search

GLEIF-IT / reg-pilot

A project to manage reg-pilot related issues
Apache License 2.0
2 stars 2 forks source link

New iteration of signed report changes (with Bogdan) #79

Closed 2byrds closed 1 month ago

2byrds commented 1 month ago

Use the new report upload format in our test env:

bogtieba commented 1 month ago

@2byrds We had the internal meeting yesterday and we decided to accept *_signed.zip files. Also, we agreed that the signing tool shoud accept any type of file (zip, pdf, etc) and build the final zip as in the example.

As structure, we have the following zip file as the zip with the signatures + the received files.

Basically, the signature tool should generate a zip with 2 elements

  1. META-INF/reports.json -> where we find/store the signature data
  2. <OriginalFile>.<AnyExtension>

Let me know if I can help you in any way to move forward with this.

@lenkan do you need any more info to start working on this? Let me know

DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000_signed.zip

2byrds commented 1 month ago

@2byrds We had the internal meeting yesterday and we decided to accept *_signed.zip files. Also, we agreed that the signing tool shoud accept any type of file (zip, pdf, etc) and build the final zip as in the example.

As structure, we have the following zip file as the zip with the signatures + the received files.

Basically, the signature tool should generate a zip with 2 elements

  1. META-INF/reports.json -> where we find/store the signature data
  2. <OriginalFile>.<AnyExtension>

Let me know if I can help you in any way to move forward with this.

@lenkan do you need any more info to start working on this? Let me know

DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000_signed.zip

Thank you @bogtieba i should have a nice set of updates today and will share a signed version of that file for you (and Nord) to review/agree.

lenkan commented 1 month ago

@2byrds We had the internal meeting yesterday and we decided to accept *_signed.zip files. Also, we agreed that the signing tool shoud accept any type of file (zip, pdf, etc) and build the final zip as in the example.

As structure, we have the following zip file as the zip with the signatures + the received files.

Basically, the signature tool should generate a zip with 2 elements

  1. META-INF/reports.json -> where we find/store the signature data
  2. <OriginalFile>.<AnyExtension>

Let me know if I can help you in any way to move forward with this.

@lenkan do you need any more info to start working on this? Let me know

DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000_signed.zip

So, my interpretation of this is that the reports.json will look like this:

{
    "documentInfo": {
        "documentType": "http://xbrl.org/PWD/2020-12-09/report-package",
        "signatures": [
            {
                "file": "../DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000.zip",
                "aid": "EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw",
                "sigs": [
                    "AADoIV4XlPPBKeDQXdcVdIwdytUTuAbgFc3cYI4WbbAI_XY2QVRUWU97H92wL31t9RnhJGEaPoOcGHSqS8jw7bEK"
                ],
                "digest": "sha256-edf68f0116f7007647ea9c5417b7a30c8e4485eff73c18fe2e2a5d8e9cd92645"
            }
        ]
    }
}

@bogtieba can you confirm?

lenkan commented 1 month ago

Also, here is a signed file from my local dev DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000_signed.zip

It has been signed by the EBA Data Submitter from the leaflet, so the AID should be known by your test environment.

tibor19 commented 1 month ago

@lenkan That is correct. This is what we are expecting. The verifier needs updated as well, and I created a PR for @2byrds to approve.

2byrds commented 1 month ago

@lenkan @bogtieba @tibor19 I'm close to finishing the end-to-end changes from reg-pilot data generation/testing, through the api and verifier. It was a little more involved than I had hoped. I'll work on it later today (Saturday) and provide and update tonight.

2byrds commented 1 month ago

@lenkan @bogtieba @tibor19 I improved things in the verifier but a few test cases are still failing. I'll continue to work on it on Monday.

bogtieba commented 1 month ago

@2byrds today I've seen a couple of things that don't match with previous discoussions we had with you and nordlei regarding the reports.json fields.

  1. Reports.json has a digests which seems to be a data duplication of the info we found in signatures. I see that verifier is expecting the reports.json->digests. Is there any reason we want this extra field?
  2. dig vs digest fields are not consistent as field names.
  3. sha256- vs sha256_. Based on previous chats/issues sha256- should be used, but verifier is expecting _.

cc: @lenkan

2byrds commented 1 month ago

Thank you for reporting @bogtieba my latest changes from Friday will resolve the first 2 digest issues you mention. I will do a sweep related to the prefixing format and include that in my current changes.

2byrds commented 1 month ago

I confirmed that the xbrl spec is also expecting prefixed hashes like what @bogtieba pointed out, using a dash instead of underscore. https://www.xbrl.org/Specification/digital-signatures/CR-2024-05-15/digital-signatures-CR-2024-05-15.html I have update reg-pilot, reg-pilot-api, and vlei-verifier to all use the dash consistently, those changes are in the latest PRs

2byrds commented 1 month ago

@bogtieba @tibor19 @lenkan PRs merged and test file provided was added https://github.com/GLEIF-IT/reg-pilot/blob/main/signify-ts-test/test/data/orig_reports/DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000.zip

Signed zip preview: image

Signed reports.json

{
  "documentInfo": {
    "documentType": "http://xbrl.org/PWD/2020-12-09/report-package",
    "signatures": [
      {
        "file": "../reports/FilingIndicators.csv",
        "digest": "sha256-b35bbe84ff0ced85c9a71e6d0a5b11b6513051ac008b1a0fc5f7b90b51d3b2b6",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAC4f9Qx80c2_xUhdfTNdzy5FPyrJ-2M84lAyoIQWYIWIZH12A8k5FUKKMRALL1qzzJI5EsRjWLLSLa3zyLg_DgI"
        ]
      },
      {
        "file": "../reports/k_04.00.a.csv",
        "digest": "sha256-0949ddf85dd63587e366ee2f4ad82346908e8d7d98be04d58d7b5bbf150548ef",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAAOg9MXWlox6WAPDgSHbKk1iAdnzqrS8XrZgzU64r3fgA6vlu_OUKrAqWi1uZNm8Iihv4uSmqgnihIZLd4ZqkwC"
        ]
      },
      {
        "file": "../reports/k_04.00.b.csv",
        "digest": "sha256-2aae92645def99429894b7004f0d75cf55fa3fe4f4356ac297325a0afad0a725",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAAKoK_wsnMlhAfhkq8iKOY8_tTGXK9RMQPpS5diQKmw-A5ivQQPzL7zgqKwJp0H7KvLiWlXUfWQZwrD0ybB-E0M"
        ]
      },
      {
        "file": "../reports/k_05.00.a.csv",
        "digest": "sha256-997cd86232a3e6111b09a621a7a5b62f679fb95cbc7b43bda9cde4842743353e",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAAw4nxApsNLo-pKyWzn2XkKrzksDQJzp8aZDNYbw59F6CbrBoY2Wet7n_dTwJGVG9Rx7AEvY2vKl_-_NCfC9ggD"
        ]
      },
      {
        "file": "../reports/k_05.00.b.csv",
        "digest": "sha256-114f19e701e16969d71bc2ef8abe3c8fcbd7644ff660bbb2e7f19753948c62a9",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAAw-SX4kmDjmQisRga8Rt1YyYFEF-oEGTqfzUflK2Y4z8ZUw5S6sWey4M_Dc5m3vJZKj2X47_BksoLGv9n24YgD"
        ]
      },
      {
        "file": "../reports/k_06.00.csv",
        "digest": "sha256-18485357308bca911f92317bd8e64ef0f1a6633057fb32384ca205612c10b504",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AADwC97BI0p833UcHl-TzMsvO378nde1I1v8pq7QCiKTTqkXZxD_C-75BWfqefX-pID8BAVtqrzaKciELoGKqtcM"
        ]
      },
      {
        "file": "../reports/k_07.00.csv",
        "digest": "sha256-4033d3c3c22252de908bbe1b4458969d4965626c0d18783734254fb564baeaa5",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAAzh4e8TS1RrTRGvoTx_2nIwd7_Oc0zx0H4wO09SI2PSTIUXEs4LJF-o0s0YNZBPcqZNtxMZtA7U3hAzMLbziIG"
        ]
      },
      {
        "file": "../reports/k_08.00.csv",
        "digest": "sha256-039eced3c2069769a71e522c909271ff8193800b819b56972d51c6d2df54f707",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AADfDF-ni5NKjduByzQpn8e17QHv90nu37qve4zg0C3PpTGmvfASOpX4OYrpAWX0Ff3WNbsQkBntGwE5kShmRH8B"
        ]
      },
      {
        "file": "../reports/k_26.00.a.csv",
        "digest": "sha256-23156746b6ea0151430f4ff59dee6385ef71df8155a6b7f3eb1f289228fd4ec9",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AACGAtMFnu0upRv0xN-qYzxfs-U4Y7VBGie2kxpun_bxwjW0H2FfLegyQfgyNbNQB2j5GKH8RGrOexvjNpOKHBkN"
        ]
      },
      {
        "file": "../reports/k_26.00.b.csv",
        "digest": "sha256-709c4b287119bb379e44e9424cf695c0198f0f7e18e7022c381dc2c50423fb8b",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AACqUQMJ3vGQR0kXEZJUyHVD2Z2u_Ur-qh3aZCxVBrQR6wPYCUpiggD8B4ggoeiaFtLU_7j45Y7TuIpjTvvyKcgN"
        ]
      },
      {
        "file": "../reports/k_26.01.csv",
        "digest": "sha256-c3f9a911b5f49777916d5228f20cdb764b00537a491eff3a3d8287dd0ede179b",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AADUV-tRPdJDJoYA-VXO1tuY40lfjnMMDeg1MPVTfVwBuUgcUKkyvebck-GHQfe_CCzlLtU_ZR9-O5Cs0uCunUML"
        ]
      },
      {
        "file": "../reports/k_28.00.csv",
        "digest": "sha256-a5f583350d096b4856ba1cc79dd1a16de57e7b837faa1c7787468ceb03c13f24",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAAcEnRE2SDBhxBs98dr2qmHc-WNr57k5TZRxDarhA0s68mZyv_eYV99bP_5LbflPKoH0giWXP7I9KKzNbeGE5wB"
        ]
      },
      {
        "file": "../reports/k_29.00.csv",
        "digest": "sha256-36fea4cd655d9e47ae628010cdd70085c0d97673fee56ce1fd119dceb67f32d4",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AADzH0uNNdqz-jU7_oe-W46tNTwhDHHPd6HKGeVIt-ymICdClYIuzmaXEm8lUgiIpGLFTnHQgn4x558r67piGE4N"
        ]
      },
      {
        "file": "../reports/k_29.01.a.csv",
        "digest": "sha256-4c9230494e92973757941aae1395f186180b4b4bc9c3e6faff3ec852462b80c5",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAD0_d-Sb9L9QEmMH5DD6uAkpZSkC6C9Fx3wJ6QBerx3uXUZI3J41KcRv28tf_K8slYG_3Lg1nUlTZaeyt2VCvAP"
        ]
      },
      {
        "file": "../reports/k_29.01.b.csv",
        "digest": "sha256-3a2e8d806f30ba0473cf6a7e1906d4e5af4459d5749c62bd5f9863d64d6c6f73",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AADQY7gLEg9DWB8h20nxF7mUxV6eRfVmsBIOTXP86vP2aSkdPPchOWyUW0T4ngcZDPYqyfaM8FHFnLAUfR2sWXwN"
        ]
      },
      {
        "file": "../reports/k_60.00.a.csv",
        "digest": "sha256-3f5187c95a6a632b1889a4cd95cc0d64a7ecc2f74834130701a1feda2635a354",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAB5qJ2WdURDlCfJKabkh5rgLLSUi98rZPgZ_1uYluYFDSoRTiyAxiRKY1LmJ2yy_SVErY23zYIM_vdPoojYxa0M"
        ]
      },
      {
        "file": "../reports/k_60.00.b.csv",
        "digest": "sha256-8e21ef80091ed99a56c4137486e794566413664b877ae87a8e7c796c44b4019b",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAAzjHme-073TDrD6cFaG_oghi7eg-Ghob2n8Ub5I3Hjqgud3xXR_pXZVeMVxbJh-B9kF17CReEbM4HbT6y07k0F"
        ]
      },
      {
        "file": "../reports/k_60.00.c.csv",
        "digest": "sha256-42c419631c105eca121097ae5e76fc37290d270ce8cf98c9c9115086e51880da",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AABpsIi51rpik9NKCF-1cCRidufOjpCPFMprIdj8BGa1Qa6LSndRlubXey66vHGnPqvn7obyVXQ0D-iAcOiUASIA"
        ]
      },
      {
        "file": "../reports/k_61.00.csv",
        "digest": "sha256-ea8f293c874d5bbf34d1b71f04befb6e82ae7a31054cc5f9dd8309bbb1439088",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAA7dh7AsW3ep8888uJk8e43L-3rlD2K7kP5V6C-9uGeOgOa68BG9hZ28g2EmY-t8eX8cU177P6NTAg3sZ94QYwH"
        ]
      },
      {
        "file": "../reports/parameters.csv",
        "digest": "sha256-3c87d34bc0197a21853cf7d5a5d03f64d644b6bebe38152a94e086c01b1ba72c",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AADc-V1QHV8N7VW6jBAx8lLWKWdAyRGRS9OLSi-oLzUEF3CwzmKHg2nnWZOCluWi3b1iuDUpiwTXRxY_WuFMVtgH"
        ]
      },
      {
        "file": "../reports/report.json",
        "digest": "sha256-97fe5bd8741d26ee77892d39271d2dddcd1d48ed72ed28b46ca397d899ad2c13",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AADv5WVj0TXNWQ-7HfoVED-8dbJAnlhvhLQqKG5GhKpNw0FlFJP1_KrY5KswiJnq4CCdNclv9MIh2BvVU2gXByQL"
        ]
      }
    ]
  }
}

verifier output:

....
keri: processing signature {'file': '../reports/k_61.00.csv', 'digest': 'sha256-ea8f293c874d5bbf34d1b71f04befb6e82ae7a31054cc5f9dd8309bbb1439088', 'aid': 'EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX', 'sigs': ['AAA7dh7AsW3ep8888uJk8e43L-3rlD2K7kP5V6C-9uGeOgOa68BG9hZ28g2EmY-t8eX8cU177P6NTAg3sZ94QYwH']}
keri: File /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmptcfv6yfl/reports/k_61.00.csv not found in /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmptcfv6yfl/META-INF
keri: Finding file ../reports/k_61.00.csv in zip files...
keri: File ../reports/k_61.00.csv found in zip, extracted to /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmptcfv6yfl/DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000/reports/k_61.00.csv
keri: processing signature {'file': '../reports/parameters.csv', 'digest': 'sha256-3c87d34bc0197a21853cf7d5a5d03f64d644b6bebe38152a94e086c01b1ba72c', 'aid': 'EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX', 'sigs': ['AADc-V1QHV8N7VW6jBAx8lLWKWdAyRGRS9OLSi-oLzUEF3CwzmKHg2nnWZOCluWi3b1iuDUpiwTXRxY_WuFMVtgH']}
keri: File /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmptcfv6yfl/reports/parameters.csv not found in /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmptcfv6yfl/META-INF
keri: Finding file ../reports/parameters.csv in zip files...
keri: File ../reports/parameters.csv found in zip, extracted to /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmptcfv6yfl/DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000/reports/parameters.csv
keri: processing signature {'file': '../reports/report.json', 'digest': 'sha256-97fe5bd8741d26ee77892d39271d2dddcd1d48ed72ed28b46ca397d899ad2c13', 'aid': 'EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX', 'sigs': ['AADv5WVj0TXNWQ-7HfoVED-8dbJAnlhvhLQqKG5GhKpNw0FlFJP1_KrY5KswiJnq4CCdNclv9MIh2BvVU2gXByQL']}
keri: File /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmptcfv6yfl/reports/report.json not found in /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmptcfv6yfl/META-INF
keri: Finding file ../reports/report.json in zip files...
keri: File ../reports/report.json found in zip, extracted to /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmptcfv6yfl/DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000/reports/report.json
keri: All 20 files in report package have been signed by submitter (EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX).
2byrds commented 1 month ago

Attaching signed file

DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000_signed.zip

lenkan commented 1 month ago

Hm, @2byrds. This is not the same as I posted above https://github.com/GLEIF-IT/reg-pilot/issues/79#issuecomment-2348889822. What we did there was to only sign the zip file. Then bundle the zip file together with a new reports.json in a new zip.

2byrds commented 1 month ago

Hm, @2byrds. This is not the same as I posted above #79 (comment). What we did there was to only sign the zip file. Then bundle the zip file together with a new reports.json in a new zip.

@lenkan okay the verifier still supports verification of a single signature/file (like in the xbrl xml case), but i would just need to make it configurable whether it should recurse into the zip package or not. I'll add that now.

bogtieba commented 1 month ago

If the input file is a ZIP, as this one https://github.com/GLEIF-IT/reg-pilot/blob/main/signify-ts-test/test/data/orig_reports/DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000.zip, then the reports.json should be:

{
  "documentInfo": {
    "documentType": "http://xbrl.org/PWD/2020-12-09/report-package",
    "signatures": [
      {
        "file": "../DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000.zip",
        "digest": "sha256-b35bbe84ff0ced85c9a71e6d0a5b11b6513051ac008b1a0fc5f7b90b51d3b2b6",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAC4f9Qx80c2_xUhdfTNdzy5FPyrJ-2M84lAyoIQWYIWIZH12A8k5FUKKMRALL1qzzJI5EsRjWLLSLa3zyLg_DgI"
        ]
      }
    ]
  }
}
bogtieba commented 1 month ago

@2byrds , per @tibor19, we should not open the zip file. We take, we generate the digest, signature and that's it. We do not look into it. As simple as possible.

2byrds commented 1 month ago

@2byrds , per @tibor19, we should not open the zip file. We take, we generate the digest, signature and that's it. We do not look into it. As simple as possible.

Thank you for confirming @bogtieba i'm adding that simple case now. I'll report back with the simple version of the signed file/verification ASAP.

2byrds commented 1 month ago

per @tibor19 comment in our meeting today, @lenkan and @bogtieba can you confirm this updated form of your example "file" property?

{
  "documentInfo": {
    "documentType": "http://xbrl.org/PWD/2020-12-09/report-package",
    "signatures": [
      {
        "file": "DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000.zip",
        "digest": "sha256-b35bbe84ff0ced85c9a71e6d0a5b11b6513051ac008b1a0fc5f7b90b51d3b2b6",
        "aid": "EASQ3NoDbzrOqiI6W0SSEAq9oBkUphgDkYlS7cMx4ufX",
        "sigs": [
          "AAC4f9Qx80c2_xUhdfTNdzy5FPyrJ-2M84lAyoIQWYIWIZH12A8k5FUKKMRALL1qzzJI5EsRjWLLSLa3zyLg_DgI"
        ]
      }
    ]
  }
}
bogtieba commented 1 month ago

Based on what @tibor19 requested, yes, this seems relative to the ROOT. Let's go with this. CC: @lenkan .

lenkan commented 1 month ago

cc @daviddm

2byrds commented 1 month ago

@lenkan @bogtieba @tibor19 @daviddm I have updated the verifier locally but need to merge another PR that will take a little time tomorrow. I'll post again here when the verifier is merged/available

bogtieba commented 1 month ago

Thank you @2byrds! Please ping me when we have the new version so I can test and confirm. If usefull for you, https://sign.vlei.tech/ nordlei deployed the changes to this staging environment.

2byrds commented 1 month ago

@tibor19 @lenkan @tibor19 @daviddm I have created a new verifier release and used the NordLEI signing tool to test the newest verifier release. image

API output

"@path": /upload/EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw/sha256-e562cbbcca2875ca5c6ea688e124b1b0cf6319ce881fe9106b2a08ddca1b8473
"signify-resource": EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw
"signify-timestamp": 2024-09-18T19:09:09.981000+00:00
"@signature-params: (@method @path signify-resource signify-timestamp);created=1726686549;keyid=BHerQd_5W7xwEf7_3hN7xFhh3xtjEmPdOlI5zunAt2cb;alg=ed25519" cig=0BAP1JMPVx8WM7VDnnukL-EksOLVhx4SIzHi16O2fX8wRfhMin7Nbiz1L8EuXEtwFvG4_l-SW-ddOf8JG-w6KxkH
Verify header sig started aid = EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw, cig = 0BAP1JMPVx8WM7VDnnukL-EksOLVhx4SIzHi16O2fX8wRfhMin7Nbiz1L8EuXEtwFvG4_l-SW-ddOf8JG-w6KxkH, ser = "@method": GET
"@path": /upload/EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw/sha256-e562cbbcca2875ca5c6ea688e124b1b0cf6319ce881fe9106b2a08ddca1b8473
"signify-resource": EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw
"signify-timestamp": 2024-09-18T19:09:09.981000+00:00
"@signature-params: (@method @path signify-resource signify-timestamp);created=1726686549;keyid=BHerQd_5W7xwEf7_3hN7xFhh3xtjEmPdOlI5zunAt2cb;alg=ed25519"....
posting to http://localhost:7676/request/verify/EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw
Verify sig response {"msg": "Signature Valid"}
VerifySignedHeaders.on_post: response {'msg': 'Signature Valid'}
checking upload: aid EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw and dig sha256-e562cbbcca2875ca5c6ea688e124b1b0cf6319ce881fe9106b2a08ddca1b8473
getting from http://127.0.0.1:7676/reports/EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw/sha256-e562cbbcca2875ca5c6ea688e124b1b0cf6319ce881fe9106b2a08ddca1b8473
upload status: {"submitter": "EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw", "filename": "DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000_signed.zip", "status": "verified", "contentType": "application/zip", "size": 35814, "message": "All 1 files in report package have been signed by submitter (EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw)."}

Verifier output:

keri: File /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmp50fh3v1d/DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000.zip w/ digest sha256-edf68f0116f7007647ea9c5417b7a30c8e4485eff73c18fe2e2a5d8e9cd92645 has valid digest
keri: Processing DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000_signed.zip:
        Type=application/zip
        Size=35814
keri: processing signature {'file': 'DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000.zip', 'aid': 'EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw', 'sigs': ['AADoIV4XlPPBKeDQXdcVdIwdytUTuAbgFc3cYI4WbbAI_XY2QVRUWU97H92wL31t9RnhJGEaPoOcGHSqS8jw7bEK'], 'digest': 'sha256-edf68f0116f7007647ea9c5417b7a30c8e4485eff73c18fe2e2a5d8e9cd92645'}
keri: File /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmpgszzf45d/DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000.zip found in /var/folders/dc/hfckgfqd5w3c9c9gz371g7_00000gn/T/tmpgszzf45d
keri: All 1 files in report package have been signed by submitter (EFE8-Km32lJzOa51K3IWMcctJCX8Ifu5f4BaUWdfgSbw).
[DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000_signed.zip](https://github.com/user-attachments/files/17049204/DUMMYLEI123456789012.CON_FR_PILLAR3010000_CONDIS_2023-12-31_20230405102913000_signed.zip)