OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cacao message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Siging CACAO


Dear memeber of CACAO

I have a proposal for signing, verifying, encryption and decrypting of CACAO data-structures,
and implemented a Proof of Concept (PoC) in Python3.
I will upload the source on https://github.com/oasis-tcs/cacao in the comming week.
I will test it besides MacOs on Debian (Ubuntu, Rasbian and Windows10 will follow)

Please reply personnaly (f.h.schippers@hva.nl) or on de cacao-list with comments.

Frans Schippers
f.h.schipppers@hva.nl / frans@xsupport.nl

Main Objectives:
  - implemented using Python3, using python-libs cryptography and python-gnu.
  - datastructures are JSON. De names / tags are (for the moment) strings.
  - substructures are identified with a '$cid' (an uuid).
  - substructures can have a name/title '$name'.
  - one $cid als well as one $name can be added to ant json-object({}-object).
  - a sub-structure (identified by $cid) can be multiple-signed signed (at different times).
  - the signatures are store in a '_sig' json-object.
  - the guardian-hash that protects the sub-structure ignores tags that start with '_',
    so signatures won't effect the hash.
  - the hash use a canonization like JSON Canonicalization,
    see: https://tools.ietf.org/id/draft-rundgren-json-canonicalization-scheme-06.html
  - supported cryto-scheme's are openSSl and openPGP. (RSA, DSA, ECDSA, AES/CBC, ...)
    pki based on ca-cert will be added.  DSA, ECDSA not yet working.
Next:
    Adding ca-cert support
    Adding encrypt/decrypt
    Supporting unicode?
Next Storage:
    Server for submitting/retreiving COA-playboeks based on $uid/$name
    Merging signatures
    Transport using ssl or https (rest-interface)
    Cmd-line client for accessing server

Example:
    SSL-version: needs 'keys/cacao1.key.pem' 'and keys/cacao1.pub.pem'
    PGP-version: will retreive pub-key from 'keys.openpgp.org'
    cid="cc1a142f-7211-4235-88e1-ddf11b21f72d"
    ./cacao_sign.py --sign --cid ${cid} --keyid ssl:cacao1 -i in.json -o out.json
    ./cacao_sign.py --sign --cid ${cid} --keyid pgp:frans@xsupport.nl -i out.json -o out.json
    ./cacao_sign.py --list-cids -i out.json
    f6253c95-1afe-4ed4-ad3a-f56a59af7786: Root-node
    cc1a142f-7211-4235-88e1-ddf11b21f72d: Sub-node
        pgp:frans@xsupport.nl: True  2019-09-11T20:43:19+00 Frans Schippers <frans@xsupport.nl> TRUST_ULTIMATE
        ssl:cacao1: True  2019-09-11T20:43:10+00  TRUST_LOCAL
    ./cacao_sign.py --verify --cid ${cid} -i out.json
    cc1a142f-7211-4235-88e1-ddf11b21f72d: Sub-node
        pgp:frans@xsupport.nl: True  2019-09-11T20:43:19+00 Frans Schippers <frans@xsupport.nl> TRUST_ULTIMATE
        ssl:cacao1: True  2019-09-11T20:43:10+00  TRUST_LOCAL
    cat out.json
    {
        "$cid": "f6253c95-1afe-4ed4-ad3a-f56a59af7786",
        "$name": "Root-node",
        "test1": "test1",
        "test2": "test2",
        "test3": [
            1,
            2,
            3,
            4
        ],
        "test4": {
            "$cid": "cc1a142f-7211-4235-88e1-ddf11b21f72d",
            "$name": "Sub-node",
            "_sig": {
                "pgp:frans@xsupport.nl": {
                    "keyid": "pgp:frans@xsupport.nl",
                    "signature": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nTZlF98u7dCXqIQ+ezeYEbZQY+pJMNobYXumMxdJ6HlEAAAAAXXlcZw==\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEK8O6A+TrofzzTEol7SrH0D8XMjgFAl15XGcACgkQ7SrH0D8X\nMjhQ6w//Ui/B9V5k0YoimeOuvZPMMnyO/6V31CgPVAAhkRLFIQxz+p9p8qXZR8iz\ncx9d2SsdFVAeVlYVycxRZy1ESdwROfvYpqMLqT+xldvUYL71XBBFYtdHiAUduysT\nmzu2urwmmgtTe6h2M2tCiSu4KQyPiItVFsNqvHwnJZZJfrNtqjzLeKdk+lt8Sps4\nYIIGgH8OQtaULbL5M4WMV+rMTfVDd4WqXVgeSK3cmz2QrKboH26yWkBu6XQaA459\nO3lX/ScTlkFSNirlEwNGgib9izWknTZaFhZtwUpEULUJdEc9Bdf69FAE4iBysGwd\nemqQ4WL2VK3eaw0jz/PhpgPpDwdTc1nwqGy3S70aZCNxwnCNLw45bcSCloL6cLgF\niQfK5KFbojMBbzrBP986wneQMdBGEfFu2It1R1sfLEzhXRRcFxXX6XLoesfGa5e2\nJ0nwBuNgz8uZLAzOXJnwRLH7bscSPTycShHV5Ag58CcgWGPnUDB+WDbRtCL0fiAO\nWLd3kAjHYAZcslkI8AsUh+drGM4Tqvgwdvt0jxt8MxZGuyCGMFaaKYIByH4WMamT\nI8FQjq/oa6/Qo7g6rhnsV1dzhtz6sQ9gb3mHFMYYk2wf80WrHoUf+qvA29NZtyA4\nj/ekISS18MzQB2TkFZGXWDglXJHzmr6qRzJ5d6uZOiyY/apYq0w=\n=yFO/\n-----END PGP SIGNATURE-----\n",
                    "timestamp": 1568234599
                },
                "ssl:cacao1": {
                    "keyid": "ssl:cacao1",
                    "signature": "SgJ4Y+jxzzR/lwcTPi5bO0AmOxQQtBlyL9mIxfN0i82IsrqsZVau0YyGp9+N4IbpLHbgKg9aN9EtffHm21kBfX7RQxm8T/dSkK5zgoV13fgaWjdDhDBvgde0x1bMNOi9+2rnNs0X0iC3zIif/acCTuh6PRlG2Liy+GMUHr2bBaLMFzGykiUIOKCaZZmIVl9xmNG+Sv4EhXyUJOtGPD/HQaaALAup7ImrCIX5cPzcI4iDjzc9g9HFBgcQbD+yf0Nxuh2kxKIYFHIciEUctTeukzCj3iuc3U3ENElvtERABSmEl0Ppz1cOHX4Od5ndVREEc8meYy2uAozDKdyi36EKZg==",
                    "timestamp": 1568234590
                }
            },
            "test4.1": 41,
            "test4.2": 42
        }
    }

Attachment: signature.asc
Description: Message signed with OpenPGP



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]