You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Franz Forsthofer (JIRA)" <ji...@apache.org> on 2013/12/05 06:41:37 UTC
[jira] [Comment Edited] (CAMEL-7002) PGPDataFormat: restrict
verifying public keys and allow several signatures
[ https://issues.apache.org/jira/browse/CAMEL-7002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13838956#comment-13838956 ]
Franz Forsthofer edited comment on CAMEL-7002 at 12/5/13 5:40 AM:
------------------------------------------------------------------
Hello Aki,
Suppose you have two signatures SigA and SigB in the encrypted data and let's suppose that we have the correspondig two keys keyA and keyB also in the keyring. But we only want to allow that the keyB is used for the verification. The verifier however detects first keyA and verifies SigA and you return the information of keyA. Now in a next step we find out that keyA was used for verification and we abourt the processing although there is a SigB which would not have led to the abortion.
Regards Franz
was (Author: forsthofer):
Hello Aki,
Suppose you have two signatures SigA and SigB in the encrypted data and let's suppose that we have the correspondig two keys keyA and keyB also in the keyring. But we only want to allow the keyB is used for the verification. The verifier hover detects first keyA and verifies SigA and you return the information of keyA. Now in a next step we find out that keyA was used for verification and we abourt the processing although there is a SigB which would not have lead to the abortion.
Regards Franz
> PGPDataFormat: restrict verifying public keys and allow several signatures
> --------------------------------------------------------------------------
>
> Key: CAMEL-7002
> URL: https://issues.apache.org/jira/browse/CAMEL-7002
> Project: Camel
> Issue Type: Improvement
> Components: camel-crypto
> Reporter: Franz Forsthofer
> Assignee: Hadrian Zbarcea
> Fix For: 2.12.3, 2.13.0
>
> Attachments: 0001-PGPDataFormat-signatureUserIds-added.patch
>
>
> The contribution consists of two parts.
> The first part is about the verifier.
> During the signature verification with PGPDataFormat currently all public keys contained in the public keyring are taken into account. So the current semantic is: Verify the signature against all public keys in the keyring. IF you have a keyring with lot of public keys you will not want that every identity represented by the public keys can sent to you a signature. Normally you want to know from which identity the signature comes. Therefore I have introduced the possibility to restrict the verifying publikc keys; I have introduced the parameter signatureKeyUserids where you specify the Userids the publc keys must have in order to be allowed to verify a signature.
> The second contribution is about the encryptor. Currently the encrypted part can contain one signature from one private key. I added now the possibility that several several signatures can be added from different private keys. The used private keys are defined by the values of the new paramter signatureKeyUserids. This new functionality is especially useful to ease the key renewal. For a certain time period you can sent messages containing the signature from the old key and the new key to the receiver.
--
This message was sent by Atlassian JIRA
(v6.1#6144)