Hermes Application Signatures¶
Signatures in Hermes Applications are created by Authors of the application.
If there is an independent Publisher/s of the application they too can attach a signature to the application.
This method protects any Application from being tampered with once released by the Author, and also allows it to be safely co-signed by a Publisher.
Author signature payload¶
Application package author signature payload according to the signing spec should follow this schema:
Schema: hermes_module_cose_author_payload.schema.json
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://raw.githubusercontent.com/input-output-hk/hermes/main/hermes/schemas/hermes_module_cose_author_payload.schema.json",
"title": "Hermes WASM Module Author COSE Payload Schema",
"description": "Defines the COSE signing payload. A WASM module package specific information which should be cryptographically protected.",
"type": "object",
"additionalProperties": false,
"properties": {
"metadata": {
"type": "string",
"title": "Blake2b hash hex of metadata.json package file",
"description": "A hex representation of the Blake2b hash of the metadata.json file inside the package.",
"pattern": "^[0-9a-f]{64}$"
},
"component": {
"type": "string",
"title": "Blake2b hash hex of module.wasm package file",
"description": "A hex representation of the Blake2b hash of the module.wasm file inside the package.",
"pattern": "^[0-9a-f]{64}$"
},
"config": {
"type": "object",
"title": "WASM Module Config Object.",
"description": "Object representing the WASM Module Config File.",
"properties": {
"file": {
"type": "string",
"title": "Blake2b hash hex of config.json package file",
"description": "A hex representation of the Blake2b hash of the config.json file inside the package.",
"pattern": "^[0-9a-f]{64}$"
},
"schema": {
"type": "string",
"title": "Blake2b hash hex of config.schema.json package file",
"description": "A hex representation of the Blake2b hash of the config.schema.json file inside the package.",
"pattern": "^[0-9a-f]{64}$"
}
},
"required": [
"schema"
]
},
"settings": {
"type": "object",
"title": "WASM Module Settings Object.",
"description": "Object representing the WASM Module Settings.",
"properties": {
"schema": {
"type": "string",
"title": "Blake2b hash hex of settings.schema.json package file",
"description": "A hex representation of the Blake2b hash of the settings.schema.json file inside the package.",
"pattern": "^[0-9a-f]{64}$"
}
},
"required": [
"schema"
]
},
"share": {
"type": "string",
"title": "Blake2b hash hex of the whole share package directory",
"description": "A hex representation of the Blake2b hash of the whole share directory inside the package.",
"pattern": "^[0-9a-f]{64}$"
}
},
"required": [
"metadata",
"component"
]
}
Application package author signature payload example:
Example: hermes_module_cose_author_payload.json
{
"metadata": "e6d4ecf4e0df7688f8fb5d564fc6bcafffdfc46bb793631a9ed3bb6d888561df",
"component": "0cfdb8d790b0a30fb8eb12d98c1791f35a279c0a5f8bf313cd582fc6b8cd69d5",
"config": {
"file": "69e66dc097dbd3d3a333c699d05b2c7173d6d9cc7d6a7e35745339e282d70904",
"schema": "0da53b44f7de08af0743779dfb9448fa32fe3584e9b940ae740a1bbc74741bba"
},
"settings": {
"schema": "9cd493f0cbdb907814b142e22e76fa8cf0e95bcd3117d4c3e7c4cbe4b885d932"
},
"share": "ed6ac923cfa79ab05cf2a41dc43493e0f74d8bd7596185be5bce74ffda85d9a5"
}