Comments on the module-file format

[Sean Mullan]

Mark Reinhold wrote:

>> - as for the signature itself, one possible suggestion is to consider reusing
>> the existing PKCS#7 format that we use for JAR signatures. PKCS#7 already
>> defines a format for holding the necessary certificates and is extensible to
>> support various signature algorithms. And of course there is already PKCS#7
>> support in the JRE. PKCS#7 is also designed to support single-pass processing.
> 
> I'm not an expert in this area, but that makes sense to me.  Are there
> other formats we should consider?  

The other well known standard format is XML Signature. We should consider it but 
I would lean towards PKCS#7 since it is already being used for signed JARs.

> Do PGP/GPG somehow map into PKCS 7?

Hmm, I'm not sure. Support for X.509 certificates is essential and I don't think 
PGP and X.509 work well together.

> Where should signatures reside -- in a module file, or alongside it in a
> separate file?  JAR files do the former, but some OS packaging systems
> (e.g., Debian) do the latter.

Not sure, but here's an initial idea of how this might work:

The signature is a signature over all of the hashes in the module. It also may 
contain other security attributes, such as the permissions needed by the modules.

- get the signature first
- validate the certificate chain
- verify the signature with the public key
- optionally, prompt user with security dialog
- get the module(s)
- verify the module/section hashes and check that they each match what is inside 
the signature.

> If signatures go in module files then they should probably be near the
> front so that certificates can be checked before reading the entire file.

I agree.

--Sean