Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


...

Excerpt

Describes how messages requesting operation on a collection is are checked against the permission model.  


Child pages (Children Display)
depth3
styleh3
excerpttrue
excerptTypesimple

Permissions

The permissions are defined on a pr. user/role certificate based for each operation or set of operations. See Collection settings for See RepositorySettings for detailes model.

Signing messages

...

The hash algorithm for the generation of the message hash is SHA512. The signing certificate is excluded from the signature to reduce the size. 

The message signature is calculated on the message xml interpreted as a utf-8-encoded byte stream and transmitted, base 64-encoded, in the message header org.bitrepository.messages.signature

Signature generation and verification

To generate a signature openssl can be used: 


Code Block
openssl smime -sign -md sha512 -binary -nocerts -noattr -in message -out new.sig -outform der -inkey pkey.pem -signer cert.pem

Where:

  • message is a file with the message to create a signature for
  • new.sig is a file containing the signature
  • pkey.pem is a file containing the signers private key
  • cert.pem is a file containing the signers certificate


To verify a signature with openssl the following can be used: 

Code Block
openssl smime -verify -in new.sig -inform der -noverify -content message -certfile cert.pem

Where: 

  • message is a file with the message to create a signature for
  • new.sig is a file containing the signature (binary data, not base64 encoded)
  • cert.pem is a file containing the signers certificate (ID of the certificate used for signing can be extracted from the signature it self. This can be used to obtain the signing certificate from the components trust).