Project

General

Profile

Actions

Feature #2218

closed

KeyChain: sign Interest with SHA256 digest

Added by Spyros Mastorakis about 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
2.00 h

Description

Add a method overload: KeyChain::signWithSha256(Interest)


Related issues 1 (0 open1 closed)

Blocks ndn-cxx - Feature #1705: Select DigestSha256 signing method with Identity NameClosedYingdi Yu

Actions
Actions #1

Updated by Junxiao Shi about 10 years ago

  • Tracker changed from Task to Feature
  • Subject changed from Extend signWithSha256 method (in security/key-chain.hpp) to accept interests as an argument. to KeyChain: sign Interest with SHA256 digest
  • Description updated (diff)
  • Category set to Security
  • Start date deleted (11/24/2014)
  • Estimated time set to 2.00 h

I don't think this feature is necessary.

Signed Interest should be signed with a real signature. Otherwise, the application can just send an unsigned Interest.

However, after #1705, this feature would implicitly be supported, but in a different API.

Actions #2

Updated by Alex Afanasyev about 10 years ago

  • Assignee set to Yingdi Yu
  • Target version set to v0.3

Yes, it would be supported implicitly. However, KeyChain::signWithSha256 will be the baseline implementation, to which "KeyChain::sign" will redirect.

Also. I would suggest changing KeyChain::signWithRsa to be static method, as there is no state that is used by it.

Actions #3

Updated by Yingdi Yu about 10 years ago

Could you provide a use case of signing an interest using sha256 digest?

Actions #4

Updated by Alex Afanasyev about 10 years ago

This is primarily for simulator use.

Given we have sha256 signature for data packets, we should (for symmetry) provide the same for Interests as well.

Actions #5

Updated by Yingdi Yu about 10 years ago

If it is for simulation, do we really even need a signature?

The digest for data provide some integrity check, but do we need integrity check for interest?

Actions #6

Updated by Alex Afanasyev about 10 years ago

The same reason. It may be useful in some cases to provide integrity check for interests.

Inside the simulator we don't need signatures. But, my objective is to have virtually no modifications to NFD code, which implies that there should be some external way to "disable" them (or at least reduce overhead).

Actions #7

Updated by Junxiao Shi about 10 years ago

  • Blocks Feature #1705: Select DigestSha256 signing method with Identity Name added
Actions #8

Updated by Yingdi Yu about 10 years ago

  • Status changed from New to Code review
  • % Done changed from 0 to 100
Actions #9

Updated by Junxiao Shi about 10 years ago

  • Status changed from Code review to Closed
Actions

Also available in: Atom PDF