[
https://issues.apache.org/jira/browse/CAMEL-7002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Franz Forsthofer updated CAMEL-7002:
------------------------------------
Description:
The contribution consists of two parts.
The first part is about the verifier.
During the signature verification with PGPDataFormat currently all public keys
contained in the public keyring are taken into account. So the current semantic
is: Verify the signature against all public keys in the keyring. IF you have a
keyring with lot of public keys you will not want that every identity
represented by the public keys can sent to you a signature. Normally you want
to know from which identity the signature comes. Therefore I have introduced
the possibility to restrict the verifying publikc keys; I have introduced the
parameter signatureKeyUserids where you specify the Userids the publc keys must
have in order to be allowed to verify a signature.
The second contribution is about the encryptor. Currently the encrypted part
can contain one signature from one private key. I added now the possibility
that several several signatures can be added from different private keys. The
used private keys are defined by the values of the new paramter
signatureKeyUserids. This new functionality is especially useful to ease the
key renewal. For a certain time period you can sent messages containing the
signature from the old key and the new key to the receiver.
was:During the signature verification with PGPDataFormat currently all public
keys contained in the public keyring are taken into account. So the current
semantic is: Verify the signature against all public keys in the keyring. IF
you have a keyring with lot of public keys you will not want that every
identity represented by the public keys can sent to you a signature. Normally
you want to know from which identity the signature comes. Therefore I have
introduced the possibility to restrict the verifying publikc keys; I have
introduced the parameter signatureKeyUserids where you specify the Userids the
publc keys must have in order to be allowed to verify a signature.
Summary: PGPDataFormat: restrict verifying public keys and allow
several signatures (was: PGPDataFormat: restrict verifying public keys)
> PGPDataFormat: restrict verifying public keys and allow several signatures
> --------------------------------------------------------------------------
>
> Key: CAMEL-7002
> URL: https://issues.apache.org/jira/browse/CAMEL-7002
> Project: Camel
> Issue Type: Improvement
> Components: camel-crypto
> Reporter: Franz Forsthofer
> Assignee: Hadrian Zbarcea
> Fix For: 2.12.3, 2.13.0
>
> Attachments: 0001-PGPDataFormat-signatureUserIds-added.patch
>
>
> The contribution consists of two parts.
> The first part is about the verifier.
> During the signature verification with PGPDataFormat currently all public
> keys contained in the public keyring are taken into account. So the current
> semantic is: Verify the signature against all public keys in the keyring. IF
> you have a keyring with lot of public keys you will not want that every
> identity represented by the public keys can sent to you a signature. Normally
> you want to know from which identity the signature comes. Therefore I have
> introduced the possibility to restrict the verifying publikc keys; I have
> introduced the parameter signatureKeyUserids where you specify the Userids
> the publc keys must have in order to be allowed to verify a signature.
> The second contribution is about the encryptor. Currently the encrypted part
> can contain one signature from one private key. I added now the possibility
> that several several signatures can be added from different private keys. The
> used private keys are defined by the values of the new paramter
> signatureKeyUserids. This new functionality is especially useful to ease the
> key renewal. For a certain time period you can sent messages containing the
> signature from the old key and the new key to the receiver.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
