- From: Zoltan Kis via GitHub <sysbot+gh@w3.org>
- Date: Thu, 21 Nov 2019 21:33:19 +0000
- To: public-web-nfc@w3.org
> Could you provide a JS example of how reading and writing sig records would look like? That depends on what crypto library is used by the app. Since we don't know which one will be used, we cannot make a generic API for that, so we need to treat signatures as hex-strings. Those are needed to construct the (yet unspecified) `NDEFSignatureRecord`. Creating a signature requires a private key and a hex-string created from all participating record fields to be signed. Based on the security section, Web NFC should only support signing full NDEFMessage, instead of a list records, but the API would take a list of records. The signature record will be part of the NDEFMessage and constructed from the NDEFSignature dictionary filled up by the app. We could just have an extra optional `NDEFSignature` argument for `push()` that is prepared by the app? On the receive side, the signature records will be like any other well known records. The verification process would fall on the app and would be quite tedious, as the app would need to fetch all the signable fields from all the records, then verify the signature against the (concatenated) data and certificate. If we want to make that more developer-friendly, we could expose a utility function to provide a hex-string of the data to be signed. I made a few variants using the WebIDL [above](#issuecomment-556083175) and a [crypto library](https://kjur.github.io/jsrsasign/), but they are way too long (to be included in the spec) and also quite speculative at the moment as it would have little to do with the spec and more with the application. We might want to agree on some constraints (goals, means) before drafting examples. -- GitHub Notification of comment by zolkis Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/363#issuecomment-557281652 using your GitHub account
Received on Thursday, 21 November 2019 21:33:24 UTC