signing of justifications

This template is ONLY used for feature requests. Bug reporting or pipeline enhancement issues should use the other template options for issue submission.

Description

Justification files should be digitally signed. This is same as digitally signing the image tar files but should be expanded to sign the justifications (greylist?) that are submitted as part of the BOE (Body of Evidence) that Ironbank frontend and Stargate consume.

In addition, a checksum must be generated for the justifications file and submitted along with the BOE.

Purpose

Stargate requires that all files be digitally signed and hashed. Any instance where this is not the case, the Stargate solution will fail or require manual intervention on part of the DTA (data transfer agent).

Plan

Utilize current GPG signing methods/keys and apply this process to the justification file. Also, include a sha256 checksum of the file post-signing. Publish the file and checksums as part of the BOE.

Possible Blockers/Challenges

Acceptance Criteria

• Justification file is signed using the current GPG key.

• Sha256 checksum is generated for justification file.

• Both components are submitted as part of the BOE (S3 bucket push).