Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add extract-signed #738

Merged
merged 5 commits into from
Dec 16, 2023
Merged

Add extract-signed #738

merged 5 commits into from
Dec 16, 2023

Conversation

seadowg
Copy link
Member

@seadowg seadowg commented Dec 12, 2023
edited by lognaturel

As proposed at https://forum.getodk.org/t/form-spec-proposal-allow-signed-content-to-verified-using-form-logic/44228.

What has been done to verify that this works as intended?

New tests and verified manually using Extract.signed.form.xlsx (which includes a randomly generated public key) and the following QR code (which contains the message "real genuine data"):

Screenshot 2023-12-12 at 18 04 08

Why is this the best possible solution? Were any other approaches considered?

The function signature is discussed at https://forum.getodk.org/t/form-spec-proposal-allow-signed-content-to-verified-using-form-logic/44228.

In terms of implementation, I did briefly look into using Java's build it crypto utilities, but it seemed like we'd need Java 15 for Ed25519 support and JavaRosa is still Java 8 compatible as far as I know. Using Bouncy Castle keeps that support in place. One ramification could be that it increases the size of binaries built suing JavaRosa (like Collect's APK).

How does this change affect users? Describe intentional changes to behavior and behavior that could have accidentally been affected by code changes. In other words, what are the regression risks?

Should just add the new function! Nothing else has really been touched (other than moving Base64 to a new helper).

Does this change require updates to documentation? If so, please file an issue here and include the link below.

getodk/docs#1723

@seadowg seadowg marked this pull request as ready for review December 12, 2023 18:09
@seadowg seadowg mentioned this pull request Dec 13, 2023
Closed
@lognaturel lognaturel merged commit f489a3e into getodk:master Dec 16, 2023
3 checks passed
@seadowg seadowg deleted the extract-signed branch December 16, 2023 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lognaturel lognaturel lognaturel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@seadowg @lognaturel