Something went wrong on our end
Select Git revision
keys.go
-
Daniël Franke authored
As we're working on a web based verifier, it needs to be able to sign a COSE SignMessage, but sending the private keys to a web client outside of our control is not responsible. To do this in a secure way, where no PMI is being sent to our servers, we need to implement hashing on the client side and signing on the server side. This way we only get the SHA-512 hash sent to our server, which we can then sign with a private key, and send the signature back to the client. This way no sensitive data is sent over the wire. This refactors and adds a few new functions so that this is possible.
Daniël Franke authoredAs we're working on a web based verifier, it needs to be able to sign a COSE SignMessage, but sending the private keys to a web client outside of our control is not responsible. To do this in a secure way, where no PMI is being sent to our servers, we need to implement hashing on the client side and signing on the server side. This way we only get the SHA-512 hash sent to our server, which we can then sign with a private key, and send the signature back to the client. This way no sensitive data is sent over the wire. This refactors and adds a few new functions so that this is possible.