Uploaded image for project: 'SignServer'
  1. SignServer
  2. DSS-1826

SignClient client-side hashing support for Debian dpkg-sig signatures

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.1.0.Final
    • Component/s: Addons, Client CLI
    • Labels:
      None
    • Epic Link:
    • Sprint:
      SignServer-Sprint 102

      Description

      • Update SignClient to support client-side hashing for Debian dpkg-sig signatures:
        • For dpkg-sig signature using single hash:
          • Input to SignClient: Unsigned Debian package + flag to indicate debian-dpkg-sig as format + flag with PGP Key ID + Key Algorithm
          • Control file is generated and hashed
          • From SignClient to PGPPlainSigner (DSS-1822): final hash formatted as signature input + PGP Key ID + Key Algorithm (for error checking/logging only)
          • From PGPPlainSigner back to SignClient: PGP Signature
          • Signature is incorporated in control file and control file added to Debian package
          • Output from SignClient: dpkg-signed signed Debian package

       TODOs for this ticket (assuming at least one of previous client-side tickets are done):

      • New FileSpecificHandler [x] ML (2h)
      • Implement PGP signing preparations + finalization
        • Parse Debian package (2d 4h)
        • Calculate hash of files (1h)
        • Produce metadata file (3h)
        • Producing signature input + putting signature into metadata file (1h)
        • Including metadata file in final Debian package (1d)
      • Documentation (3h)
      • Check fingerprint at server side if present [x] VS
        • ClientCLI page update [x] VS
      • Tests ()
        • System tests (3h) [x] VS
        • Manual test steps (DSSQA) for signing /Delivery document (3h) [x] VS
        • Compliance test (4h) [x] VS

      With DSS-1973 done first remove 2d 4h + 1 + 3 + 3 + 4 = 30h

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              marcus.lundblad@primekey.se Marcus Lundblad
              Reporter:
              markus Markus Kilås
              Verified by:
              Markus Kilås
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 days, 4 hours Original Estimate - 2 days, 4 hours
                  2d 4h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 6 hours, 20 minutes
                  2d 6h 20m