Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-6436

Add the posibility to sign / encrypt bundles



    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: karaf
    • Labels:


      It should have a possibilty to lock a Karaf instance to only accept bundles that are signed / encrypted with a predefined key.
      This would allow a certain protection for the deployed bundles and application as not any user code can be deployed but only certified one.

      Definition of Done:
      We are able to configure a Karaf instance with a key / certificate and it then only accepts bundles that are signed / encrypted with a suitable key / certificate.

      There was a short discussion about the matter in the Slack channel with J B and Christian Schneider on 09/26/19 in #karaf:

      Christian Schneider 15:33
      You might experiment with a hook that only allows signed bundles.
      So at least you can implement a mandatory code check as you can control the signing
      Julian Feinauer 15:34
      @Christian Schneider Is there already an implementation for that? For this sign checking stuff
      This would fit nicely into the karaf ecosystem
      JB Onofré 15:37
      @Julian Feinauer we have this, but not in Karaf directly
      @Julian Feinauer it could be part of the security/encryption feature




            • Assignee:
              jbonofre Jean-Baptiste Onofré
              julian.feinauer Julian Feinauer
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: