Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

What:

Dovetail will provide a optional parameter ("–security") for user to secure the way to authenticate the integrity for both dovetail tool and report.

With this parameterapproach, dovetail will generate a report in cipher-text and a secret key in cipher-text together instead of a single generates a digital signature along with the plain-text report and meanwhile a digital signature comes together to keep its integrity . Then the reviewer can use this signature to validate the integrity of the dovetail tool and the report.

Why:

The report in plain-text is vulnerable from malicious attacks.If user want to secure their report and do not want the report be tampered with by any unexpected person,they can simply add this parameter into the command line, can be easily modified during storage and transportation.

Reviewer need to make sure that the report is generated by a validated tool from the release and its result can not be modified to remove a failure or something like that.

Users do not need to know or learn any details about that how to securethis procedure.

How:

The whole security authenticating workflow show as following:

  1. user generate RSA key pairs
  2. dovetail generate  a random secret key
  3. encrypt this report with this secret key by AES256 encryption algorithm
  4. encrypt this secret key with RSA public key by RSA encryption algorithm
  5. vendor generate RSA key pairs
  6. dovetail generate a digest from report with MD5
  7. encrypt digest with private key from vendor
  8. send encrypted report, encrypted digest, encrypted key to your target user
  9. the receiver decrypt the secret key with his own RSA private key to get original secret key
  10. the receiver decrypt the report with this secret key to get the plain-text report
  11. the receiver decrypt the digest with vendor's public key to get original digest
  12. the receiver generate a digest from report with MD5 get new digest
  13. the receiver check if original digest and new digest are the same with each other

Image RemovedImage Added