Open ei-nghon-phoo opened 9 months ago
hello Ma @TW-Ei-Nghon-Phoo , based on the recent discussion with Ko @myo-min-htet and Ko @tw-aungthawaye , we will be uploading .cer
file instead of .pem
format...
and cert-managment-bc internal service will be responsible for generate .pem
file instead using uploaded cer
file
noted, will update the UI and spec
admin ui and service integration in docker-compose-cross-cutting
In JWS security management, Public and private keys are generated by a certificate authority for DFSP. This signature can be validated by any participant, including the hub and DFSPs involved in the transaction. Successful validation is crucial for a transaction to proceed., and the Public key certificate can be decoded to extract information such as time validity, issuer certificate authority, and the signature creation algorithm.
Certificate Upload:
Certificate Information:
Security Management with JWS:
Certificate Renewal:
In JWS security management, Public and private keys are generated by a certificate authority for DFSP. This signature can be validated by any participant, including the hub and DFSPs involved in the transaction. Successful validation is crucial for a transaction to proceed., and the Public key certificate can be decoded to extract information such as time validity, issuer certificate authority, and the signature creation algorithm.
Certificate Upload:
Certificate Information:
Security Management with JWS:
Certificate Renewal:
@TW-Ei-Nghon-Phoo , is the team working on this ticket?/Can you please provide updates? Thanks!
@JulieG19 , yes TW team member @tw-sithumyo is working on this ticket. We divided into five parts under this ticket. 1.1 CSR signing from Key Management SVC 1.2 SecureStorage (mongo, local directory, redis, vault) 1.3 Maker/Checker design confirmation 1.4 integration with participant-bc with key-management-svc 1.5 Admin UI changes
The focal Dev can finish the above two tasks during Sprint 1. The rest tasks will be focused in next Sprints.
@bushjames, is this the ticket you have concerned about?
@JulieG19 this ticket raised my concerns. This is related to JWS key management and is worthy of a review by the DA.
User Story
As a hub operator, I want to upload and manage JWS certificates for each DFSP so that I can ensure the security of the switch and the integrity of trusted transactions among DFSP.
Technical Design for the certificate management
Certificate workflow
Tasks