Reputation: 38749
HTTP header for entity signature
There is a standard header for giving a digest of an HTTP request body (Content-MD5).
Is there a commonly-used header name for including a DSA signature of a digest (generated with openssl dgst -dss1 -sign <keyfile>), or do I need to just invent an application-specific one?
Upvotes: 1
Views: 1214
Answers (3)
Reputation: 5048
There is a proposal for signing HTTP messages. First proposed in 2013, it has seen many revisions in the past two years, hopefully an indication of activity moving it forward.
According to the proposal, the request sender can sign a desired amount of header fields and the URL using their algorithm of choice. The signature is added using the Authorization header with specific format. To sign the request payload, the payload digest is included in the HTTP Digest header and that header is included in the signature.
Upvotes: 0
Reputation: 38749
I think I want to be looking at S/MIME instead, the standard for constructing entity bodies that are encrypted and/or signed.
Upvotes: 0
Reputation: 364
It's looking to me like you'd need to invent an application-specific one (a quick google search turned up nothing), but if other people do use this then the most common header would probably be something along the lines of X-Content-DSA.
Upvotes: 1
Related Questions
- HTTP Request/Response signing standards
- Custom HTTP headers : naming conventions
- WSSE - Sign an element inside soapenv:Header
- E-Tag in http header
- HTTP header for indicating required stylistic property for the response body
- Use of custom header fields in HTTP
- HTTP Header User-Agent Field Format Required?
- HTTP 1.1 TE header
- Confusion about entities as used in the HTTP Specification
- (Ab?)using http custom headers to return metadata about an entity