Certificate in origin_key api is not checked #584

Neylix · 2022-09-21T18:37:41Z

Describe the problem you discovered

Actually, when origin public key is not tpm family, we do not control the certificate.
But someone can put some data in the certificate attribute in the api and so create a transaction with some data inside.
As origin transaction are free and generated by nodes, people can create not tpm public key and store data in the transaction for free

Describe the solution you'd like

In the API or in pending validation, if the origin public key is not tpm family, certificate should be empty

samuelmanzanera · 2022-09-21T19:54:59Z

We should maybe leverage: Crypto.verify_key_certificate? to attest the public key with the certificate.
In link with Crypto.get_root_ca_public_key

samuelmanzanera · 2022-10-27T15:40:31Z

Closed by #629

Neylix added bug Something isn't working API Involve API facing user origin labels Sep 21, 2022

apoorv-2204 self-assigned this Oct 13, 2022

apoorv-2204 mentioned this issue Oct 13, 2022

Certificate in origin_key api is not checked #584 #629

Merged

4 tasks

samuelmanzanera closed this as completed Oct 27, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Certificate in origin_key api is not checked #584

Certificate in origin_key api is not checked #584

Neylix commented Sep 21, 2022 •

edited

Loading

samuelmanzanera commented Sep 21, 2022 •

edited

Loading

samuelmanzanera commented Oct 27, 2022

Certificate in origin_key api is not checked #584

Certificate in origin_key api is not checked #584

Comments

Neylix commented Sep 21, 2022 • edited Loading

Describe the problem you discovered

Describe the solution you'd like

samuelmanzanera commented Sep 21, 2022 • edited Loading

samuelmanzanera commented Oct 27, 2022

Neylix commented Sep 21, 2022 •

edited

Loading

samuelmanzanera commented Sep 21, 2022 •

edited

Loading