Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Query Integration
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

GPG requires that a key must first be inserted into the "key ring" before it is used (before signing or verification).

In this ticket we are inserting the production key (mongot-extension.pub found at pgp.mongodb.com) into the key ring before loading all extensions, and then removing it out of key ring after extensions are done being loaded.

Define a constant somewhere sensical in the server for the value of the mongot-extension public key. Use the gpgmepp library for the key ring operations.

depends on

SERVER-115287 Import gpgmepp lib into the server

In Progress

SERVER-115281 Add extensions signature secure bazel flag and pre-processor maco

Closed

is depended on by

SERVER-115289 Perform extensions signature verification

Open

SERVER-115610 Add extensions test gpg key to ring in insecure mode

Open

Assignee:: Unassigned
Reporter:: Joe Shalabi
Participants:: Joe Shalabi
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Dec 11 2025 05:01:02 AM UTC
Updated:: Dec 18 2025 06:58:01 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates