Skip to content

@glyphp/core@1.6.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 13 Jun 19:44
· 2 commits to main since this release
@glyphp/core@1.6.0
7ad7df4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Minor Changes

  • 4418e47: Fix RFC-0007 §3.1.1: bind the keyless subjectDigest to the card's
    attestation-exclusive canonical id (new exported keylessSubjectDigest())
    instead of sha256(card.id). The bundle rides inside card.attestation,
    which itself enters card.id, so the original binding was an unsatisfiable
    fixed point — no keyless-attested card could pass both verifyGlyph() and
    keyless verification at once. KeylessVerifier.verify now recomputes the
    digest from the received card's content, never from card.id (whose own
    integrity stays verifyGlyph's §3.2 check). For a card without an
    attestation the digest still equals sha256(card.id).
Assets 4
Loading