Difference between revisions of "Category:OWASP OpenSign Server Project"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 +
[[:Category:OWASP Project|Click here to return to OWASP Projects page.]]<br>
 +
[[:Project Information:template OpenSign Server Project|Click here to see (& edit, if wanted) the template.]]
 
{{:Project Information:template OpenSign Server Project}}
 
{{:Project Information:template OpenSign Server Project}}
 
[[Category:OWASP Project]]
 
[[Category:OWASP Project]]

Revision as of 10:26, 27 June 2008

Click here to return to OWASP Projects page.
Click here to see (& edit, if wanted) the template.


PROJECT IDENTIFICATION
Project Name OWASP OpenSign Server Project (Online code signing and integrity verification service for open source community)
Short Project Description The purpose of this project would be to build and host a feature-rich server and suite of client utilities with adequate secure hardware to ensure the integrity of code modules. - The service will allow all .NET and Java code modules to be uploaded to the service to be signed by a community code signing key. Each community (such as OWASP) will have a key and corresponding Software Publishing Certificate (SPC) which can optionally be embedded in the code module itself. Generally, however, the service is intended for developers and the wider community of concerned users that want to ensure that their downloaded portable executable is exactly what it purports to be. The root key will be stored in an HSM and will sign an SPC from a locally generated key-pair of which the public key will be sent to the service. Key pair generation can be made and submitted using standard .NET delay signing and jar signing tools distributed with the SDKs, however, the project remit will ensure that a client-side graphical tool for each environment is available to generate the keys pairs needed to sign code with and allow submission to the code signing service for signing and generation of SPC by the server's proprietary CA. Anonymity will not be allowed so the project will include a database of users which will be the basis of directory for SPCs. There will be a web and web services interface using an online login and WS-Security respectively which will allow the code to be uploaded on demand and signed by a code signing key with the option to embed the certificate or not.
Key Project Information Project Leader
Phil Potisk
Richard Conway
Project Contributors
(if any)
Mailing list
Subscribe here
Use here

License
GNU General Public License v3

Project Type
Tool

Sponsor
OWASP SoC 08
Release Status Main Links Related Projects

Beta Quality
Please see here for complete information.

OpenSign Project - code.google.com
OpenSign Server Demo - Power Point Presentation
server: OpenSignServer-1.0-bin.tar.gz
client: OSSJClient-1.0-bin.tar.gz

(if any, add link here)


This category currently contains no pages or media.