Digital Signature for files
Jörn Franke edited this page Jan 20, 2018
·
5 revisions
You can add a digital signature to your files to enable non-repudiation, ie to prove and verify the origin of a document. Currently only new Excel files (.xlsx) are supported as of HadoopOffice 1.1.0.
To enable verification during reading of excel files you have to set the option
- hadoopoffice.read.security.sign.verifysignature to true
and add some crypthography libraries (see here).
If the signature cannot be verified then an Exception is thrown. Optionally you can define a truststore to establish a certification chain (see here).
To sign a document you need
- A certificate in X509 format (e.g. .pfx or .p12) (ideally this certificate is signed by your certification authority)
- add some cryptography libraries see here
- Configure the following options
- hadoopoffice.write.security.sign.keystore.file: location of the certificate 1) used for signing - can be local or on HDFS or any other Hadoop supported file system
- hadoopoffice.write.security.sign.hash.algorithm (please verify it with your security expert): sha512
- hadoopoffice.write.security.sign.keystore.type (type of certificate, here .pfx or .p12): PKCS12
- hadoopoffice.write.security.sign.keystore.password: passphrase to access the private key stored in the certificate file
- hadoopoffice.write.security.sign.keystore.alias: alias under which the private key can be found in the keystore file
The signature is stored within the file (for .xlsx) and thus you will not find a dedicated signature file.
Further reading: https://poi.apache.org/encryption.html