Minor revision of proposed signed module-file format
Sean Mullan
Sean.Mullan at Sun.COM
Mon Mar 22 12:04:46 PDT 2010
Hi all,
I have posted a minor revision of the proposed signed module-file format here:
http://cr.openjdk.java.net/~mullan/signed-module-file-format
A couple of small changes:
1) Previously in the PKCS7 Signature Type section, the contentInfo (what is
being signed) was omitted in order to avoid duplicate hashes in both the module
file and the signature. However, omitting this information requires the entire
file to be processed before the ToBeSignedContent could be reconstructed and the
signature verified. This doesn't work for use cases where you only want to read
part of the module-file. So this has been changed to require the
ToBeSignedContent to be included in the signature.
2) I added an open issue as to whether the module-file hashes are really
necessary when not signing:
* Are module hashes necessary when not signing? Without a signature,
the hashes provide little, if any security benefit since the module data can be
modified and the hash can be replaced without detection. The hashes could be
removed from the module file (since they are already contained in the
ToBeSignedContent). A field could be added to the header to indicate if the
module was signed or not, the main purpose of which would be to enable the
reader to start digesting the contents before it reads the signature.
Thanks,
Sean
More information about the jigsaw-dev
mailing list