[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Siging CACAO
Dear memeber of CACAO I have a proposal for signing, verifying, encryption and decrypting of CACAO data-structures, and implemented a Proof of Concept (PoC) in Python3. I will upload the source on https://github.com/oasis-tcs/cacao in the comming week. I will test it besides MacOs on Debian (Ubuntu, Rasbian and Windows10 will follow) Please reply personnaly (f.h.schippers@hva.nl) or on de cacao-list with comments. Frans Schippers f.h.schipppers@hva.nl / frans@xsupport.nl Main Objectives: - implemented using Python3, using python-libs cryptography and python-gnu. - datastructures are JSON. De names / tags are (for the moment) strings. - substructures are identified with a '$cid' (an uuid). - substructures can have a name/title '$name'. - one $cid als well as one $name can be added to ant json-object({}-object). - a sub-structure (identified by $cid) can be multiple-signed signed (at different times). - the signatures are store in a '_sig' json-object. - the guardian-hash that protects the sub-structure ignores tags that start with '_', so signatures won't effect the hash. - the hash use a canonization like JSON Canonicalization, see: https://tools.ietf.org/id/draft-rundgren-json-canonicalization-scheme-06.html - supported cryto-scheme's are openSSl and openPGP. (RSA, DSA, ECDSA, AES/CBC, ...) pki based on ca-cert will be added. DSA, ECDSA not yet working. Next: Adding ca-cert support Adding encrypt/decrypt Supporting unicode? Next Storage: Server for submitting/retreiving COA-playboeks based on $uid/$name Merging signatures Transport using ssl or https (rest-interface) Cmd-line client for accessing server Example: SSL-version: needs 'keys/cacao1.key.pem' 'and keys/cacao1.pub.pem' PGP-version: will retreive pub-key from 'keys.openpgp.org' cid="cc1a142f-7211-4235-88e1-ddf11b21f72d" ./cacao_sign.py --sign --cid ${cid} --keyid ssl:cacao1 -i in.json -o out.json ./cacao_sign.py --sign --cid ${cid} --keyid pgp:frans@xsupport.nl -i out.json -o out.json ./cacao_sign.py --list-cids -i out.json f6253c95-1afe-4ed4-ad3a-f56a59af7786: Root-node cc1a142f-7211-4235-88e1-ddf11b21f72d: Sub-node pgp:frans@xsupport.nl: True 2019-09-11T20:43:19+00 Frans Schippers <frans@xsupport.nl> TRUST_ULTIMATE ssl:cacao1: True 2019-09-11T20:43:10+00 TRUST_LOCAL ./cacao_sign.py --verify --cid ${cid} -i out.json cc1a142f-7211-4235-88e1-ddf11b21f72d: Sub-node pgp:frans@xsupport.nl: True 2019-09-11T20:43:19+00 Frans Schippers <frans@xsupport.nl> TRUST_ULTIMATE ssl:cacao1: True 2019-09-11T20:43:10+00 TRUST_LOCAL cat out.json { "$cid": "f6253c95-1afe-4ed4-ad3a-f56a59af7786", "$name": "Root-node", "test1": "test1", "test2": "test2", "test3": [ 1, 2, 3, 4 ], "test4": { "$cid": "cc1a142f-7211-4235-88e1-ddf11b21f72d", "$name": "Sub-node", "_sig": { "pgp:frans@xsupport.nl": { "keyid": "pgp:frans@xsupport.nl", "signature": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nTZlF98u7dCXqIQ+ezeYEbZQY+pJMNobYXumMxdJ6HlEAAAAAXXlcZw==\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEK8O6A+TrofzzTEol7SrH0D8XMjgFAl15XGcACgkQ7SrH0D8X\nMjhQ6w//Ui/B9V5k0YoimeOuvZPMMnyO/6V31CgPVAAhkRLFIQxz+p9p8qXZR8iz\ncx9d2SsdFVAeVlYVycxRZy1ESdwROfvYpqMLqT+xldvUYL71XBBFYtdHiAUduysT\nmzu2urwmmgtTe6h2M2tCiSu4KQyPiItVFsNqvHwnJZZJfrNtqjzLeKdk+lt8Sps4\nYIIGgH8OQtaULbL5M4WMV+rMTfVDd4WqXVgeSK3cmz2QrKboH26yWkBu6XQaA459\nO3lX/ScTlkFSNirlEwNGgib9izWknTZaFhZtwUpEULUJdEc9Bdf69FAE4iBysGwd\nemqQ4WL2VK3eaw0jz/PhpgPpDwdTc1nwqGy3S70aZCNxwnCNLw45bcSCloL6cLgF\niQfK5KFbojMBbzrBP986wneQMdBGEfFu2It1R1sfLEzhXRRcFxXX6XLoesfGa5e2\nJ0nwBuNgz8uZLAzOXJnwRLH7bscSPTycShHV5Ag58CcgWGPnUDB+WDbRtCL0fiAO\nWLd3kAjHYAZcslkI8AsUh+drGM4Tqvgwdvt0jxt8MxZGuyCGMFaaKYIByH4WMamT\nI8FQjq/oa6/Qo7g6rhnsV1dzhtz6sQ9gb3mHFMYYk2wf80WrHoUf+qvA29NZtyA4\nj/ekISS18MzQB2TkFZGXWDglXJHzmr6qRzJ5d6uZOiyY/apYq0w=\n=yFO/\n-----END PGP SIGNATURE-----\n", "timestamp": 1568234599 }, "ssl:cacao1": { "keyid": "ssl:cacao1", "signature": "SgJ4Y+jxzzR/lwcTPi5bO0AmOxQQtBlyL9mIxfN0i82IsrqsZVau0YyGp9+N4IbpLHbgKg9aN9EtffHm21kBfX7RQxm8T/dSkK5zgoV13fgaWjdDhDBvgde0x1bMNOi9+2rnNs0X0iC3zIif/acCTuh6PRlG2Liy+GMUHr2bBaLMFzGykiUIOKCaZZmIVl9xmNG+Sv4EhXyUJOtGPD/HQaaALAup7ImrCIX5cPzcI4iDjzc9g9HFBgcQbD+yf0Nxuh2kxKIYFHIciEUctTeukzCj3iuc3U3ENElvtERABSmEl0Ppz1cOHX4Od5ndVREEc8meYy2uAozDKdyi36EKZg==", "timestamp": 1568234590 } }, "test4.1": 41, "test4.2": 42 } }
Attachment:
signature.asc
Description: Message signed with OpenPGP
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]