1======= 2cursive 3======= 4 5.. _cursive_0.2.0: 6 70.2.0 8===== 9 10.. _cursive_0.2.0_Prelude: 11 12Prelude 13------- 14 15.. releasenotes/notes/add-certificate-validation-68a1ffbd5369a8d1.yaml @ ad879a1fbccfa31fdedd69e3193e9bf12a15f943 16 17The cursive library supports the verification of digital signatures. However, there is no way currently to validate the certificate used to generate a given signature. Adding certificate validation improves the security of signature verification when each is used together. 18 19 20.. _cursive_0.2.0_New Features: 21 22New Features 23------------ 24 25.. releasenotes/notes/add-certificate-validation-68a1ffbd5369a8d1.yaml @ ad879a1fbccfa31fdedd69e3193e9bf12a15f943 26 27- Adds a variety of certificate utility functions that inspect certificate attributes and extensions for different settings. 28 29.. releasenotes/notes/add-certificate-validation-68a1ffbd5369a8d1.yaml @ ad879a1fbccfa31fdedd69e3193e9bf12a15f943 30 31- Adds the CertificateVerificationContext class which uses a set of trusted certificates to conduct certificate validation, verifying that a given certificate is part of a certificate chain rooted with a trusted certificate. 32 33.. releasenotes/notes/add-certificate-validation-68a1ffbd5369a8d1.yaml @ ad879a1fbccfa31fdedd69e3193e9bf12a15f943 34 35- Adds a verify_certificate method that loads all certificates needed for certificate validation from the key manager and uses them to create a CertificateVerificationContext object. The context is then used to determine if a certificate is valid. 36 37 38.. _cursive_0.2.0_Upgrade Notes: 39 40Upgrade Notes 41------------- 42 43.. releasenotes/notes/add-certificate-validation-68a1ffbd5369a8d1.yaml @ ad879a1fbccfa31fdedd69e3193e9bf12a15f943 44 45- The addition of certificate validation as a separate operation from the signature verification process preserves backwards compatibility. Signatures previously verifiable with cursive will still be verifiable. However, their signing certificates may not be valid. Each signing certificate should be checked for validity before it is used to conduct signature verification. 46 47 48.. _cursive_0.2.0_Security Issues: 49 50Security Issues 51--------------- 52 53.. releasenotes/notes/add-certificate-validation-68a1ffbd5369a8d1.yaml @ ad879a1fbccfa31fdedd69e3193e9bf12a15f943 54 55- The usage of certificate validation with the signature verification process improves the security of signature verification. A signature should not be considered valid unless its corresponding certificate is also valid. 56 57 58.. _cursive_0.2.0_Other Notes: 59 60Other Notes 61----------- 62 63.. releasenotes/notes/add-certificate-validation-68a1ffbd5369a8d1.yaml @ ad879a1fbccfa31fdedd69e3193e9bf12a15f943 64 65- The CertificateVerificationContext is built using a set of trusted certificates. However, to conduct certificate verification the context builds the full certificate chain, starting with the certificate to validate and ending with the self-signed root certificate. If this self-signed root certificate is not present in the context, or if one of the intermediate certificates is not present in the context, the certificate chain cannot be built and certificate validation will fail. 66 67