Date
1 - 11 of 11
regarding using public key to verify client
|
ankit <ankit.ankit@...>
Suppose my application is deployed on the cloud foundry and my client sends
a POST request that contains some message but that message is digitally signed by client’s private key. So, I need client’s public key(digital id of client) to verify my client for inbound calls in the cloud foundry where application is running. So, can you tell me where can I put these public keys(digital IDs of clients) in java build pack or any other place. Similarly, for outbound calls I want my message to be digitally signed and for that I need private key to be used. So, where can I put that also? -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
Noburou TANIGUCHI
Hi ankit,
First of all, do you think who is responsible to verify the signature? Your application? Or (one of) the components of Cloud Foundry? I assume the former is your answer. I think there is no functionality in Cloud Foundry to verify client signature. Then, if you use the Cloud Foundry java-buildpack to deploy your application, I think there is the only one way to send key files with your app on deployment. It is to add your key files to your app's war / jar / zip file, primitively like: ``` jar uvf your-war-jar-zip-file path-to-your-key-files-or-directories ``` But you may add a maven / gradle task to do such a thing. This is because the Cloud Foundry java-buildpack accepts only one zip-format file on a deployment. # Please correct this post if I am wrong. Thank you. ankit wrote Suppose my application is deployed on the cloud foundry and my client ----- I'm not a ... noburou taniguchi -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2719.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
ankit <ankit.ankit@...>
Hi Taniguchi,
Thank you for your response. You are right that my application is responsible for verification of the signature. But I just want to know that is there any way where I can put my key files to java build pack with which I am deploying my application on cloud foundry and let my application use those keys from build pack to verify the signature. Because I don’t want to add those key files to my app’s war. Just like we put cacerts in java buildpack which is used by application, can’t we put the key files in buildpack and use those by our application to verify signature. Thanks Ankit From: Noburou TANIGUCHI [via CF Dev] [mailto:ml-node+s70369n2719h10(a)n6.nabble.com] Sent: Monday, November 16, 2015 6:09 PM To: ., Ankit <ankit.ankit(a)philips.com> Subject: Re: regarding using public key to verify client Hi ankit, First of all, do you think who is responsible to verify the signature? Your application? Or (one of) the components of Cloud Foundry? I assume the former is your answer. I think there is no functionality in Cloud Foundry to verify client signature. Then, if you use the Cloud Foundry java-buildpack to deploy your application, I think there is the only one way to send key files with your app on deployment. It is to add your key files to your app's war / jar / zip file, primitively like: ``` jar uvf your-war-jar-zip-file path-to-your-key-files-or-directories ``` But you may add a maven / gradle task to do such a thing. This is because the Cloud Foundry java-buildpack accepts only one zip-format file on a deployment. # Please correct this post if I am wrong. Thank you. ankit wrote Suppose my application is deployed on the cloud foundry and my client sends a POST request that contains some message but that message is digitally signed by client’s private key. So, I need client’s public key(digital id of client) to verify my client for inbound calls in the cloud foundry where application is running. So, can you tell me where can I put these public keys(digital IDs of clients) in java build pack or any other place. Similarly, for outbound calls I want my message to be digitally signed and for that I need private key to be used. So, where can I put that also? I'm not a ... noburou taniguchi ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2719.html To unsubscribe from regarding using public key to verify client, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=>. NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2730.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
ankit <ankit.ankit@...>
Hi Taniguchi,
Thank you for your response. You are right that my application is responsible for verification of the signature. But I just want to know that is there any way where I can put my key files to java build pack with which I am deploying my application on cloud foundry and let my application use those keys from build pack to verify the signature. Because I don’t want to add those key files to my app’s war. Just like we put cacerts in java buildpack which is used by application, can’t we put the key files in buildpack and use those by our application to verify signature. And one more thing that I am using custom java buildpack. (This thing I forgot to mention earlier.) Thanks Ankit From: Noburou TANIGUCHI [via CF Dev] [mailto:ml-node+s70369n2719h10(a)n6.nabble.com] Sent: Monday, November 16, 2015 6:09 PM To: ., Ankit <ankit.ankit(a)philips.com> Subject: Re: regarding using public key to verify client Hi ankit, First of all, do you think who is responsible to verify the signature? Your application? Or (one of) the components of Cloud Foundry? I assume the former is your answer. I think there is no functionality in Cloud Foundry to verify client signature. Then, if you use the Cloud Foundry java-buildpack to deploy your application, I think there is the only one way to send key files with your app on deployment. It is to add your key files to your app's war / jar / zip file, primitively like: ``` jar uvf your-war-jar-zip-file path-to-your-key-files-or-directories ``` But you may add a maven / gradle task to do such a thing. This is because the Cloud Foundry java-buildpack accepts only one zip-format file on a deployment. # Please correct this post if I am wrong. Thank you. ankit wrote Suppose my application is deployed on the cloud foundry and my client sends a POST request that contains some message but that message is digitally signed by client’s private key. So, I need client’s public key(digital id of client) to verify my client for inbound calls in the cloud foundry where application is running. So, can you tell me where can I put these public keys(digital IDs of clients) in java build pack or any other place. Similarly, for outbound calls I want my message to be digitally signed and for that I need private key to be used. So, where can I put that also? I'm not a ... noburou taniguchi ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2719.html To unsubscribe from regarding using public key to verify client, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=>. NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2731.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
Noburou TANIGUCHI
Hello ankit,
But I just want to know that is there any way where I can put my key filesNow I think I've understood what you want to do. And one more thing that I am using custom java buildpack. (This thing ISo I think you can add cert keys anywhere in java buildpack you think appropriate (`resources` directory, for example), and modify the buildpack to copy them in the buildpack's compile phase, such like: ```diff diff --git a/bin/compile b/bin/compile index 53e0b8d..3d198c9 100755 --- a/bin/compile +++ b/bin/compile @@ -23,6 +23,10 @@ require 'java_buildpack/buildpack' build_dir = ARGV[0] +require('fileutils') +cert_keys_path = File.expand_path('../../resources/.ssh', __FILE__) +FileUtils.cp_r(cert_keys_path, build_dir, {:preserve => true}) + JavaBuildpack::Buildpack.with_buildpack(build_dir, 'Compile failed with exception %s') do |buildpack| buildpack.compile end ``` (the code above assumes that the cert keys in `resources/.ssh/` and copies them to `.ssh` under the application directory) ankit wrote Hi Taniguchi, ml-node+s70369n2719h10(a).nabble ] ankit.ankit@ > ----- I'm not a ... noburou taniguchi -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2732.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
ankit <ankit.ankit@...>
Hi
Can you explain it a little bit or refer any document. That would be helpful. Thanks Ankit From: Noburou TANIGUCHI [via CF Dev] [mailto:ml-node+s70369n2732h13(a)n6.nabble.com] Sent: Tuesday, November 17, 2015 12:59 PM To: ., Ankit <ankit.ankit(a)philips.com> Subject: RE: regarding using public key to verify client Hello ankit, But I just want to know that is there any way where I can put my key files to java build pack with which I am deploying my application on cloud foundry and let my application use those keys from build pack to verify the signature. Because I don’t want to add those key files to my app’s war.Now I think I've understood what you want to do. And one more thing that I am using custom java buildpack. (This thing I forgot to mention earlier.)So I think you can add cert keys anywhere in java buildpack you think appropriate (`resources` directory, for example), and modify the buildpack to copy them in the buildpack's compile phase, such like: ```diff diff --git a/bin/compile b/bin/compile index 53e0b8d..3d198c9 100755 --- a/bin/compile +++ b/bin/compile @@ -23,6 +23,10 @@ require 'java_buildpack/buildpack' build_dir = ARGV[0] +require('fileutils') +cert_keys_path = File.expand_path('../../resources/.ssh', __FILE__) +FileUtils.cp_r(cert_keys_path, build_dir, {:preserve => true}) + JavaBuildpack::Buildpack.with_buildpack(build_dir, 'Compile failed with exception %s') do |buildpack| buildpack.compile end ``` (the code above assumes that the cert keys in `resources/.ssh/` and copies them to `.ssh` under the application directory) ankit wrote Hi Taniguchi, Thank you for your response. You are right that my application is responsible for verification of the signature. But I just want to know that is there any way where I can put my key files to java build pack with which I am deploying my application on cloud foundry and let my application use those keys from build pack to verify the signature. Because I don’t want to add those key files to my app’s war. Just like we put cacerts in java buildpack which is used by application, can’t we put the key files in buildpack and use those by our application to verify signature. And one more thing that I am using custom java buildpack. (This thing I forgot to mention earlier.) Thanks Ankit From: Noburou TANIGUCHI [via CF Dev] [mailto:[hidden email]</user/SendEmail.jtp?type=node&node=2732&i=0>] Sent: Monday, November 16, 2015 6:09 PM To: ., Ankit <[hidden email]</user/SendEmail.jtp?type=node&node=2732&i=1>> Subject: Re: regarding using public key to verify client Hi ankit, First of all, do you think who is responsible to verify the signature? Your application? Or (one of) the components of Cloud Foundry? I assume the former is your answer. I think there is no functionality in Cloud Foundry to verify client signature. Then, if you use the Cloud Foundry java-buildpack to deploy your application, I think there is the only one way to send key files with your app on deployment. It is to add your key files to your app's war / jar / zip file, primitively like: ``` jar uvf your-war-jar-zip-file path-to-your-key-files-or-directories ``` But you may add a maven / gradle task to do such a thing. This is because the Cloud Foundry java-buildpack accepts only one zip-format file on a deployment. # Please correct this post if I am wrong. Thank you. ankit wrote Suppose my application is deployed on the cloud foundry and my client sends a POST request that contains some message but that message is digitally signed by client’s private key. So, I need client’s public key(digital id of client) to verify my client for inbound calls in the cloud foundry where application is running. So, can you tell me where can I put these public keys(digital IDs of clients) in java build pack or any other place. Similarly, for outbound calls I want my message to be digitally signed and for that I need private key to be used. So, where can I put that also? I'm not a ... noburou taniguchi ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2719.html To unsubscribe from regarding using public key to verify client, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e>. NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e> ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. I'm not a ... noburou taniguchi ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2732.html To unsubscribe from regarding using public key to verify client, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=>. NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2734.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
Noburou TANIGUCHI
Hi ankit,
Can you explain it a little bit or refer any document. That would beWould you please narrow the focus of your question? What do you want to know about? Thanks. ankit wrote Hi ml-node+s70369n2732h13(a).nabble ] ankit.ankit@ > ----- I'm not a ... noburou taniguchi -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2741.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
ankit <ankit.ankit@...>
Hi
See basically what I need is to put some file in my custom java buildpack and let my application use that file when it is deployed on the cloud foundry whether it is those certificate key files or any other file. So, I just don’t want to package these files with my app war file. I want to put these in buildpack and specify it’s path in app’s manifest file which is used while deploying the application on cloud foundry. Thanks Ankit From: Noburou TANIGUCHI [via CF Dev] [mailto:ml-node+s70369n2741h92(a)n6.nabble.com] Sent: Wednesday, November 18, 2015 7:36 AM To: ., Ankit <ankit.ankit(a)philips.com> Subject: RE: regarding using public key to verify client Hi ankit, Can you explain it a little bit or refer any document. That would be helpful.Would you please narrow the focus of your question? What do you want to know about? Thanks. ankit wrote Hi Can you explain it a little bit or refer any document. That would be helpful. Thanks Ankit From: Noburou TANIGUCHI [via CF Dev] [mailto:[hidden email]</user/SendEmail.jtp?type=node&node=2741&i=0>] Sent: Tuesday, November 17, 2015 12:59 PM To: ., Ankit <[hidden email]</user/SendEmail.jtp?type=node&node=2741&i=1>> Subject: RE: regarding using public key to verify client Hello ankit, But I just want to know that is there any way where I can put my key files to java build pack with which I am deploying my application on cloud foundry and let my application use those keys from build pack to verify the signature. Because I don’t want to add those key files to my app’s war.Now I think I've understood what you want to do. And one more thing that I am using custom java buildpack. (This thing I forgot to mention earlier.)So I think you can add cert keys anywhere in java buildpack you think appropriate (`resources` directory, for example), and modify the buildpack to copy them in the buildpack's compile phase, such like: ```diff diff --git a/bin/compile b/bin/compile index 53e0b8d..3d198c9 100755 --- a/bin/compile +++ b/bin/compile @@ -23,6 +23,10 @@ require 'java_buildpack/buildpack' build_dir = ARGV[0] +require('fileutils') +cert_keys_path = File.expand_path('../../resources/.ssh', __FILE__) +FileUtils.cp_r(cert_keys_path, build_dir, {:preserve => true}) + JavaBuildpack::Buildpack.with_buildpack(build_dir, 'Compile failed with exception %s') do |buildpack| buildpack.compile end ``` (the code above assumes that the cert keys in `resources/.ssh/` and copies them to `.ssh` under the application directory) ankit wrote Hi Taniguchi, Thank you for your response. You are right that my application is responsible for verification of the signature. But I just want to know that is there any way where I can put my key files to java build pack with which I am deploying my application on cloud foundry and let my application use those keys from build pack to verify the signature. Because I don’t want to add those key files to my app’s war. Just like we put cacerts in java buildpack which is used by application, can’t we put the key files in buildpack and use those by our application to verify signature. And one more thing that I am using custom java buildpack. (This thing I forgot to mention earlier.) Thanks Ankit From: Noburou TANIGUCHI [via CF Dev] [mailto:[hidden email]</user/SendEmail.jtp?type=node&node=2732&i=0>] Sent: Monday, November 16, 2015 6:09 PM To: ., Ankit <[hidden email]</user/SendEmail.jtp?type=node&node=2732&i=1>> Subject: Re: regarding using public key to verify client Hi ankit, First of all, do you think who is responsible to verify the signature? Your application? Or (one of) the components of Cloud Foundry? I assume the former is your answer. I think there is no functionality in Cloud Foundry to verify client signature. Then, if you use the Cloud Foundry java-buildpack to deploy your application, I think there is the only one way to send key files with your app on deployment. It is to add your key files to your app's war / jar / zip file, primitively like: ``` jar uvf your-war-jar-zip-file path-to-your-key-files-or-directories ``` But you may add a maven / gradle task to do such a thing. This is because the Cloud Foundry java-buildpack accepts only one zip-format file on a deployment. # Please correct this post if I am wrong. Thank you. ankit wrote Suppose my application is deployed on the cloud foundry and my client sends a POST request that contains some message but that message is digitally signed by client’s private key. So, I need client’s public key(digital id of client) to verify my client for inbound calls in the cloud foundry where application is running. So, can you tell me where can I put these public keys(digital IDs of clients) in java build pack or any other place. Similarly, for outbound calls I want my message to be digitally signed and for that I need private key to be used. So, where can I put that also? I'm not a ... noburou taniguchi ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2719.html To unsubscribe from regarding using public key to verify client, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3e>. NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3e> ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. I'm not a ... noburou taniguchi ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2732.html To unsubscribe from regarding using public key to verify client, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e>. NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e> I'm not a ... noburou taniguchi ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2741.html To unsubscribe from regarding using public key to verify client, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=>. NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2745.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
Noburou TANIGUCHI
ankit,
It's still unclear for me what you want for me to explain. I want to put these in buildpack and specify it’s path in app’s manifestI think I have explained in this post [1] about where in java buildpack to put cert keys and how to modify java buildpack to put them into the place where an app can access when it is running. So my question, again, is "what do you want to be explained more?" in the post [1]. [1] http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2732.html ankit wrote Hi ml-node+s70369n2741h92(a).nabble ] ankit.ankit@ > ----- I'm not a ... noburou taniguchi -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2746.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
ankit <ankit.ankit@...>
Hi
```diff diff --git a/bin/compile b/bin/compile index 53e0b8d..3d198c9 100755 --- a/bin/compile +++ b/bin/compile @@ -23,6 +23,10 @@ require 'java_buildpack/buildpack' build_dir = ARGV[0] +require('fileutils') +cert_keys_path = File.expand_path('../../resources/.ssh', __FILE__) +FileUtils.cp_r(cert_keys_path, build_dir, {:preserve => true}) + JavaBuildpack::Buildpack.with_buildpack(build_dir, 'Compile failed with exception %s') do |buildpack| buildpack.compile end ``` This is the thing that I am not able to understand and How to use this and what is this for. Is this some kind of code or some cofiguration. Actually I am new to cloud foundry. If there is any document regarding this that you can refer, that would be helpful. Thanks Ankit From: Noburou TANIGUCHI [via CF Dev] [mailto:ml-node+s70369n2746h47(a)n6.nabble.com] Sent: Wednesday, November 18, 2015 7:22 PM To: ., Ankit <ankit.ankit(a)philips.com> Subject: RE: regarding using public key to verify client ankit, It's still unclear for me what you want for me to explain. I want to put these in buildpack and specify it’s path in app’s manifest file which is used while deploying the application on cloud foundry.I think I have explained in this post [1] about where in java buildpack to put cert keys and how to modify java buildpack to put them into the place where an app can access when it is running. So my question, again, is "what do you want to be explained more?" in the post [1]. [1] http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2732.html ankit wrote Hi See basically what I need is to put some file in my custom java buildpack and let my application use that file when it is deployed on the cloud foundry whether it is those certificate key files or any other file. So, I just don’t want to package these files with my app war file. I want to put these in buildpack and specify it’s path in app’s manifest file which is used while deploying the application on cloud foundry. Thanks Ankit From: Noburou TANIGUCHI [via CF Dev] [mailto:[hidden email]</user/SendEmail.jtp?type=node&node=2746&i=0>] Sent: Wednesday, November 18, 2015 7:36 AM To: ., Ankit <[hidden email]</user/SendEmail.jtp?type=node&node=2746&i=1>> Subject: RE: regarding using public key to verify client Hi ankit, Can you explain it a little bit or refer any document. That would be helpful.Would you please narrow the focus of your question? What do you want to know about? Thanks. ankit wrote Hi Can you explain it a little bit or refer any document. That would be helpful. Thanks Ankit From: Noburou TANIGUCHI [via CF Dev] [mailto:[hidden email]</user/SendEmail.jtp?type=node&node=2741&i=0>] Sent: Tuesday, November 17, 2015 12:59 PM To: ., Ankit <[hidden email]</user/SendEmail.jtp?type=node&node=2741&i=1>> Subject: RE: regarding using public key to verify client Hello ankit, But I just want to know that is there any way where I can put my key files to java build pack with which I am deploying my application on cloud foundry and let my application use those keys from build pack to verify the signature. Because I don’t want to add those key files to my app’s war.Now I think I've understood what you want to do. And one more thing that I am using custom java buildpack. (This thing I forgot to mention earlier.)So I think you can add cert keys anywhere in java buildpack you think appropriate (`resources` directory, for example), and modify the buildpack to copy them in the buildpack's compile phase, such like: ```diff diff --git a/bin/compile b/bin/compile index 53e0b8d..3d198c9 100755 --- a/bin/compile +++ b/bin/compile @@ -23,6 +23,10 @@ require 'java_buildpack/buildpack' build_dir = ARGV[0] +require('fileutils') +cert_keys_path = File.expand_path('../../resources/.ssh', __FILE__) +FileUtils.cp_r(cert_keys_path, build_dir, {:preserve => true}) + JavaBuildpack::Buildpack.with_buildpack(build_dir, 'Compile failed with exception %s') do |buildpack| buildpack.compile end ``` (the code above assumes that the cert keys in `resources/.ssh/` and copies them to `.ssh` under the application directory) ankit wrote Hi Taniguchi, Thank you for your response. You are right that my application is responsible for verification of the signature. But I just want to know that is there any way where I can put my key files to java build pack with which I am deploying my application on cloud foundry and let my application use those keys from build pack to verify the signature. Because I don’t want to add those key files to my app’s war. Just like we put cacerts in java buildpack which is used by application, can’t we put the key files in buildpack and use those by our application to verify signature. And one more thing that I am using custom java buildpack. (This thing I forgot to mention earlier.) Thanks Ankit From: Noburou TANIGUCHI [via CF Dev] [mailto:[hidden email]</user/SendEmail.jtp?type=node&node=2732&i=0>] Sent: Monday, November 16, 2015 6:09 PM To: ., Ankit <[hidden email]</user/SendEmail.jtp?type=node&node=2732&i=1>> Subject: Re: regarding using public key to verify client Hi ankit, First of all, do you think who is responsible to verify the signature? Your application? Or (one of) the components of Cloud Foundry? I assume the former is your answer. I think there is no functionality in Cloud Foundry to verify client signature. Then, if you use the Cloud Foundry java-buildpack to deploy your application, I think there is the only one way to send key files with your app on deployment. It is to add your key files to your app's war / jar / zip file, primitively like: ``` jar uvf your-war-jar-zip-file path-to-your-key-files-or-directories ``` But you may add a maven / gradle task to do such a thing. This is because the Cloud Foundry java-buildpack accepts only one zip-format file on a deployment. # Please correct this post if I am wrong. Thank you. ankit wrote Suppose my application is deployed on the cloud foundry and my client sends a POST request that contains some message but that message is digitally signed by client’s private key. So, I need client’s public key(digital id of client) to verify my client for inbound calls in the cloud foundry where application is running. So, can you tell me where can I put these public keys(digital IDs of clients) in java build pack or any other place. Similarly, for outbound calls I want my message to be digitally signed and for that I need private key to be used. So, where can I put that also? I'm not a ... noburou taniguchi ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2719.html To unsubscribe from regarding using public key to verify client, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3e><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3e%3e>. NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3e><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3e%3e> ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. I'm not a ... noburou taniguchi ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2732.html To unsubscribe from regarding using public key to verify client, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3e>. NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3e> I'm not a ... noburou taniguchi ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2741.html To unsubscribe from regarding using public key to verify client, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e>. NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e> I'm not a ... noburou taniguchi ________________________________ If you reply to this email, your message will be added to the discussion below: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2746.html To unsubscribe from regarding using public key to verify client, click here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=>. NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2756.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|
|
Noburou TANIGUCHI
OK. Now I think I've understood what you want.
```diff diff --git a/bin/compile b/bin/compile index 53e0b8d..3d198c9 100755 --- a/bin/compile +++ b/bin/compile @@ -23,6 +23,10 @@ require 'java_buildpack/buildpack' build_dir = ARGV[0] +require('fileutils') +cert_keys_path = File.expand_path('../../resources/.ssh', __FILE__) +FileUtils.cp_r(cert_keys_path, build_dir, {:preserve => true}) + JavaBuildpack::Buildpack.with_buildpack(build_dir, 'Compile failed with exception %s') do |buildpack| buildpack.compile end ``` This code diff is assumed to be applied to [1]. And see [2], you'll find a directory named "resources". The added code assumes that you store cert keys into the ".ssh" directory under the "resources" directory. But you may store anywhere in the buildpack if you modify the code appropriately, as I wrote in [3]. Actually I am new to cloud foundry.I misunderstood you have experienced modifying buildpacks because you wrote you were using a modified java buildpack and you asked "where" to store your cert keys. [1] https://github.com/cloudfoundry/java-buildpack/blob/4ec120403dd15c4ac37c387cb080ad69dc6a5cc9/bin/compile [2] https://github.com/cloudfoundry/java-buildpack/tree/4ec120403dd15c4ac37c387cb080ad69dc6a5cc9 [3] http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2732.html ankit wrote Hi ml-node+s70369n2746h47(a).nabble ] ankit.ankit@ > ----- I'm not a ... noburou taniguchi -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2785.html Sent from the CF Dev mailing list archive at Nabble.com. |
|
|