The question is now, how can I sign it for the group? Because the group don’t have a public key for signing?
The group has no key. So you need to encrypt with the public keys of all the users in the group (and sign with your private key).
The secrets of all the users having access to the resource are required.
The update resource endpoint works such that you need to send all the secrets for all users that have access to it. It is therefore possible you are sending not enough / too much data for this to work.
In practice you can get the list of people who have access to a resource using:
GET /users.json?api-version=2&filter[has-access]=<RESOURCE_UUID>
For example a resource shared with a group containing five users, and having a direct permission for another user, you would see six users:
{
"header": {
"id": "dccbcaa5-ebb0-41e8-bcac-aef3191f738e",
"status": "success",
"servertime": 1592218148,
"title": "app_users_index_success",
"action": "d7bc9044-a64e-5421-a4d7-7a94eaa39d37",
"message": "The operation was successful.",
"url": "\/users.json?api-version=2\u0026filter%5Bhas-access%5D=06b9d1d2-cbc7-48eb-8011-8ccccb0a4b8c",
"code": 200
},
"body": [
{
"id": "32d29702-85e2-539d-98ac-6abfa7aadf01",
// etc.
},
{
"id": "e7fa0375-61df-5dbc-9e42-e0d363bd0ecf",
// etc.
},
{
"id": "1e73e104-d53e-579d-a0c4-e9aeaca76c56",,
// etc.
},
{
"id": "d57c10f5-639d-5160-9c81-8a0c6c4ec856",,
// etc.
},
{
"id": "e1ebc592-b90d-5e22-9f40-50e52911673b",,
// etc.
},
{
"id": "0da907bd-5c57-5acc-ba39-c6ebe091f613",,
// etc.
}
]
}
Then send the data:
PUT /resources/06b9d1d2-cbc7-48eb-8011-8ccccb0a4b8c.json?api-version=2
{
"id": "06b9d1d2-cbc7-48eb-8011-8ccccb0a4b8c",
"name": "test",
"username": "",
"uri": "",
"description": "",
"secrets": [
{
"user_id": "32d29702-85e2-539d-98ac-6abfa7aadf01",
"data": "-----BEGIN PGP MESSAGE-----"
},
{
"user_id": "e7fa0375-61df-5dbc-9e42-e0d363bd0ecf",
"data": "-----BEGIN PGP MESSAGE-----"
},
{
"user_id": "1e73e104-d53e-579d-a0c4-e9aeaca76c56",
"data": "-----BEGIN PGP MESSAGE-----"
},
{
"user_id": "d57c10f5-639d-5160-9c81-8a0c6c4ec856",
"data": "-----BEGIN PGP MESSAGE-----"
},
{
"user_id": "e1ebc592-b90d-5e22-9f40-50e52911673b",
"data": "-----BEGIN PGP MESSAGE-----"
},
{
"user_id": "0da907bd-5c57-5acc-ba39-c6ebe091f613",
"data": "-----BEGIN PGP MESSAGE-----"
}
]
}
Also, @cola please create separate issues instead of putting multiple API questions into one, that way it’s easier to search / other people can see the solution.