[cups.general] [PyKota] signing print jobs with pgp and using that to allow print jobs through (using cups)?
Walter Tautz
wtautz at cs.uwaterloo.ca
Mon Jun 16 08:01:49 PDT 2008
Jerome Alet wrote:
> Hi,
>
> On Mon, Jun 09, 2008 at 02:12:26PM -0400, Walter Tautz wrote:
>
>> Hi, I was wondering if it would be possible to have print jobs
>> be signed with a pgp key. I suppose this boils down to some
>> kind of prefilter in cups? Perhaps it would be easier to to
>> Pykota? Thoughts? Admittedly this notion doesn't really have
>> anything directly to do with quota but, instead, with authorization
>> but it would be neat to have such a feature somewhere within the bowels
>> of the print infrastructure of cups+pykota.
>>
>
> The problem is : where do you want the job to be signed, and where
> do you want the signature to be checked.
>
Signed: on the client (could be difficult on non-unix platforms)
Checked: on the cups server by querying key server
> I don't know much about digital signatures but I think the only
> place to sign a print job is on the client.
>
> Unfortunately, usually CUPS will modify the datas it receives from the
> client (unless you print in raw mode), so the client's signature is
> useless.
>
Cups would have to modified presumably. Probably a Hash of
the print data would be signed rather than the data itself. Similar
to mail signed with gpg? I am not an expert either. Perhaps Michael Sweet
would have some ideas. I have cc'ed the cups mail list.
> Then CUPS will send these modified datas to a printer, but how
> do you expect the printer to validate the signature, even if
> a way existed to preserve it from the client to the printer ?
>
The printer wouldn't as noted above. Obviously we have to assume that
the connection
to the printer from the cups server is "secure".
> I don't see how to implement such signed print jobs, from what I
> understand, it's not possible, unless (maybe) the final printer is
> not a real printer but a virtual one (i.e. an application like Tea4CUPS
> or similar).
>
Could be.
> What can be done though, is to add printed watermarks on each print
> job passing through CUPS. To do this you'll need the alternate pstops
> filter available from Helge Blischke (search for it on www.cups.org).
> But this visual watermarking is only done on the print server, and
> has to be verified by an human being looking at the printed paper.
>
Not needed, it has to be software automated.
Walter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cups.org/pipermail/cups/attachments/20080616/d88db0fe/attachment-0001.html>
More information about the cups
mailing list