pirk-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ellison Anne Williams (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (PIRK-23) Provide integrity and verification of serialized objects
Date Fri, 12 Aug 2016 17:01:21 GMT

     [ https://issues.apache.org/jira/browse/PIRK-23?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Ellison Anne Williams updated PIRK-23:
    Fix Version/s: 0.1.0

> Provide integrity and verification of serialized objects 
> ---------------------------------------------------------
>                 Key: PIRK-23
>                 URL: https://issues.apache.org/jira/browse/PIRK-23
>             Project: PIRK
>          Issue Type: New Feature
>          Components: Querier, Responder
>            Reporter: Jacob WIlder
>            Assignee: Jacob WIlder
>             Fix For: 0.1.0
> Provide a way to sign and verify serialized output using OpenPGP through BouncyCastle's
OpenPGP API. BouncyCastle is licensed under the MIT license. 
> Mailing list message:
> Given that [deserialization attacks are a ripe attack surface|https://www.owasp.org/index.php/Deserialization_of_untrusted_data]
it's a good idea to make it possible to authenticate serialized objects whenever possible.
In the case of Pirk—where systems which hold sensitive data will be deserializing objects
received from other entities—offering users the option to sign/verify objects before loading
them is valuable. If our users were not dealing with sensitive information of some sort, they
wouldn't be using Pirk. 
> I have written some code that uses BouncyCastle to OpenPGP clearsign base64 encoded Java
objects. I'm going to see how cleanly I can integrate it with Tim's new Serialization code
so that it's automatically available to anything that uses the serialization tools. 
> Where things get complicated is in how to expose it to users. Below is my current thinking.
I'd appreciate any feedback. 
> By default, all InputStreams used to read data will be checked to see if they start with
the line "-----BEGIN PGP SIGNED MESSAGE-----". If it does, we'll pull the PGP public keyring
from a path specified by property serialization.openPGPPublicKeyRing and verify the signature.
Failed signature verifications result in an exit. 
> Property serialization.requireSignedInput will reject any input that is not signed with
a valid signature. 
> Property serialization.signOutgoingObjects will sign all outgoing Serialized Java objects.

> Properties serialization.openPGPPrivateKey, serialization.openPGPPrivateKeyPassword,
and serialization.openPGPPublicKeyRing will indicate the location of the private key, the
password used to decrypt it, and the location of the public key ring respectively. 
> I had considered using SignedObjects but decided to give OpenPGP a shot because it's
easier to hand-verify signatures or integrate verification of signed data into automated data
flow (say, between two distinct entities sharing data using Pirk). 

This message was sent by Atlassian JIRA

View raw message