URL Signer

URL Signer is a lighweight security tool written in Java by Dr. Alan Moran that permits clients ("senders") to securely issue URL requests to servers ("recipients")

URL Signer uses Digital Signature Algorithm (DSA) principles so that the recipient can be assured that the URL was issued by a trusted sender. Accordingly URL Signer does not require the use of complex security middleware (e.g., a user database or PKI) nor does it make use of shared-secret schemes (which are generally considered not safely scalable.) Instead URL signer relies on the sender being in possession of a DSA private key and the recipient being in possession of the corresponding public key both of which need to be protected.

URL Signer is appropriate for applications that use a HTTP based interface (e.g., use of a URL to issue a command to a web application) and require a simple but secure means of validating requests. URL Signer can be safely used over HTTP or can be used togerther with a HTTPS channel if additional TLS/SSL services are required. URL Signer is superfluous in environments that already employ two-way TLS/SSL together with PKI.

URL Signer converts a URL such as

http://urlsigner.sourceforge.net/

by adding signature parameters into a URL of the form

http://urlsigner.sourceforge.net?urlsPRNG=3Pr5CnJZwmqMwHDWitlOvQ%3D%3D&urlsTs=VGh2IEZlYiAyNSwgMjAxMCAyMzoyMTo0MCBHTVQrMDE6MDA%3D&urlsSig=MCwCFGCkgDcpADBShAJSjDlel%2BNtssP9AhQpbmdpRV8jMiGq5ZiYPGJpebNYkg%3D%3D

that can be verified cryptographically by the recipient.

URL Signer can be invoked on the command line (e.g., from within a shell script) or programmatically via the URL Signer API.