Uploaded image for project: 'SignServer'
  1. SignServer
  2. DSS-1824

SignClient client-side hashing support for OpenPGP clear-text signatures

    Details

    • Epic Link:
    • Sprint:
      SignServer-Sprint 101, SignServer-Sprint 102

      Description

      • Update SignClient to support client-side hashing for PGP signatures:
        • SignClient hashes the content
        • SignClient produces and hashes the PGP packets including "Creation Time", "Key ID", "Key Algorithm"
        • From the hash the pre-hashed signature input value is constructed (i.e. according to RFC#3447)
        • SignClient sends the pre-hashed signature input to the PGPPlainSigner (DSS-1822)
        • PGPPlainSigner (configured with signature algorithm NONEwithRSA or ECDSA) creates and returns the plain signature
        • SignClient contructs the final PGP message/file
      •  Specifically for clear-text signatures, it works like this:
        • Input to SignClient: Text document + PGP-clear-text flag + Key ID + Key Algorithm
        • From SignClient to PGPPlainSigner: the final signature input (i.e. hash) + Key ID + Key Algorithm
        • From PGPPlainSigner back to SignClient: Plain Signature
        • SignClient then finishes the PGP signature based on the plain signature
        • Output from SignClient: ASCII armored PGP Signed Message containing input document + PGP signature
        • A separate ticket is for adding support for detached signatures: DSS-1823

      TODO in this ticket (assuming previous ticket done first)

      • New FileSpecificHandler (2h) or rather modifying existing PGP file specific handler.
      • Implement PGP signing preparations + finalization
        • Adapt implementation from previous ticket to do similar thing but produce clear-text sig (1d 4h)
      • Documentation (30m)
        • ClientCLI page update or rather Client-side hashing page [x] VS
      • Tests ()
        • System tests (2h) [x] VS
          Compliance tests (2h) [x] VS
        • Manual test steps (DSSQA) for signing (1h) - It is actually update of delivery document. [x] VS

        Attachments

          Activity

            People

            Assignee:
            marcus.lundblad@primekey.se Marcus Lundblad
            Reporter:
            markus Markus Kilås
            Verified by:
            Markus Kilås, Vinay Singh (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 days, 1 hour, 30 minutes Original Estimate - 2 days, 1 hour, 30 minutes
                2d 1h 30m
                Remaining:
                Time Spent - 2 days, 21 minutes Remaining Estimate - 1 hour, 30 minutes
                1h 30m
                Logged:
                Time Spent - 2 days, 21 minutes Remaining Estimate - 1 hour, 30 minutes
                2d 21m