-
Notifications
You must be signed in to change notification settings - Fork 275
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optimization: Signature for Body+ObjectId #154
Comments
If this problem is to be solved, there are currently two options under consideration.
object_id: Option<ObjectId> If this field is specified, it means that the body has been bound to the target desc, and the body is signed on this basis, which is the overall signature When verifying whether the body has a desc.public_key signature, two things need to be done
The potential risk of this scheme is the codec compatibility problem caused by the introduction of fields |
At present, in cyfs system, with mut-body objects unless special needs, is not recommended, in a relatively small number of cases will be used, there are generally the following two situations:
If the MetaChain is used, only the owner of the object has the right to update the object, and if others "forge" the object, they cannot update the MetaChain, and it is difficult to proliferate in the cyfs network, so this "attack problem" can be avoided to some extent. So to some extent, this "attack problem" can be avoided, but there is still a potential risk So in the long term, it is necessary to provide a mechanism to avoid this possible risk from a security and completeness perspective |
Currently, we are considering using the solution mentioned in 2, which involves the following changes.
object_id: Option<ObjectId> Also, add flags for coding compatibility pub const OBJECT_BODY_FLAG_OBJECT_ID: u8 = 0x01 << 3.
|
It was found that this mentioned solution of adding an optional field of So this is a headache, in the current RawCodec system, neither desc nor body can be directly extended by fields, so consider using the following alternative: Enable |
…nature-for-body+objectid' into main
In the final implementation, the ext field reserved in the last object codec refactoring is enabled, CYFS/src/component/cyfs-base/src/objects/object.rs Lines 447 to 463 in b7cca88
The object body adds the corresponding methods
AnyNamedObject also adds the corresponding methods
Also the signature verification has been improved accordingly, involving the following methods
|
Discussed in #128
Originally posted by streetycat March 17, 2023
I find that, I need to sign Body and Desc separately if I want to prove the authenticity of the object. It consumes a lot of space and efficiency.
If we add the ObjectId into the signature data, we can achieve the same with the signature:
Sign(Hash(Body+ObjectId))
The text was updated successfully, but these errors were encountered: