Projects



Signed Renew - The Signed Reference Net Workshop

Renew is a high-level Petri net simulator written in Java.

Signed Renew contains two plugins which are not included in the normal Renew release. The two Plugins are the SignatureCheck Plugin and the NetSigner? Plugin. Both Plugins use signatures to build trust between the author of a work and the product. The SignatureCheck Plugin does this for Plugins and the NetSigner? Plugin for Nets.

Here we provide a download for reviewers: Download

Installation

Before you can use Renew, you must have Java 11 or higher installed. If you have not done this yet, we suggest that you get the latest Java Development Kit from Oracle-Java or from AdoptOpenJDK where versions for Windows, Linux, MacOS are available. Renew only requries the Java Runtime Environment (JRE), but it is no longer distributed separately.

There are many other platforms that cannot be listed here. For the installation of the Java platforms, please refer to the instructions that come with the executables. Renew is a full Java application, not an applet, and it is not intended to be used from WWW browsers like Mozilla or Internet Explorer. You must install a up to date standalone Java.

This release currently onyl contains the manual start option.

You can always start Renew manually, which is not very difficult after all.

java -p path/to/renew4.0:path/to/renew4.0/libs -m path/to/renew4.0/de.renew.loader gui

will start the renew editor, if the archive was extracted to /path/to. Depending on your system you may need to issue a different command. When in the /path/to/renew4.0 directory, relative paths may shorten this command to

java -p .:libs -m de.renew.loader gui

Windows needs a slightly different command:

java -p ".;libs" -m de.renew.loader gui

The documentation contains a few hints on alternative commands or settings to start the application.

SignatureCheck Plugin

The SignatureCheck Plugin ensures that only signed plugins get loaded. This is useful, if the plugin gets distributed over an unsecure channel, for example a server which is not under the control of the author.

The plugin uses OpenPGP signatures generated by Gradles Signing Plugin. The signatures are compatible with the format required by the Maven Central Repository.

Signed Plugins can not be modified by untrusted third parties. This makes it possible that the plugin can be stored on a server, which isn't in the control of the plugin author.

Which authors are trustworthy can be decided by the user. Only plugins from these authors will be loaded.

Using only plugins, which are linked via a signature to trusted authors provides security advantages. Unknown third parties can't disguise themself as trusted authors.

Output of the Plugin

After a successful installation the plugin will print INFO: SignatureCheck: Listener added to Loader. to the console when Renew starts.

Plugins where the file does not match the signature don't get loaded. These plugins could be manipulated. Please reinstall the plugin with its signature.

SignatureCheck detecting a corrupted plugin

The number of trusted authors is very limited by default (only the key from the automatic Renew builds). Any unknown Key will raise an Error. This Error includes the file location and the PGP fingerprint. The fingerprint can be used to search the key on a key server. It is recommended to ask the author directly for their public key, so it is the key from the author and not from an imposter.

SignatureCheck detecting a plugin from an unknown author

Adding additional trusted keys

All trusted keys are stored in the config/publickey.pgp file. This file is a concatenation of all trusted public keys. So, adding a new trusted public key is simply appending it.

The following commands add the key.pgp file to the publickey.pgp. All commands are meant to be executed inside the config folder.

Windows has the cmd program named copy, which can copy binary data from multiple files into one.

COPY /B .\publickey.pgp + .\key.pgp .\publickey.pgp

Linux and MacOS have a program named cat, which works similar.

cat publickey.pgp key.pgp > publickey.pgp

NetSigner? Plugin

Renews Net Drawings can contain Java code. This code will be executed in simulations and can do changes to the computer on which the code runs. There should be a straightforward way to know who wrote the Java code inside the Net, so a user can decide if they trust the author. The NetSigner? Plugin can provide this information.

This plugin uses X.509 Certificates to check the identity of a user. Every user who wants to sign a Net Drawing needs a X.509 a Code Signing Certificate or a personal E-Mail Certificate.

Signed nets provide information about who signed it. So a user can check that the file comes from the right author, even when the file was transmitted over an untrusted way (for example a file host website, an unencrypted E-Mail or any third person). The verification of the identity comes from a trusted Certificate Authority (CA). The author verified it's identity to the CA and the programm has a list of CAs that are trustworthy. It is the same technology which is used by signed executables (executables or installers which show a Company name in the admin privilige Screen on Windows).

It also protects the file from manipulation. The signature contains a hash (checksum) over the Net. So nobody can modify the Net without breaking the signature. A storage or transmittion error can also be detected as manipulation, but cannot be fixed by this format.

Getting a Certificate

First choose a Certificate Authority (CA), which will verify the identity to other users. A list of trusted CAs is available in the file doc/trusted.txt of the release. This plugin needs a X.509 Code Signing Certificate or a X.509 personal E-Mail Certificate. Each CA has different requirements on how to request a certificate.

One standardized way to get a certificate is a CSR which can be created with this plugin. This feature is in the menu under Plugins -> Net Signature ->; New CSR.

NetSigner Plugin Menu

Input here all information needed by the CA and click on the "Generate CSR" button. This will write a CSR to the chosen location and save the private key into the KeyStore?. You will get asked for a Password, which will protect your private key. Send the CSR to the CA. The CA will generate a certificate chain for the private key which can be imported with the Plugins -> Net Signature -> Import certificate chain menu entry. The signing part of this plugin is ready once the certificate chain has been imported.

Please make sure that the NetSigner? Plugin is placed in the Renew plugin folder if the "Net Signature" sub menu is missing. If the "New CSR" or "Import certificate chain" menu entry does not exist, follow the steps under User Guide.

If the CA has its own tools to request a Certificate, use those. These usually produce a PKCS#12 file, which holds a private key and its certificates. To import a PKCS#12 file use the Plugins -> Net Signature -> Import PKCS#12 file menu entry. This step will ask for three passwords. The first password is the password of the PKCS#12 file. The second password is the password for the KeyStore? (will be set on first time entering a KeyStore? password). The third password is the new password for the freshly imported key.

Signing a Net Drawing

NetSigner export menu

The signing function is under File -> Export -> Export current drawing -> SignedNetDrawing? current drawing.

You will get asked for your passwords the first time you sign a Net Drawing with each Renew instance. These are the KeyStore? and private key passwords from the import.

Getting Signature Information

Best practice is to check the identity of the signer before opening the net. This is possible with the menu option Plugins -> Net Signature -> Show signer of file.

The net will not be interpreted in this mode, it only checks the signature of the file and displays the signer information.

The important part is the Signer portion. Here is the name of the author of the net. Additionally, the first line under more information includes country code, city, E-Mail and any other information which are known about the author. The lines under that show the CAs. These can be important inside a corporation/institute where the right CA for the author might be known.

Loading a signed Net Drawing

The loading functionality is under File -> Import -> SignedNetDrawing?. This will load the Net Drawing if the signature is correct and trusted.

Information about the signer can be viewed under Plugins -> Net Signature -> Show current signature.

Further reading

For more information about the signature part of this release read the doc/NetSignerPlugin.md and the doc/SignatureCheckPlugin.md. These introduce the two plugins which make this release the Signed Renew .

Some examples which highlight the features of this release are described in doc/NetSignerExample.md and the doc/SignatureCheckExample.md.

Consult the file Renew User Guide for more information about the usage of Renew and the syntax and semantics of reference nets.

Last modified 4 years ago Last modified on Feb 7, 2021, 11:29:31 PM

Attachments (4)

Download all attachments as: .zip