Improve verification process #48

New Issue

Closed

opened 2024-05-16 10:15:24 +00:00 by s · 0 comments

s commented 2024-05-16 10:15:24 +00:00

Owner

Copy Link

• validate files
• make invalid signature/hash red in color

Validation process as follows:

1. Creator converts metadata (viewers, signers, file hashes) into a signed event
2. First signer validates create event and uses the signature in the content field for sign event
3. Additional signers always use the signature of the previous signer in the sign event
4. Exporter validates all previous events and creates export event

The JSON will look like this:

{
    "createSignature": "{\n  \"id\": \"acadcd14cfb680d4c0d31ad0fbf785fa1f1b89f97ee9946ecd72a886b35d23cb\",\n  \"pubkey\": \"c2c7da51c913a080ae2f10ff92b0a3120e82f43920dee2c08315af2ccbc2f899\",\n  \"created_at\": 1716117735,\n  \"kind\": 1,\n  \"tags\": [],\n  \"content\": \"{\\\"signers\\\":[\\\"npub1eaj99xpm4xpqu0k2wq6t678sf9y3ra6zqk4u0ewknr08yzxl2vnsxd5ugx\\\",\\\"npub1nqulzcxcj0d2uesusstgupl5du8pa96xl6uy8xndweeckjkn964qjs23sn\\\"],\\\"viewers\\\":[],\\\"fileHashes\\\":{\\\"sigit2.gif\\\":\\\"785436bb9d2f76704e08c10d5fc7fbf066e7b1e61c4b46bc11c2af2bbc56a323\\\",\\\"usbdoc.jpg\\\":\\\"9c0b8f3a03d2eec47b553158f27272bf9e95f044d987a6f8c6f04427f2c351b\\\"}}\",\n  \"sig\": \"b075739ea7d706f1a2e08a3e0e7927741a1ce8daf9ceb8dba56ba5718d656ebea12c6db86ad69fbf3fe50a4f8b0e5d581d4821a4fb77c5fb5c0cdf100e4f9e0d\"\n}",
    "docSignatures": {
        "npub1eaj99xpm4xpqu0k2wq6t678sf9y3ra6zqk4u0ewknr08yzxl2vnsxd5ugx": "{\n  \"created_at\": 1715960271,\n  \"content\": \"b075739ea7d706f1a2e08a3e0e7927741a1ce8daf9ceb8dba56ba5718d656ebea12c6db86ad69fbf3fe50a4f8b0e5d581d4821a4fb7\",\n  \"id\": \"bd0877dfd690452eb1a2a95f385d1bf4ec7e6cbae5e18a85d23376fe713ba6b6\",\n  \"sig\": \"a0db80b280d8dc5211e6bfff86257b8f70bc5f2c1cec70712f1f87bfa173d4f5ec8f12d784f3e18d666890715d457b905ca5cbf9f779a46f58f8cbd7e31da713\"\n}",
        "npub1nqulzcxcj0d2uesusstgupl5du8pa96xl6uy8xndweeckjkn964qjs23sn": "{\n  \"kind\": 1,\n  \"content\": \"a0db80b280d8dc5211e6bfff86257b8f70bc5f2c1cec70712f1f87bfa173d4f5ec8f12d784f3e18d666890715d457b905ca5cbf9f779a46f58f8cbd7e31da713\",\n  \"id\": \"2821f0429c8952bef905fb67ad16d6d0f596a7a3ba7990d2f498f4dc081d17ab\",\n  \"sig\": \"310efb7b82c7dccad63bcd841b59317b65ec04a792d05a7fa820491139037d14ce29f67e49759293574ad19afd9b21386ea9798fe6f085f472c8ec58515f12d4\"\n}"
    },
    "exportSignature": "{\n  \"kind\": 1,\n  \"content\": \"310efb7b82c7dccad63bcd841b59317b65ec04a792d05a7fa820491139037d14ce29f67e49759293574ad19afd9b21386ea9798fe6f085f472c8ec58515f12d4\",\n  \"created_at\": 1715960429,\n  \"tags\": [],\n  \"pubkey\": \"9839f160d893daae661c84168e07f46f0e1e9746feb8439a6d76738b4ad32eaa\",\n  \"id\": \"606cccb412b17ac9b046e365eab9beb154337e74f562321eef7711c51e87277d\",\n  \"sig\": \"1392de5766a4d5648c2fc128e8d697bf5db573a735af68b8837908637cbd791cfb90f89c55abfe8b04c4fe87244b4e92507187ab8855f050a86e15b1c750f3a4\"\n}"
}

* validate files * make invalid signature/hash red in color Validation process as follows: 1. Creator converts metadata (viewers, signers, file hashes) into a signed event 2. First signer validates create event and uses the signature in the content field for sign event 3. Additional signers always use the signature of the previous signer in the sign event 4. Exporter validates all previous events and creates export event The JSON will look like this: ```json { "createSignature": "{\n \"id\": \"acadcd14cfb680d4c0d31ad0fbf785fa1f1b89f97ee9946ecd72a886b35d23cb\",\n \"pubkey\": \"c2c7da51c913a080ae2f10ff92b0a3120e82f43920dee2c08315af2ccbc2f899\",\n \"created_at\": 1716117735,\n \"kind\": 1,\n \"tags\": [],\n \"content\": \"{\\\"signers\\\":[\\\"npub1eaj99xpm4xpqu0k2wq6t678sf9y3ra6zqk4u0ewknr08yzxl2vnsxd5ugx\\\",\\\"npub1nqulzcxcj0d2uesusstgupl5du8pa96xl6uy8xndweeckjkn964qjs23sn\\\"],\\\"viewers\\\":[],\\\"fileHashes\\\":{\\\"sigit2.gif\\\":\\\"785436bb9d2f76704e08c10d5fc7fbf066e7b1e61c4b46bc11c2af2bbc56a323\\\",\\\"usbdoc.jpg\\\":\\\"9c0b8f3a03d2eec47b553158f27272bf9e95f044d987a6f8c6f04427f2c351b\\\"}}\",\n \"sig\": \"b075739ea7d706f1a2e08a3e0e7927741a1ce8daf9ceb8dba56ba5718d656ebea12c6db86ad69fbf3fe50a4f8b0e5d581d4821a4fb77c5fb5c0cdf100e4f9e0d\"\n}", "docSignatures": { "npub1eaj99xpm4xpqu0k2wq6t678sf9y3ra6zqk4u0ewknr08yzxl2vnsxd5ugx": "{\n \"created_at\": 1715960271,\n \"content\": \"b075739ea7d706f1a2e08a3e0e7927741a1ce8daf9ceb8dba56ba5718d656ebea12c6db86ad69fbf3fe50a4f8b0e5d581d4821a4fb7\",\n \"id\": \"bd0877dfd690452eb1a2a95f385d1bf4ec7e6cbae5e18a85d23376fe713ba6b6\",\n \"sig\": \"a0db80b280d8dc5211e6bfff86257b8f70bc5f2c1cec70712f1f87bfa173d4f5ec8f12d784f3e18d666890715d457b905ca5cbf9f779a46f58f8cbd7e31da713\"\n}", "npub1nqulzcxcj0d2uesusstgupl5du8pa96xl6uy8xndweeckjkn964qjs23sn": "{\n \"kind\": 1,\n \"content\": \"a0db80b280d8dc5211e6bfff86257b8f70bc5f2c1cec70712f1f87bfa173d4f5ec8f12d784f3e18d666890715d457b905ca5cbf9f779a46f58f8cbd7e31da713\",\n \"id\": \"2821f0429c8952bef905fb67ad16d6d0f596a7a3ba7990d2f498f4dc081d17ab\",\n \"sig\": \"310efb7b82c7dccad63bcd841b59317b65ec04a792d05a7fa820491139037d14ce29f67e49759293574ad19afd9b21386ea9798fe6f085f472c8ec58515f12d4\"\n}" }, "exportSignature": "{\n \"kind\": 1,\n \"content\": \"310efb7b82c7dccad63bcd841b59317b65ec04a792d05a7fa820491139037d14ce29f67e49759293574ad19afd9b21386ea9798fe6f085f472c8ec58515f12d4\",\n \"created_at\": 1715960429,\n \"tags\": [],\n \"pubkey\": \"9839f160d893daae661c84168e07f46f0e1e9746feb8439a6d76738b4ad32eaa\",\n \"id\": \"606cccb412b17ac9b046e365eab9beb154337e74f562321eef7711c51e87277d\",\n \"sig\": \"1392de5766a4d5648c2fc128e8d697bf5db573a735af68b8837908637cbd791cfb90f89c55abfe8b04c4fe87244b4e92507187ab8855f050a86e15b1c750f3a4\"\n}" } ```

👍 1

s self-assigned this 2024-05-16 10:15:33 +00:00

b referenced this issue 2024-05-19 22:17:16 +00:00

fix CREATE flow #57

s referenced a pull request that will close this issue 2024-05-22 06:25:15 +00:00

feat: improve verification process #65

s closed this issue 2024-05-22 08:03:35 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

staging

hotfix-nostr-discovery-error-9-20

201-toolbox-update

main

issue-171

issue-168

signing-page-design

issue-99

issue-99-signing-page-refactor

relay-management-fixed

relays-management

issue-38

No results found.

Labels

Clear labels   

Kind/Breaking

Breaking change that won't be backward compatible

  

Kind/Bug

Something is not working

  

Kind/Documentation

Documentation changes

  

Kind/Enhancement

Improve existing functionality

  

Kind/Feature

New functionality

  

Kind/Security

This is security issue

  

Kind/Testing

Issue or pull request related to testing

  

Priority

Critical

The priority is critical

  

Priority

High

The priority is high

  

Priority

Low

The priority is low

  

Priority

Medium

The priority is medium

  

Reviewed

Confirmed

Issue has been confirmed

  

Reviewed

Duplicate

This issue or pull request already exists

  

Reviewed

Invalid

Invalid issue

  

Reviewed

Won't Fix

This issue won't be fixed

  

Status

Abandoned

Somebody has started to work on this but abandoned work

  

Status

Blocked

Something is blocking this issue or pull request

  

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No Label

Kind/Breaking

Kind/Bug

Kind/Documentation

Kind/Enhancement

Kind/Feature

Kind/Security

Kind/Testing

Priority

Critical

Priority

High

Priority

Low

Priority

Medium

Reviewed

Confirmed

Reviewed

Duplicate

Reviewed

Invalid

Reviewed

Won't Fix

Status

Abandoned

Status

Blocked

Status

Need More Info

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

s

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sigit/sigit.io#48

No description provided.