Code Signing with Client-Side Hashing

ENTERPRISE  This is a SignServer Enterprise feature.

When signing large executables, software releases, virtual machines or container images, the overhead from the data transfer can be significant. In those cases it would be preferable to not have to send the original file data to and from the server when signing.

For CMS detached signatures only the much smaller signature file is sent back and thus eliminating half of the data transfers. But it would be even better if we would not have to send the original file at all. This can be achieved for some signature formats (such as for CMS detached signatures) if we let the client perform the hashing and then this much smaller data is sent to the server and the signature created for it.

For signature formats where the signature is embedded within the file this scheme would require some logic on the client side first for preparing the file for signing, then to hash it and finally to include the signature within the data structure. In the SignServer Client CLI - SignClient, we have implemented support for this for Authenticode and JAR signing.

cat software-release-1.0.zip | openssl sha256 -binary -out software-release-1.0.zip.hash
bin/signclient signdocument -workername CMSSigner \
  -metadata USING_CLIENTSUPPLIED_HASH=true \
  -metadata CLIENTSIDE_HASHDIGESTALGORITHM=SHA-256 \
  -infile software-release-1.0.zip.hash \
  -outfile software-release-1.0.zip.p7s

signclient signdocument -clientside -workername MSAuthCodeCMSSigner \
  -digestalgorithm SHA-256 \
  -infile application-unsigned.exe \
  -outfile application-signed.exe

See the Client-Side Hashing section in the SignServer Manual for more information including which signers to set up instead of the normal MSAuthCode and JArchiveSigner and for how to run SignClient with the "-clientside" flag in order to use this mode.