Anuket Project

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

What:

Dovetail will provide a way to authenticate the integrity for both dovetail tool and report.

With this approach, dovetail generates a digital signature along with the plain-text report . Then the reviewer can use this signature to validate the integrity of the dovetail tool and the report.

Why:

The report in plain-text is vulnerable, can be easily modified during storage and transportation.

Reviewer need to make sure that the report is generated by a validated tool from the release and its result can not be modified to remove a failure or something like that.

Users do not need to know or learn any details about this procedure.

How:

The whole authenticating workflow show as following:

1. OPNFV generates the key pairs for each release
2. dovetail uses this key to build a binary signature tool
3. dovetail generates a digest for both dovetail tool and report, then combine two digests into one, then sign the final digest
4. dovetail saves the report to a report file
5. upload report and signature to review
6. extract digest from signature
7. validate the integrity of dovetail tool and report

 

  • No labels