Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Encrypted File Relationship to encrypted parts and models #228

Closed
feliperoos opened this issue Nov 7, 2020 · 1 comment
Closed

Add Encrypted File Relationship to encrypted parts and models #228

feliperoos opened this issue Nov 7, 2020 · 1 comment
Assignees
@feliperoos
Labels
bug secure content

Comments

@feliperoos
Copy link
Contributor

As stated by Secure Content spec item 3.3,

"OPC parts that are encrypted MUST be associated with the package root through a Encrypted File relationship, and each SHOULD have an entry in the Key Store. If a custom OPC part is not referenced by a Encrypted File relationship it is assumed they are not encrypted and MUST NOT be any entry in the Key store associated to the file"

@martinweismann and @jordig100 I think this is one left over we forgot to add. Just have a question: the text mention package root. I just want to make sure that the relationship to be added is not on the package root model rels, rather at 'package root' rels (the sample provided makes it a bit confusing as external models aren't referenced from the package root rels).

If that's the case, we've the ability to add this relationship to the root model when we detect a part must be wrapped for encryption,

lib3mf/Source/Model/Writer/NMR_KeyStoreOpcPackageWriter.cpp

Lines 140 to 145 in 8d4a912

auto pPart = m_pPackageWriter->addPart(sPath);
NMR::PKeyStoreResourceData rd = keyStore->findResourceData(sPath);
if (nullptr != rd) {
if (secureContext->hasDekCtx()) {
return wrapPartStream(rd, pPart);
} else {

Another option would be to have it right before we finish writing the package

lib3mf/Source/Model/Writer/NMR_KeyStoreOpcPackageWriter.cpp

Lines 162 to 168 in 8d4a912

if (!keyStore->empty()) {
POpcPackagePart pKeyStorePart = m_pPackageWriter->addPart(PACKAGE_3D_KEYSTORE_URI);
m_pPackageWriter->addContentType(pKeyStorePart, PACKAGE_KEYSTORE_CONTENT_TYPE);
m_pPackageWriter->addRootRelationship(PACKAGE_KEYSTORE_RELATIONSHIP_TYPE, pKeyStorePart.get());
m_pPackageWriter->addRootRelationship(PACKAGE_MUST_PRESERVE_RELATIONSHIP_TYPE, pKeyStorePart.get());
PXmlWriter_Native pXMLWriter4KeyStore = std::make_shared<CXmlWriter_Native>(pKeyStorePart->getExportStream());

Let me now what you think.
@feliperoos feliperoos self-assigned this Nov 7, 2020
@jordig100
Copy link

Hi @feliperoos, this is already captured in the issue: 3MFConsortium/spec_securecontent#12

I think the asnwer is just to remove the "root" word from that sentence.

In the following link you an find the proposed change: https://github.com/3MFConsortium/spec_securecontent/blob/dev/3MF%20Secure%20Content.md#33-encrypted-file-relationship

@martinweismann martinweismann mentioned this issue Jan 11, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@feliperoos feliperoos

Labels
bug secure content
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@feliperoos @jordig100 @martinweismann