- From: Jim Schaad <ietf@augustcellars.com>
- Date: Sun, 25 Aug 2013 20:54:37 -0700
- To: "'Anders Rundgren'" <anders.rundgren.net@gmail.com>, <public-webcrypto-comments@w3.org>
- Message-ID: <02b501cea20f$fc8e33b0$f5aa9b10$@augustcellars.com>
I think you may also need to sort the member fields if you are going to
rebuild it from a parsed object. Also you are going to have some potential
problems for dealing with numbers in terms of how they are written back out.
Jim
From: Anders Rundgren [mailto:anders.rundgren.net@gmail.com]
Sent: Sunday, August 25, 2013 12:05 PM
To: public-webcrypto-comments@w3.org
Subject: Enveloped JSON Signatures
Hi,
The concept of enveloped signatures have been slammed by the JOSE WG due to
a belief that canonicalization issues will be hard.
FWIW, I just write a JSON encoder, decoder and signature utility in one week
and I didn't find any problems all.
https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%
2Fsrc%2Forg%2Fwebpki%2Fjson
It seem that I will be able to replace 200,000 lines of Apache code with
about 2,000 lines of custom code.
{
"MyLittleSignature":
{
"Version": <http://example.com/signature>
"http://example.com/signature",
"Now": "2013-08-25T20:31:23+02:00",
"HRT":
{
"RTl": "67",
"YT":
{
"HTL": "656756#",
"INTEGER": -689,
"Fantastic": false
},
"er": "33"
},
"ARR": [],
"BARR":
[{
"HTL": "656756#",
"INTEGER": -689,
"Fantastic": true
},
{
"HTL": "656756#",
"INTEGER": -689,
"Fantastic": false
}],
"ID": "ihqQONXvN5_LnmdAG7YU",
"STRINGS": ["One","Two","Three"],
"Intra": 78,
"EnvelopedSignature":
{
"SignatureInfo":
{
"Algorithm":
<http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256>
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
"Reference":
{
"Name": "ID",
"Value": "ihqQONXvN5_LnmdAG7YU"
},
"KeyInfo":
{
"PublicKey":
{
"EC":
{
"NamedCurve":
<http://xmlns.webpki.org/sks/algorithm#ec.p256>
"http://xmlns.webpki.org/sks/algorithm#ec.p256",
"X":
"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk",
"Y":
"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"
}
}
}
},
"SignatureValue":
"MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7Gxq
ZeWWcaFzK9OVAhygAWVk"
}
}
}
Why bother with this you may wonder? Well I can't imagine converting the
previous cool stuff to something yucky like:
{
"message":
"eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gFW
FOEjXk"
}
Canonicalization (=removal of whitespace):
"MyLittleSignature":{"Version": <http://example.com/signature>
"http://example.com/signature","Now":"2013-08-25T20:31:23+02:00","HRT":{"RTl
":"67","YT":{"HTL":"656756#","INTEGER":-689,"Fantastic":false},"er":"33"},"A
RR":[],"BARR":[{"HTL":"656756#","INTEGER":-689,"Fantastic":true},{"HTL":"656
756#","INTEGER":-689,"Fantastic":false}],"ID":"ihqQONXvN5_LnmdAG7YU","STRING
S":["One","Two","Three"],"Intra":78,"EnvelopedSignature":{"SignatureInfo":{"
Algorithm": <http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256>
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","Reference":{"Name":"I
D","Value":"ihqQONXvN5_LnmdAG7YU"},"KeyInfo":{"PublicKey":{"EC":{"NamedCurve
": <http://xmlns.webpki.org/sks/algorithm#ec.p256>
"http://xmlns.webpki.org/sks/algorithm#ec.p256","X":"lNxNvAUEE8t7DSQBft93LVS
XxKCiVjhbWWfyg023FCk"," Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}}
</Anders>
Received on Monday, 26 August 2013 03:56:07 UTC