[
https://issues.apache.org/jira/browse/KARAF-6436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940436#comment-16940436
]
Jean-Baptiste Onofré commented on KARAF-6436:
---------------------------------------------
Almost all is ready, just adding/merging the signing service.
> Add the posibility to sign / encrypt bundles
> --------------------------------------------
>
> Key: KARAF-6436
> URL: https://issues.apache.org/jira/browse/KARAF-6436
> Project: Karaf
> Issue Type: New Feature
> Components: karaf
> Reporter: Julian Feinauer
> Assignee: Jean-Baptiste Onofré
> Priority: Major
>
> It should have a possibilty to lock a Karaf instance to only accept bundles
> that are signed / encrypted with a predefined key.
> This would allow a certain protection for the deployed bundles and
> application as not any user code can be deployed but only certified one.
> *Definition of Done:*
> We are able to configure a Karaf instance with a key / certificate and it
> then only accepts bundles that are signed / encrypted with a suitable key /
> certificate.
> There was a short discussion about the matter in the Slack channel with
> [~JB0000000000001] and [~cschneider] on 09/26/19 in #karaf:
> {noformat}
> Christian Schneider 15:33
> You might experiment with a hook that only allows signed bundles.
> So at least you can implement a mandatory code check as you can control the
> signing
> Julian Feinauer 15:34
> @Christian Schneider Is there already an implementation for that? For this
> sign checking stuff
> This would fit nicely into the karaf ecosystem
> JB Onofré 15:37
> @Julian Feinauer we have this, but not in Karaf directly
> @Julian Feinauer it could be part of the security/encryption feature
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
