[ 
https://issues.apache.org/jira/browse/CAMEL-7002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13831577#comment-13831577
 ] 

Hadrian Zbarcea commented on CAMEL-7002:
----------------------------------------

Thanks Franz for another nice contribution. Best is to remove the old patch to 
avoid confusion (I could do it it, but it's not proper etiquette, unless you 
want me to).

> PGPDataFormat: restrict verifying public keys
> ---------------------------------------------
>
>                 Key: CAMEL-7002
>                 URL: https://issues.apache.org/jira/browse/CAMEL-7002
>             Project: Camel
>          Issue Type: Improvement
>          Components:  camel-crypto
>            Reporter: Franz Forsthofer
>            Assignee: Hadrian Zbarcea
>             Fix For: 2.12.3, 2.13.0
>
>         Attachments: 0001-PGPDataFormat-signatureUserIds-added.patch, 
> 0001-PGPDataFormat-signatureUserIds-added.patch
>
>
> During the signature verification with PGPDataFormat currently all public 
> keys contained in the public keyring are taken into account. So the current 
> semantic is: Verify the signature against all public keys in the keyring. IF 
> you have a keyring with lot of public keys you will not want that every 
> identity represented by the public keys can sent to you a signature. Normally 
> you want to know from which identity the signature comes. Therefore I have 
> introduced the possibility to restrict the verifying publikc keys; I have 
> introduced the parameter signatureKeyUserids where you specify the Userids 
> the publc keys must have in order to be allowed to verify a signature.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to