Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ease-dev] [EASE-dev] Introduction

Hi Varun,

Jar signing is a bit out of focus for this GSoC project. Eclipse has already a solution for this as part of its build system. External parties may use the jarsigner shipped with java which does a similar job.
Verifying signatures stored in a jar is an entire different topic and relevant for GSoC, but currently scripts are not shared as part of jar files, so this topic is of minor relevance.

But most importantly users may want to consume scripts directly from websites, from colleagues or stuff they share via github, email, ...
Such scripts are shared as simple files and should contain their signature as part of the file. In EASE you may write code like this

...
include("http://eclipse.org/EASE/some_sample_script.js")
...


Which fetches the data from the webserver and executes the script right away. Users may want to make sure that such scripts will only execute signed content from trusted sources. So we should think of ways to store a certificate within the file and make sure it gets validated before execution.

cheers
Christian


On 03/14/2016 05:17 AM, Varun Raval wrote:
Hi Christian,

Thanks for the feedback and Thanks John Graham for helping.

Our signing and verifying flow can be like this:

1. User makes plugin of his scripts, user makes feature for that plugin 
    and include feature on update site
2. After jar is created on update site, we can provide support for signing 
    jar using certificate in user keystore by either right clicking on that jar in
    eclipse window or by some other means.
We can automate these first two steps for user using EASE if it's possible
or by adding functionality to eclipse
3. Then receiver can install that plugin during which eclipse by default can 
    tell whether software is signed or not and if signed, expired or not
4. We can also give additional options on whether user want to import certificate
    to keystore for further reference.
   
Hope I am going on right track.

Thanks again for helping!!

On Wed, Mar 9, 2016 at 4:17 PM Jonah Graham <jonah@xxxxxxxxxxxxxxxx> wrote:
Hi Varun,

As part of this investigation, knowing a bit about what key signing is
already done by Eclipse may be useful. As it happens Mikaël Barbero
just wrote a summary on the cbi-dev  list.
http://dev.eclipse.org/mhonarc/lists/cbi-dev/msg01652.html

Jonah
~~~
Jonah Graham
Kichwa Coders Ltd.
www.kichwacoders.com


On 9 March 2016 at 07:30, Christian Pontesegger
<christian.pontesegger@xxxxxx> wrote:
> Hi Varun,
>
> first, just call me Christian, 'sir' is definitely not required :)
>
> The general idea of signing scripts is that eg eclipse may put up some
> scripts on their web servers which users may consume. As scripts are
> potentially dangerous - they would have access to the local file system -
> users want to be sure that remote scripts are safe and untampered. Basically
> very similar to an https connection. You rely on some root certificates to
> be sure that you may trust these scripts. Self signing certificates might be
> used, but it will be harder for the user to decide on the trust level of
> such certificates.
>
> For option 1 this means that we need to retrieve public keys from script
> authors first and import them before we can verify scripts. This is an
> option, but forces the user to manually deal with security stuff.
>
> Option 2 uses the keystore and its root certificates automatically. Eg
> scripts signed by eclipse.org would be recognized as safe out of the box. I
> prefer this one. We then need some UI to ask the user for unknown
> certificates if he wants to trust them and eventually import them into the
> keystore.
>
> Option 3 is not needed, as eclipse can do this automatically during the
> build. Scripts delivered within a jar are already on the localhost, so it is
> easier to make sure these scripts are safe.
>
> Regarding CSRs I do not think that eclipse would start signing keys for
> anybody. So I guess for this project we can rely on certificates that either
> are already part of your keystore or could be imported into it.
>
> I like that you already play around with the code and give it a try!
>
> cheers
>
> Christian
>
> _______________________________________________
> ease-dev mailing list
> ease-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/ease-dev
_______________________________________________
ease-dev mailing list
ease-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/ease-dev
--
Varun Raval

_______________________________________________
ease-dev mailing list
ease-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/ease-dev


Back to the top