-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use Case: Signing RO-Crates #282
Comments
As a partial solution, an RO-Crate bundled in a zip file could be signed using https://github.com/falk-werner/zipsign or a similar solution. But, other scenarios where the RO-Crate is bundled using tar, rar, or other archive software would not be covered by this. |
ZipSign seems to combine the OpenSSL implementation of Cryptographic Message Syntax (CMS) to generate and verify the signature and zip comments to store/retrieve the signature. If formats other than zip should be supported, then the |
Thanks for raising this requirement! We were thinking about this requirement also in Five Safes RO-Crate. You may found the Security considerations helpful. We didn't however settle on the mechanism for cryptographic signatures. There we rely on the optional BagIt packaging which moves the crate to |
Why not use Verifiable Credentials (wikipedia) to sign the ro-crate-metadata.json?
|
As a software developer, I want to provide a signature along with RO-Crates my software exports so that users can verify that the RO-Crate is from my software and hasn't been altered by a third party.
The context for this is the .eln file format which is built on top of RO-Crate. To ensure that data exported by one ELN and imported into another has not been modified and has actually been exported by that other ELN and not by a third party, we would like to provide a signature of some kind along with the RO-Crate. We've gathered some ideas in an issue on the topic there, however this use case might be of interest for RO-Crates in general and a solution independent of the .eln file format might be found.
The text was updated successfully, but these errors were encountered: