Menu
▾
▴
Re: [Ejbca-develop] EJBCA used as a signing server
|
From: Tomas G. <to...@pr...> - 2016-03-29 08:35:40
|
Hi André, This sounds like a good job for SignServer, which already have some of the functionality you are asking for. https://www.signserver.org/ Cheers, Tomas On 2016-03-29 10:04, André Clerc wrote: > Dear EJBCA team > > > > On behalf of a customer, I send you this e-mail because he is interested > in a signing solution. Unlike to CRS, where a CA creates and sign > certificates, the customer would like to have signed hash values (e.g.: > hash of a document, code, etc.). These hash values refer to a document > will be produced by an external application (please see illustration > below). > > > > imap://tomas@mail.primekey.se:993/fetch%3EUID%3E/INBOX%3E8920222?header=quotebody&part=1.1.2&filename=image002.png > > > > > > As a special criteria the customer is interested in particular for a > possible implementation of the *level 2 sole control* regarding TS 419 > 241 respectively EN 419 241. Our understanding with respect to level 2 > sole control have I added to the PS. If EJBCA dose currently not support > level 2 sole control, what is the size of the estimated effort/cost and > what kind problems there are still to be resolved. > > > > Your sincerely > > André Clerc > > > > *PS:*Our understanding with respect to Level 2 Sole Control is such > that, a commitment to release a signature have to be protect by multiple > factors. One allowed way for a multi-factor authentication is provided > by the signature creation device itself. Another method is a > multi-factor authentication of the signer by the server signing > application followed by a commitment protect by 1 factor (please review > the attached diagram in the slide 13 and 17) in a secure way. > > > > > > -- > > André Clerc > > Expert IT Security Consultant > > > > *TEMET AG* > > Basteiplatz 5, CH-8001 Zürich > > T: +41 79 222 22 54 | Büro: +41 44 302 24 42 > > and...@te... <mailto:and...@te...>| www.temet.ch > <http://www.temet.ch/> > > > > > > ------------------------------------------------------------------------------ > Transform Data into Opportunity. > Accelerate data analysis in your applications with > Intel Data Analytics Acceleration Library. > Click to learn more. > http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140 > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
