- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 15 Jan 2016 07:19:12 +0100
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
By relying on Google's V8 for number serialization, the final interop hurdle was removed.
The samples below should be comparable with respect to securing the integrity of the payload and the signature parameters, but they obviously differ a lot in the way they get the work done.
JCS was developed to match information-rich, multi-signature schemes like https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/SCAI#The_SCAI_line and similar. JCS has recently been upgraded to match ECMAScript revision 6/Google V8 making JCS compatible with node.js, Chrome, Firefox, Safari and [of course] my Java reference implementation
JSON Cleartext Signature (JCS): https://cyberphone.github.io/openkeystore/resources/docs/jcs.html#ECMAScript_Compatibility_Mode
var signedObject = {
// The data
statement: "Hello signed world!",
otherProperties: [2000, true],
// The signature
signature: {
algorithm: "ES256",
publicKey: {
type: "EC",
curve: "P-256",
x: "vlYxD4dtFJOp1_8_QUcieWCW-4KrLMmFL2rpkY1bQDs",
y: "fxEF70yJenP3SPHM9hv-EnvhG6nXr3_S-fDqoj-F6yM"
},
value: "2H__TkcV28QpGWPkyVbR1CW0I8L4xARrVGL0LjOeHJLOPozdzRqCTyYfmAippJXqdzgNAonnFPVCSI5A6novMQ"
}
};
JSON Web Signature (JWS): https://tools.ietf.org/rfc/rfc7515.txt
var signedObject = {
"payload": "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
"protected": "eyJhbGciOiJFUzI1NiJ9",
"signature": "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS lSApmWQxfKTUJqPP3-Kg6NU1Q"
};
Anders
Received on Friday, 15 January 2016 06:19:43 UTC