtual one (i.e. an application like Tea4CUPS 
> or similar). 
>   
Could be.
> What can be done though, is to add printed watermarks on each print
> job passing through CUPS. To do this you'll need the alternate pstops
> filter available from Helge Blischke (search for it on www.cups.org).
> But this visual watermarking is only done on the print server, and
> has to be verified by an human being looking at the printed paper.
>   
Not needed, it has to be software automated.

Walter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cups.org/pipermail/cups/attachments/20080616/d88db0fe/attachment-0001.html>

More information about the cups mailing list