Implement digital signatures for all CDN artifacts about cdn HOT 5 CLOSED

1. Singing of artifacts should be processed using owner private key. Only user have this key. If we are planning sing artifacts, it should be implemented on user side. After that user should upload file and signature to gorjun.
2. Another option is sing all artifact using gorjun node key. It will just allow to validate that file was downloaded from gorjun CDN and it's valid.

@tzununbekov @akarasulu @dilshat

from cdn.

Ask user to sign artifacts before upload is extremely unfriendly way I think, meanwhile signing file with our own key allow us to validate only file integrity but not the ownership and using signatures is overkill for this purpose

In my point of view, we should think about two things:

• using browser plugin for signing artifacts
• need to figure out how those artifacts will be created and, if possible, add signing mechanism to generation step. Since for deb and raw files signatures are useless, we need to think how user will create custom template before uploading

Need to thoroughly discuss this topic all together

from cdn.

@soffokl The second option is not sufficient to authenticate the artifact. It just verifies that the artifact was transferred without tampering from the CDN->User. The first option handles the full path Owner->CDN->User. @tzununbekov has the right idea here to use the e2e plugin. More thoughts below ...

We can implement the first option easily. The signatures are applied to the file's checksum right? So before uploading an artifact, the application (SS, Hub) should require the owner/uploader to sign the checksum. I think this can be delegated to the e2e plugin to handle in both UI's. It's being done now already for signing various documents. It would be very easy to do this.

SS and the Hub should support automated via e2e plugin and manual mechanisms to produce and upload the signature into the CDN.

Subos will need to simply pull down the artifact and it's signature then verify the signature against the public key of the owner to authenticate the artifact.

Does this clarify?

from cdn.

@akarasulu yes, this clarifies lots of questions
In described workflow we should include @dilshat and @samsonbek to assist with e2e integration from SS and Hub sides
As I see it now, we'll need to add one additional step for both - upload and import operations: signing hash during upload from Hub and checking signature while importing to SS
I'll review kurjun and subos source code to recall current algorithm and to prepare changes

from cdn.

Merged in production

from cdn.