Digital signature in YAML file. Similar to XMLDSIG
Question
XMLDSIG is a digital signature specification for XML document. C# has classes to support XMLDSIG in System.Security.Cryptography.Xml namespace.
I was wondering if there is a digital signature specification for YAML documents. Or in general how would be go about validating the authenticity of the YAML document (as in it has not been tampered).
Idea was to place a digital signature in YAML document and then use the public key at other end to validate it. Not sure if there is any library implemented around this thing in C#, python or go.
I did find something under section 3.2.1.3. Equality at http://yaml.org/spec/1.0/ that mentions about using canonical form to support digital signature. Not sure if I understand it though.
1 answers
solution1
0 2017-09-25 21:03:49
No, there is no specific digital signature format for Yaml. The most common formats are XMLDsig for xml, PAdES for PDF, CMS / PKCS#7 / CAdES for binary data and JWS for JSON
Adding a yaml tag with the signature means dealing with the canonicalization of the text that can lead to a headache.
I suggest to wrap the content into a signature container as CMS/PKCS#7 or JWT. For example
{
"yaml": "SGVsbG8=". //yaml as base64
}
Or use a detached signature
Canonicalization The link you refer is talking about how to represent a number. Note that any changes in the data, or the way in which they are processed to calculate the signature will produce different signatures. So when a text format is used it is needed a well-known 'canonicalization` process to ensure the data is processed by all parties in the same way
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.