Goal: We need to secure transcript entries, topic lists, and proficiency levels from tampering after being provided to the user.
Acceptance Criteria:
- Trustworthy forever.
- Verifiable offline.
- Easy to implement across several classes.
- Support for multiple signatories
Part 1 - Create Signatory class
-
Create a dedicated Signatory class for handling signing.
- Only load the key and certificate 1 time.
- Only need to provide the password 1 time.
-
Add a method that returns a certificate given a dictionary.
- Use a well-known and trusted python library for security.
- Use x.509 to provide the public key and identity of the issuer.
- Use Ed25519 for the signature. Use all fields in the dictionary.
-
Add a class method that verifies a dictionary, given a certificate with embedded signature.
- Verifies none of the dictionary keys or values have been tampered with.
- Certificate can be included as part of the dictionary or provided as an input.
Note: During verification, none of the dictionary keys/values can be trusted, because the user has direct access to modify the values.
-
Create tests and verify functionality.
- Only test for bare minimum code coverage for now. No edge cases.
- Create a single comment at the top of the file with simple bulleted list of recommended edge cases.
-
Review for security
- Use a subagent to review from the perspective of no prior knowledge about the project.
- Inspect the code as if a Sr. engineer that is an expert on cyber security.
- No overly duplicative code.
- No broad error catching.
-
Review for maintainability
- Use a subagent to review from the perspective of no prior knowledge about the project.
- You are a Sr. engineer that is role playing as a junior engineer that knows nothing.
- Modify to make it easy to understand. Prefer readability over complex single lines.
-
Pause and wait for the user to confirm changes. Do not move on to Part 2.
Part 2 - Add signing to TranscriptEntry, TopicList, and ProficiencyLevel
-
Add an optional 'signatory' input during instantiation.
-
Update 'to_dict' to support signing.
- If the signatory is available, inject the certificate into the resulting dictionary.
-
Create tests and verify functionality.
- Only test for bare minimum code coverage for now. No edge cases.
- Create a single comment at the top of the file with simple bulleted list of recommended edge cases.
-
Review for maintainablility.
- Use a subagent to review from the perspective of no prior knowledge about the project.
- Modify to make it easy to understand. Prefer readability over complex single lines.
- No overly duplicative code.
- No broad error catching.
Goal: We need to secure transcript entries, topic lists, and proficiency levels from tampering after being provided to the user.
Acceptance Criteria:
Part 1 - Create Signatory class
Create a dedicated Signatory class for handling signing.
Add a method that returns a certificate given a dictionary.
Add a class method that verifies a dictionary, given a certificate with embedded signature.
Note: During verification, none of the dictionary keys/values can be trusted, because the user has direct access to modify the values.
Create tests and verify functionality.
Review for security
Review for maintainability
Pause and wait for the user to confirm changes. Do not move on to Part 2.
Part 2 - Add signing to TranscriptEntry, TopicList, and ProficiencyLevel
Add an optional 'signatory' input during instantiation.
Update 'to_dict' to support signing.
Create tests and verify functionality.
Review for maintainablility.