Cryptography for Trac
CryptoPlugin supports cryptographically backed functions in Trac.
This is WiP and in a very early stage. Nevertheless testers are very welcome.
Why? Privacy offered based on these functions is much different compared to other privacy-related plugins, and reports about your expectations as well as your findings will help them mature and match your needs.
Tab.: Privacy offered by a Trac system depending on setup and user action
|installation||Trac, no plugins||other plugins installed||CryptoPlugin installed|
|session setting (per user)||n. a.||n. a.||n. a.||Trusted server||Trusted client||Trusted server||Trusted client|
Privacy strength rating legend:
- n. a.
no protection, not counting read-only wiki pages for (very weak) privacy
prevents unrecognized content change without read-protection
depending on server security of Trac system software (plugins included) and storage for Trac content and private user keys
- very strong
depending on client security for private user key storage
independent of client and server security for private user key storage
Regular content is accessible as per applicable TracPermissions settings, and users can save content without additional protection regardless of other options, if available at all. Since it is the same for any setup, it's not worth mentioning this type of content in the table above.
While Trac plugins other than CryptoPlugin (incomplete list follows)
- PrivateTicketsPlugin (ticket-only)
- PrivateWikiPlugin (wiki-only)
- SensitiveTicketsPlugin (ticket-only)
attempt to protect only some part ('realm') of Trac's content, they do not differentiate in terms of protection strength, so they're rated together for simplicity here.
Ultimate privacy doesn't assume any trust outside of Trac system software (plugins included). This kind of inherit Trac content protection is neither available nor planned yet.
So you have to decide now, if the available protection is enough for your data. Likely there are not many web services, that grant at least strong protection without installation of special software at client side, and if so, they certainly do not offer Trac's documentation and bug-tracking capabilities.
total issues by status:
open issues by type:
Download the complete, zipped source (all branches) from here.
-  by hasienda on 2012-07-28 00:48:39
CryptoPlugin: Implement some functionality now, starting with OpenPGP, refs #10030 and #10080.
-  by hasienda on 2012-07-28 00:24:28
CryptoPlugin: Add blank user preferences page, refs #10080.
-  by hasienda on 2012-07-28 00:18:35
CryptoPlugin: Create basic i18n infrastructure, refs #10080.