W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Signed JavaScript/JSON using ES6 + Google V8

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 15 Jan 2016 07:19:12 +0100
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <56988F60.9000400@gmail.com>
By relying on Google's V8 for number serialization, the final interop hurdle was removed.

The samples below should be comparable with respect to securing the integrity of the payload and the signature parameters, but they obviously differ a lot in the way they get the work done.

JCS was developed to match information-rich, multi-signature schemes like https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/SCAI#The_SCAI_line and similar.  JCS has recently been upgraded to match ECMAScript revision 6/Google V8 making JCS compatible with node.js, Chrome, Firefox, Safari and [of course] my Java reference implementation

JSON Cleartext Signature (JCS): https://cyberphone.github.io/openkeystore/resources/docs/jcs.html#ECMAScript_Compatibility_Mode

var signedObject = {
       // The data
       statement: "Hello signed world!",
       otherProperties: [2000, true],
       // The signature
       signature: {
           algorithm: "ES256",
           publicKey: {
               type: "EC",
               curve: "P-256",
               x: "vlYxD4dtFJOp1_8_QUcieWCW-4KrLMmFL2rpkY1bQDs",
               y: "fxEF70yJenP3SPHM9hv-EnvhG6nXr3_S-fDqoj-F6yM"
           value: "2H__TkcV28QpGWPkyVbR1CW0I8L4xARrVGL0LjOeHJLOPozdzRqCTyYfmAippJXqdzgNAonnFPVCSI5A6novMQ"

JSON Web Signature (JWS): https://tools.ietf.org/rfc/rfc7515.txt

var signedObject = {
       "payload": "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
       "protected": "eyJhbGciOiJFUzI1NiJ9",
       "signature": "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS lSApmWQxfKTUJqPP3-Kg6NU1Q"

Received on Friday, 15 January 2016 06:19:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC