Closed hidasw closed 1 week ago
this PR looks great! thank you for your work!
@parallels999 have you tried it?
Why did you close it?
sorry i dont know why it closed, i just refresh browser and this PR closed. reopen it.
Ok next time. Cz little busy at this time. And note that this currently validate only signer certificate, not intermediate or multiple certificate path (no problem, just make validation function to loop until reach root ca. I'll manager it later). I'm also interested if we can define signature max length before signing. So we can define this size exactly instead set large size and padding excess space to zero. I think do signing twice just affect little performance since no need to write temp files. This improve efficiency on size. How about it?
I'm also interested if we can define signature max length before signing
Those optimizations would be better in a separate PR
What I do not like from these changes is that those scripts that are included here are supposed to be simple examples.
umm I think this still simple, we can ignore other optional arguments (tsa/ltv) and signing will done without that. Dont know the better way to manage some arguments and what arguments should to add... any suggestions would be very helpful.
I'm also interested if we can define signature max length before signing
Those optimizations would be better in a separate PR
i have updated, but already implement that. feel free to change/remove if it needless.
I actually went to the trouble of separating it for a good reason. They can be used separately, That's why I created examples for each one. and in this way you can no longer send arguments to LTV
@erikn69 I think with single merged script we can add or pass tsa. just set tsa url parameter to empty to bypass it? cmiiw..
?: "http://timestamp.digicert.com";
you removed the default value, but on the text shows digicert
as default
https://github.com/erikn69/sapp/commit/ac6ae194672601197027574dcea7ba0f6c24a642
I actually went to the trouble of separating it for a good reason. They can be used separately, That's why I created examples for each one. and in this way you can no longer send arguments to LTV
also because i have removed optional ltv arguments such ocsp, crl & issuer, because it is difficult to implement if the certificate has a long path. except these arguments refer to a path containts many crl & issuer cert, so the script will search in it.
The idea of the example scripts is to show a specific functionality, not to add them as a group.
For example, if I want to test TSA, it immediately adds LTV to me
But @dealfonso decides 👍
?: "http://timestamp.digicert.com";
you removed the default value, but on the text showsdigicert
as default
I don't want to remove remove default value, but how to bypass timestamping without removing that? any idea?
but how to bypass timestamping without removing that? any idea?
That's why I created 2 separate scripts, but let's leave it like this, this does not affect the functionality
but how to bypass timestamping without removing that? any idea?
That's why I created 2 separate scripts, but let's leave it like this, this does not affect the functionality
umm i just remember that my reason to merged is when we need to perform ltv+timestamping. before merged i can do just timestamp only or ltv only. And to append timestamp token to existing signature we need to signing again caused message digest has changed.
Great job and thank you for the new features!!
Add Support for Long Term Validation and Timestamping. Also skip tempfile requirement at signing process to improve performance and efficiency.