Introducing signatures of operations using PKI

The next version of openSCADA is 1.1 and will hopefully be released in the next view weeks. After we all found our easter eggs 😉

One important new feature will be the possibility to configure the server side to request a signature by the client for each request that passes through the authorization system. The server will create an XML structure of the request, including a random request ID, and transmit it to the client for signing. The client will ask the user (using a dialog box) to select a key and will afterwards sign the request using XMLSig. The result will be sent back to the server which can then verify it using its PKI setup. If everything looks fine the request is granted and rejected otherwise. All this using PKCS12 and PKCS11 and also the Windows Key Store on “win32” systems.

One additional feature that came in due to this request signing is that the server can now send callbacks to the client and query for further information. For example can the server request the confirmation of a write request using a confirmation (Ok, Cancel) dialog box. And finally the server can ask for username and password in order to let the user log in. So there won’t be any need to put in the username and password in the connection information URI anymore … happy easter! 🙂

And here is how the signature dialog looks like:

keysel2

This entry was posted in News. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *