New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(*): contract signing and verification #689
feat(*): contract signing and verification #689
Conversation
…act instance Signed-off-by: jeromesimeon <jeromesimeon@me.com>
Signed-off-by: jeromesimeon <jeromesimeon@me.com>
Signed-off-by: Jerome Simeon <jeromesimeon@me.com>
Signed-off-by: Jerome Simeon <jeromesimeon@me.com>
Signed-off-by: Jerome Simeon <jeromesimeon@me.com>
Signed-off-by: Jerome Simeon <jeromesimeon@me.com>
Signed-off-by: Jerome Simeon <jeromesimeon@me.com>
Signed-off-by: Jerome Simeon <jeromesimeon@me.com>
…ntracts Signed-off-by: Jerome Simeon <jeromesimeon@me.com>
Signed-off-by: jeromesimeon <jeromesimeon@me.com>
Signed-off-by: jeromesimeon <jeromesimeon@me.com>
Signed-off-by: sanket shevkar <shevkar.sanket@gmail.com>
Signed-off-by: sanket shevkar <shevkar.sanket@gmail.com>
Signed-off-by: sanket shevkar <shevkar.sanket@gmail.com>
Signed-off-by: sanket shevkar <shevkar.sanket@gmail.com>
Signed-off-by: sanket shevkar <shevkar.sanket@gmail.com>
Signed-off-by: sanket shevkar <shevkar.sanket@gmail.com>
// decrypt p12 using the passphrase 'password' | ||
const p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, false, passphrase); | ||
//X509 cert forge type | ||
const certificateForge = p12.safeContents[0].safeBags[0].cert; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Under what circumstances would we ever need to access entries that are not in the first position of safeContents
or safeBags
array?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we'll ever have to, it's mostly metadata of the keystore stored in it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How safe is this path really? What happens if there is no safeContents
or no safeBags
. Could you clarify what the forge API supports there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mttrbrts safeContents
contains all the things present inside the keystore. In this case at the first position it is the certificate and in the second position it is the private key. So safeContents[0].safeBags[0]
contains the x509 cert, and only has one object inside the safeBags array. Similary safeContents[1].safeBags[0]
has the private key and also has only object inside the safeBags array. @jeromesimeon there is another method getBags()
using which the the material inside safe bags can be accessed but either one of the following property is to be known:
- friendlyName
- localKeyIdHex
- bagType
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- I was not able to find a friendly name
{ localKeyId: [ '\u0010÷&Þ\u001e°ÑÆ\u0015Ã?\u0011Aw\u0010¥' ] }
, this was the localKeyId1.2.840.113549.1.12.10.1.3
, this was the bag type for a x509 cert &1.2.840.113549.1.12.10.1.2
this for a private key.
Since these were a bit hard to understand I decided to take the route of selecting the certificate and the private key from safeContents
and safeBags
directly
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can refer to this replit: https://replit.com/@sanketshevkar/forgeBags#index.js
…(last gsoc commit) Signed-off-by: sanket shevkar <shevkar.sanket@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- this branch includes many commits from the source branch which will make for a very messy commit history and unnecessary code duplication. A clean version can be found here: New slc signing #692
- somehow the tests didn't run. Running locally I see two tests failing:
1) ContractInstance
#verify
should throw error for failed signature verification:
Error: Contract signature is invalid!
at ContractInstance.verify (lib/contractinstance.js:1656:13)
at Context.<anonymous> (test/contractinstance.js:121:29)
2) ContractInstance
#verifySignatures
should throw error while verifying the contract signatures:
Error: Contract signature is invalid!
at ContractInstance.verify (lib/contractinstance.js:1656:13)
at /Users/jerome.simeon/git/accordproject/cicero-signing/packages/cicero-core/lib/contractinstance.js:1617:14
at Array.forEach (<anonymous>)
at ContractInstance.verifySignatures (lib/contractinstance.js:1609:31)
at Context.<anonymous> (test/contractinstance.js:139:29)
A proposed fix is included in this commit: 609b42c
Closing this, replaced by #692 |
Enables the parties involved in execution of a contract to digitally sign the signatures.
Changes
Author Checklist
--signoff
option of git commit.master
fromfork:branchname