Comments on the module-file format

Sean Mullan Sean.Mullan at Sun.COM
Wed Feb 10 13:57:03 PST 2010


Mark Reinhold wrote:

>> The signature is a signature over all of the hashes in the module. It also may
>> contain other security attributes, such as the permissions needed by the
>> modules.
> 
> Good point -- I hadn't thought about signing required permissions, but
> that is of course necessary.

Actually, they could also be contained outside of the signature as attributes of 
the module, as long as they are protected by one of the module or section 
hashes. However, if so, they should come in the header or near the beginning of 
the module so that they can be validated against a policy before proceeding with 
downloading the rest of the module.

>> - get the signature first
>> - validate the certificate chain
>> - verify the signature with the public key
>> - optionally, prompt user with security dialog
>> - get the module(s)
>> - verify the module/section hashes and check that they each match what is
>>   inside the signature.
> 
> Makes sense to me.  Now we just need to fill in the details ...

Yes.

--Sean



More information about the jigsaw-dev mailing list