Re: regarding using public key to verify client


Hi ankit,

First of all, do you think who is responsible to verify the signature? Your
application? Or (one of) the components of Cloud Foundry? I assume the
former is your answer. I think there is no functionality in Cloud Foundry to
verify client signature.

Then, if you use the Cloud Foundry java-buildpack to deploy your
application, I think there is the only one way to send key files with your
app on deployment. It is to add your key files to your app's war / jar / zip
file, primitively like:

jar uvf your-war-jar-zip-file path-to-your-key-files-or-directories

But you may add a maven / gradle task to do such a thing.

This is because the Cloud Foundry java-buildpack accepts only one zip-format
file on a deployment.

# Please correct this post if I am wrong. Thank you.

ankit wrote
Suppose my application is deployed on the cloud foundry and my client
sends a POST request that contains some message but that message is
digitally signed by client’s private key. So, I need client’s public
key(digital id of client) to verify my client for inbound calls in the
cloud foundry where application is running. So, can you tell me where can
I put these public keys(digital IDs of clients) in java build pack or any
other place.
Similarly, for outbound calls I want my message to be digitally signed and
for that I need private key to be used. So, where can I put that also?

I'm not a ...
noburou taniguchi
View this message in context:
Sent from the CF Dev mailing list archive at

Join to automatically receive all group messages.