Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate embedded IFC signing #150

Open
cdacamar opened this issue Apr 22, 2024 · 1 comment
Open

Investigate embedded IFC signing #150

cdacamar opened this issue Apr 22, 2024 · 1 comment

Comments

@cdacamar
Copy link
Collaborator

It is possible that we may want to embed sign IFCs rather than catalog sign. This way the digital signature is carried directly in the IFC. We may need to adjust the IFC format to support this.

This requires investigation on the hard requirements on embedded signing.
@DarkArc
Copy link

DarkArc commented Apr 22, 2024
edited
Loading

Provided I'm understanding correctly, I suspect it would be sufficient to include the signature following the IFC table of contents.

This is the strategy employed by JWTs and it's (or rather would be) trivially ignoble by implementations/tools that don't check/write signatures as they simply wouldn't care about the extra bytes (e.g., https://jwt.io/introduction).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DarkArc @cdacamar