Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Show checksums and remote identity for completed file transfers #9367

Open
cyberduck opened this issue Mar 15, 2016 · 6 comments
Open

Show checksums and remote identity for completed file transfers #9367

cyberduck opened this issue Mar 15, 2016 · 6 comments

Comments

@cyberduck
Copy link
Collaborator

@cyberduck cyberduck commented Mar 15, 2016

472c568 created the issue

Phase A

  1. If a user clicks on the "i" button as per the attached, mock-up screenshot, a pop-up will open and show as ASCII Text
    a. origin URI, protocol, SHA256, SHA1, ... of the downloaded (or uploaded) file
    b. CN, Issuer-CN, SHA256, SHA1 of remote public key (if the transfer was encrypted)

Phase B

  1. for 1b) not only the meta info is shown, but the certificate (assuming x509 for once) and its chain down to the root can be opened

Phase C

  1. the pop-up and public key (certs) are put into a PDF that is signed with a dummy certificate and rfc3161 time-stamped (e.g. with http://tsa.pki.admin.ch/tsa - configurable)

Phase D

  1. the same as 3) but the signature can also come out of a SuisseID or alike

Phase E

  1. the same as 4) but the pdf complies with the PDF/A standard ==> the certificate can no longer be put as a file-attachment in .cer or .pem .crt or similar format to the pdf, but the base64 encoded certs need to be printed as base64 PEM into the trailing pages of the PDF

Attachments

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jun 6, 2016

@dkocher commented

#9584 closed as duplicate.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jun 20, 2016

472c568 commented

are you sure that #9584 is a duplicate?

The goal is that evidence of an upload is visible (best even rfc3161 timestamped) that can be understood / used by a non-technical person like a "lawyer" who is increasingly trained by the authorities to work with pdf/a and digital signatures/timestamps.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Aug 17, 2016

472c568 commented

see also #9656

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Aug 19, 2016

@dkocher commented

#9656 closed as duplicate.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Feb 28, 2018

@dkocher commented

#10255 closed as duplicate.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Feb 28, 2018

dd558ee commented

Replying to [comment:7 dkocher]:

#10255 closed as duplicate.
Okay thanks - my proposal was similar to this. As it doesn't stipulate currently in the uploads panel that all the files were checksum'd on prior to upload and transfer completion can I therefore assume that CyberDuck has done so and therefore wouldn't display "completed" unless this test has also been completed successfully and that the files on B2 are definitely identical copies of the local files? I can live without the feature if this is the case.

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant