Switch to server-side hashing for SignServer support #260
Conversation
|
Thank you for the follow up. Does the serverside hashing work in all cases? Maybe we could use that to keep things simple. |
|
I wouldn't recommend that, and no, depends on the configuration on the SignServer. |
|
I'm suggesting this because the data to be signed is an ASN.1 structure (SpcIndirectDataContent) containing the hash of the file, it's just a few bytes larger than the hash that would be produced on the client side. It's not like the whole file would be sent over the network. What error did you get with the Nitrokey HSM? It's a bit odd that client side hashing doesn't work, that sounds like a bug in SignServer. |
|
The error is
Oh, ok, then this was a misunderstanding on my side, it is indeed 126 byte vs. 32 byte for SHA-256. So yeah, I guess server-side hashing should always work if the worker is configured properly and I'll change this PR to only do server-side hashing. |
Vampire
changed the title
The Nitrokey 3 NFC was quite slow last year when I tested it, around 1 second per RSA 4096 signature. The Yubikey 5 is faster, about 100ms per sign operation. I don't remember the performance of the Nitrokey HSM 2 but I think it was close to the Nitrokey 3. There was some work in the latest firmwares to enable hardware acceleration on some operations but I haven't checked.
That's an annoying drawback :( That means the algorithm has to be specified to Jsign, the process is open to misuse and errors. |
|
Just noticed your message on the Nitrokey support forum: |
Did not fully get that. |
|
I think Jsign has to know the algorithm, I'll check. |
|
Maybe this will help if it gets considered Keyfactor/signserver-ce#108 :-) |
|
But currently you are right. |
|
For now I changed
to
|
|
I've updated the documentation as suggested, but I keep the client side hashing for the 7.0 release. |
|
That means even with v7 I need to use my monkey-patch hack-around as client-side hashing still does not work. :-/ |
|
I agree that's not great, but client side hashing makes more sense as the default method for a general usage. That said, maybe we could hack something simple to work around the issue until SignServer is fixed, we could switch between client side and server side hashing depending on the name of the worker. For example if the name of the worker contains the pattern |
|
That's exactly what this PR originally did, having client-side hashing by default and considering |
|
Yes sorry, that was before I realized the hash algorithm was no longer controlled by the client. My suggestion is slightly different though, the idea is to have a convention for the name of the workers configured with server side hashing. That's less error prone than a marker appended to the alias parameter that could be forgotten, but also less flexible since it requires the collaboration of the SignServer administrator (but I assume the Jsign user will also operate the SignServer instance). The two approaches aren't mutually exclusive though, we could implement both. |
|
I've merged the original PR, with minor changes to the documentation. Thanks again. |
When using for example a Nitrokey HSM 2, client-side hashing seems to not work.
Additionally if
CLIENTSIDEHASHINGwas set totruein the worker as documented,the certificate fetching failed.
This PR also uses client-side hashing for the certificate retrieval,
and additionally allows to suffix the alias with
|serverside, to allow doingserver-side hashing when necessary.