Code Signing Client-Side Hashing

When signing large executables, software releases, virtual machines or container images, the overhead from the data transfer can be significant. In those cases it would be preferable to not have to send the original file data to and from the server when signing.

For CMS detached signatures only the much smaller signature file is sent back and thus eliminating half of the data transfers. But it would be even better if we would not have to send the original file at all. This can be achieved for some signature formats (such as for CMS detached signatures) if we let the client perform the hashing and then this much smaller data is sent to the server and the signature created for it.

For signature formats where the signature is embedded within the file this scheme would require some logic on the client side first for preparing the file for signing, then to hash it and finally to include the signature within the data structure. In the SignServer Client CLI - SignClient, we have implemented support for this for Authenticode and JAR signing.

CMS Client-Side Hashing Example

cat software-release-1.0.zip | openssl sha256 -binary -out software-release-1.0.zip.hash
bin/signclient signdocument -workername CMSSigner \
  -metadata USING_CLIENTSUPPLIED_HASH=true \
  -metadata CLIENTSIDE_HASHDIGESTALGORITHM=SHA-256 \
  -infile software-release-1.0.zip.hash \
  -outfile software-release-1.0.zip.p7s

Authenticode® Client-Side Hashing Example

signclient signdocument -clientside -workername MSAuthCodeCMSSigner \
  -digestalgorithm SHA-256 \
  -infile application-unsigned.exe \
  -outfile application-signed.exe

See the SignServer documentation on Client-Side Hashing for more information including details on which signers to set up instead of the general MSAuthCode and JArchiveSigner, and for information on how to run SignClient with the -clientside option to use this mode.