...
Signing and sealing objects is the preferred mechanism to secure data when:
- The data is sensitive but its serialization or transportation is necessary
- A secure communication channel such as SSL is absent or is a costly alternative for limited transactions
- Some sensitive data needs to persist over an extended period of time (for example, on an external hard drive)
- Implementing home-brewed cryptographic algorithms such as in the
readObjectandwriteObjectmethods can leave the application vulnerable
...
Finally, refrain from signing encrypted (sealed) data. (See guideline SEC17-J. Create and sign a SignedObject before creating a SealedObject.)
Risk Assessment
Failure to sign and/or seal objects during transit can lead to loss of object integrity or confidentiality.
Rule Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SEC16- J | medium | probable | high | P4 | L3 |
...