Signed JavaScript/JSON using ES6 + Google V8

By relying on Google's V8 for number serialization, the final interop hurdle was removed.

The samples below should be comparable with respect to securing the integrity of the payload and the signature parameters, but they obviously differ a lot in the way they get the work done.

JCS was developed to match information-rich, multi-signature schemes like https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/SCAI#The_SCAI_line and similar.  JCS has recently been upgraded to match ECMAScript revision 6/Google V8 making JCS compatible with node.js, Chrome, Firefox, Safari and [of course] my Java reference implementation


JSON Cleartext Signature (JCS): https://cyberphone.github.io/openkeystore/resources/docs/jcs.html#ECMAScript_Compatibility_Mode

var signedObject = {
       // The data
       statement: "Hello signed world!",
       otherProperties: [2000, true],
       // The signature
       signature: {
           algorithm: "ES256",
           publicKey: {
               type: "EC",
               curve: "P-256",
               x: "vlYxD4dtFJOp1_8_QUcieWCW-4KrLMmFL2rpkY1bQDs",
               y: "fxEF70yJenP3SPHM9hv-EnvhG6nXr3_S-fDqoj-F6yM"
           },
           value: "2H__TkcV28QpGWPkyVbR1CW0I8L4xARrVGL0LjOeHJLOPozdzRqCTyYfmAippJXqdzgNAonnFPVCSI5A6novMQ"
       }
};


JSON Web Signature (JWS): https://tools.ietf.org/rfc/rfc7515.txt

var signedObject = {
       "payload": "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
       "protected": "eyJhbGciOiJFUzI1NiJ9",
       "signature": "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS lSApmWQxfKTUJqPP3-Kg6NU1Q"
};

Anders

Received on Friday, 15 January 2016 06:19:43 UTC