User:Catlee/AutomatedSigning: Difference between revisions

Jump to navigation Jump to search

User:Catlee/AutomatedSigning (view source)

Revision as of 23:14, 3 November 2010

36 bytes added ,  3 November 2010
no edit summary
(Created page with "Run a web app on keymaster that as a basic API: POST /signing filedata=... sha512=... filename=... hmac=... returns a signing id HEAD /signing/<id> indicates...")
 
No edit summary
Line 1: Line 1:
Run a web app on keymaster that as a basic API:
Run a web app on keymaster that has a basic API:
 
POST /signing
  filedata=...
  sha512=...
  filename=...
  hmac=...


  POST /sign
    filedata=...
    sha512=...
    filename=...
    hmac=...
   returns a signing id
   returns a signing id


HEAD /signing/<id>
  HEAD /sign/<id>
  indicates if signing job is done
    indicates if signing job is done


GET /signing/<id>
  GET /sign/<id>
  returns signed file(s)
    returns signed file(s), file hashes, hmac, ...


hmac could be some token generated from a combination of date and per-release secret.  The secret could be given to both the keymaster and builds to generate checksums so the keymaster knows that requests to sign files are valid for this release in a certain time period.
hmac could be some token generated from a combination of date and per-release secret.  The secret could be given to both the keymaster and builds to generate checksums so the keymaster knows that requests to sign files are valid for this release in a certain time period.
Catlee
Confirmed users
2,456

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/265727"

Navigation menu