What:
Dovetail will provide a way to authenticate the integrity for both dovetail tool and report.
With this approach, dovetail generates a digital signature along with the plain-text report . Then the reviewer can use this signature to validate the integrity of the dovetail tool and the report.
Why:
The report in plain-text is vulnerable, can be easily modified during storage and transportation.
Reviewer need to make sure that the report is generated by a validated tool from the release and its result can not be modified to remove a failure or something like that.
Users do not need to know or learn any details about this procedure.
How:
The whole authenticating workflow show as following: