Fingerprint files #11
Assignees
Milestone
Comments
|
Fingerprint is not visible on the system console. Was it removed at some point or did we forget to put it/is there other verification mechanism? |
|
I think it was an oversight. We need to display it in the system console. |
|
It's not the fingerprint that should be visible. This is in the downloaded zip. It's the secrets that need to be visible but please check this internal ticket before any work on this: https://mattermost.atlassian.net/browse/MM-59834 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To allow legal folks to prove data has not been tampered with after download. Files will have a fingerprint generated with a hash of the file content plus a secret defined when creating the hold (hold id?).
Someone knowing the secret can use the hash function to check the file contents for tampering. The secret must be discoverable in the system console where holds are listed.
The fingerprints will be added to an index file. This can be the existing index, or a separate file.
The hash function to be used will be SHA-512 unless a better one is identified.
The text was updated successfully, but these errors were encountered: