fmartingr
commented
1 month ago Fingerprint is not visible on the system console. Was it removed at some point or did we forget to put it/is there other verification mechanism?
Open wiggin77 opened 8 months ago
fmartingr
commented
1 month ago Fingerprint is not visible on the system console. Was it removed at some point or did we forget to put it/is there other verification mechanism?
wiggin77
commented
1 month ago I think it was an oversight. We need to display it in the system console.
esarafianou
commented
1 month ago It's not the fingerprint that should be visible. This is in the downloaded zip. It's the secrets that need to be visible but please check this internal ticket before any work on this: https://mattermost.atlassian.net/browse/MM-59834
To allow legal folks to prove data has not been tampered with after download. Files will have a fingerprint generated with a hash of the file content plus a secret defined when creating the hold (hold id?).
Someone knowing the secret can use the hash function to check the file contents for tampering. The secret must be discoverable in the system console where holds are listed.
The fingerprints will be added to an index file. This can be the existing index, or a separate file.
The hash function to be used will be SHA-512 unless a better one is identified.