When signing large executables, software releases, virtual machines or container images, the overhead from the data transfer can be significant. In those cases it would be preferable to not have to send the original file data to and from the server when signing.
For CMS detached signatures only the much smaller signature file is sent back and thus eliminating half of the data transfers. But it would be even better if we would not have to send the original file at all. This can be achieved for some signature formats (such as for CMS detached signatures) if we let the client perform the hashing and then this much smaller data is sent to the server and the signature created for it.
For signature formats where the signature is embedded within the file this scheme would require some logic on the client side first for preparing the file for signing, then to hash it and finally to include the signature within the data structure. In the SignServer Client CLI - SignClient, we have implemented support for this for Authenticode and JAR signing.
CMS Client-Side Hashing Example
cat software-release-1.0.zip | openssl sha256 -binary -out software-release-1.0.zip.hash bin/signclient signdocument -workername CMSSigner \ -metadata USING_CLIENTSUPPLIED_HASH=true \ -metadata CLIENTSIDE_HASHDIGESTALGORITHM=SHA-256 \ -infile software-release-1.0.zip.hash \ -outfile software-release-1.0.zip.p7s
Authenticode® Client-Side Hashing Example
signclient signdocument -clientside -workername MSAuthCodeCMSSigner \ -digestalgorithm SHA-256 \ -infile application-unsigned.exe \ -outfile application-signed.exe
See the SignServer documentation on Client-Side Hashing for more information including details on which signers to set up instead of the general MSAuthCode and JArchiveSigner, and for information on how to run SignClient with the
-clientside option to use this mode.