Improve verification process #48

Closed
opened 2024-05-16 10:15:24 +00:00 by s · 0 comments
Owner
  • validate files
  • make invalid signature/hash red in color

Validation process as follows:

  1. Creator converts metadata (viewers, signers, file hashes) into a signed event
  2. First signer validates create event and uses the signature in the content field for sign event
  3. Additional signers always use the signature of the previous signer in the sign event
  4. Exporter validates all previous events and creates export event

The JSON will look like this:

{
    "createSignature": "{\n  \"id\": \"acadcd14cfb680d4c0d31ad0fbf785fa1f1b89f97ee9946ecd72a886b35d23cb\",\n  \"pubkey\": \"c2c7da51c913a080ae2f10ff92b0a3120e82f43920dee2c08315af2ccbc2f899\",\n  \"created_at\": 1716117735,\n  \"kind\": 1,\n  \"tags\": [],\n  \"content\": \"{\\\"signers\\\":[\\\"npub1eaj99xpm4xpqu0k2wq6t678sf9y3ra6zqk4u0ewknr08yzxl2vnsxd5ugx\\\",\\\"npub1nqulzcxcj0d2uesusstgupl5du8pa96xl6uy8xndweeckjkn964qjs23sn\\\"],\\\"viewers\\\":[],\\\"fileHashes\\\":{\\\"sigit2.gif\\\":\\\"785436bb9d2f76704e08c10d5fc7fbf066e7b1e61c4b46bc11c2af2bbc56a323\\\",\\\"usbdoc.jpg\\\":\\\"9c0b8f3a03d2eec47b553158f27272bf9e95f044d987a6f8c6f04427f2c351b\\\"}}\",\n  \"sig\": \"b075739ea7d706f1a2e08a3e0e7927741a1ce8daf9ceb8dba56ba5718d656ebea12c6db86ad69fbf3fe50a4f8b0e5d581d4821a4fb77c5fb5c0cdf100e4f9e0d\"\n}",
    "docSignatures": {
        "npub1eaj99xpm4xpqu0k2wq6t678sf9y3ra6zqk4u0ewknr08yzxl2vnsxd5ugx": "{\n  \"created_at\": 1715960271,\n  \"content\": \"b075739ea7d706f1a2e08a3e0e7927741a1ce8daf9ceb8dba56ba5718d656ebea12c6db86ad69fbf3fe50a4f8b0e5d581d4821a4fb7\",\n  \"id\": \"bd0877dfd690452eb1a2a95f385d1bf4ec7e6cbae5e18a85d23376fe713ba6b6\",\n  \"sig\": \"a0db80b280d8dc5211e6bfff86257b8f70bc5f2c1cec70712f1f87bfa173d4f5ec8f12d784f3e18d666890715d457b905ca5cbf9f779a46f58f8cbd7e31da713\"\n}",
        "npub1nqulzcxcj0d2uesusstgupl5du8pa96xl6uy8xndweeckjkn964qjs23sn": "{\n  \"kind\": 1,\n  \"content\": \"a0db80b280d8dc5211e6bfff86257b8f70bc5f2c1cec70712f1f87bfa173d4f5ec8f12d784f3e18d666890715d457b905ca5cbf9f779a46f58f8cbd7e31da713\",\n  \"id\": \"2821f0429c8952bef905fb67ad16d6d0f596a7a3ba7990d2f498f4dc081d17ab\",\n  \"sig\": \"310efb7b82c7dccad63bcd841b59317b65ec04a792d05a7fa820491139037d14ce29f67e49759293574ad19afd9b21386ea9798fe6f085f472c8ec58515f12d4\"\n}"
    },
    "exportSignature": "{\n  \"kind\": 1,\n  \"content\": \"310efb7b82c7dccad63bcd841b59317b65ec04a792d05a7fa820491139037d14ce29f67e49759293574ad19afd9b21386ea9798fe6f085f472c8ec58515f12d4\",\n  \"created_at\": 1715960429,\n  \"tags\": [],\n  \"pubkey\": \"9839f160d893daae661c84168e07f46f0e1e9746feb8439a6d76738b4ad32eaa\",\n  \"id\": \"606cccb412b17ac9b046e365eab9beb154337e74f562321eef7711c51e87277d\",\n  \"sig\": \"1392de5766a4d5648c2fc128e8d697bf5db573a735af68b8837908637cbd791cfb90f89c55abfe8b04c4fe87244b4e92507187ab8855f050a86e15b1c750f3a4\"\n}"
}
* validate files * make invalid signature/hash red in color Validation process as follows: 1. Creator converts metadata (viewers, signers, file hashes) into a signed event 2. First signer validates create event and uses the signature in the content field for sign event 3. Additional signers always use the signature of the previous signer in the sign event 4. Exporter validates all previous events and creates export event The JSON will look like this: ```json { "createSignature": "{\n \"id\": \"acadcd14cfb680d4c0d31ad0fbf785fa1f1b89f97ee9946ecd72a886b35d23cb\",\n \"pubkey\": \"c2c7da51c913a080ae2f10ff92b0a3120e82f43920dee2c08315af2ccbc2f899\",\n \"created_at\": 1716117735,\n \"kind\": 1,\n \"tags\": [],\n \"content\": \"{\\\"signers\\\":[\\\"npub1eaj99xpm4xpqu0k2wq6t678sf9y3ra6zqk4u0ewknr08yzxl2vnsxd5ugx\\\",\\\"npub1nqulzcxcj0d2uesusstgupl5du8pa96xl6uy8xndweeckjkn964qjs23sn\\\"],\\\"viewers\\\":[],\\\"fileHashes\\\":{\\\"sigit2.gif\\\":\\\"785436bb9d2f76704e08c10d5fc7fbf066e7b1e61c4b46bc11c2af2bbc56a323\\\",\\\"usbdoc.jpg\\\":\\\"9c0b8f3a03d2eec47b553158f27272bf9e95f044d987a6f8c6f04427f2c351b\\\"}}\",\n \"sig\": \"b075739ea7d706f1a2e08a3e0e7927741a1ce8daf9ceb8dba56ba5718d656ebea12c6db86ad69fbf3fe50a4f8b0e5d581d4821a4fb77c5fb5c0cdf100e4f9e0d\"\n}", "docSignatures": { "npub1eaj99xpm4xpqu0k2wq6t678sf9y3ra6zqk4u0ewknr08yzxl2vnsxd5ugx": "{\n \"created_at\": 1715960271,\n \"content\": \"b075739ea7d706f1a2e08a3e0e7927741a1ce8daf9ceb8dba56ba5718d656ebea12c6db86ad69fbf3fe50a4f8b0e5d581d4821a4fb7\",\n \"id\": \"bd0877dfd690452eb1a2a95f385d1bf4ec7e6cbae5e18a85d23376fe713ba6b6\",\n \"sig\": \"a0db80b280d8dc5211e6bfff86257b8f70bc5f2c1cec70712f1f87bfa173d4f5ec8f12d784f3e18d666890715d457b905ca5cbf9f779a46f58f8cbd7e31da713\"\n}", "npub1nqulzcxcj0d2uesusstgupl5du8pa96xl6uy8xndweeckjkn964qjs23sn": "{\n \"kind\": 1,\n \"content\": \"a0db80b280d8dc5211e6bfff86257b8f70bc5f2c1cec70712f1f87bfa173d4f5ec8f12d784f3e18d666890715d457b905ca5cbf9f779a46f58f8cbd7e31da713\",\n \"id\": \"2821f0429c8952bef905fb67ad16d6d0f596a7a3ba7990d2f498f4dc081d17ab\",\n \"sig\": \"310efb7b82c7dccad63bcd841b59317b65ec04a792d05a7fa820491139037d14ce29f67e49759293574ad19afd9b21386ea9798fe6f085f472c8ec58515f12d4\"\n}" }, "exportSignature": "{\n \"kind\": 1,\n \"content\": \"310efb7b82c7dccad63bcd841b59317b65ec04a792d05a7fa820491139037d14ce29f67e49759293574ad19afd9b21386ea9798fe6f085f472c8ec58515f12d4\",\n \"created_at\": 1715960429,\n \"tags\": [],\n \"pubkey\": \"9839f160d893daae661c84168e07f46f0e1e9746feb8439a6d76738b4ad32eaa\",\n \"id\": \"606cccb412b17ac9b046e365eab9beb154337e74f562321eef7711c51e87277d\",\n \"sig\": \"1392de5766a4d5648c2fc128e8d697bf5db573a735af68b8837908637cbd791cfb90f89c55abfe8b04c4fe87244b4e92507187ab8855f050a86e15b1c750f3a4\"\n}" } ```
s self-assigned this 2024-05-16 10:15:33 +00:00
s closed this issue 2024-05-22 08:03:35 +00:00
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sigit/sigit.io#48
No description provided.