You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The documentation states that The standard implementation of a Verifier is constructed by NewVerifier starting from a verifier key, which is a plain text string of the form "<name>+<hash>+<keydata>".
It appears that the hash is in hexadecimal, while the keydata is base64-encoded. I cannot find a description of this anywhere in the documentation. The documentation does say that the key hash is an unsigned 32 bit integer.
Also, the keydata is one byte of key type followed by the actual bytes of the key. The documentation does say this: There is only one key type, Ed25519 with algorithm identifier 1. New key types may be introduced in the future as needed, although doing so will require deploying the new algorithms to all clients before starting to depend on them for signatures.. I don't see anywhere in the documentation that says that this algorithm identifier is the first byte of the keydata.
Having this fully documented is useful when you have signatures produced in the sumdb note and key format, and you want to verify those signatures using a program written in another language.
The text was updated successfully, but these errors were encountered:
Split on separator + into exactly three parts and take the third part Ac4zctda0e5eza+HJyk9SxEdh+s3Ux18htTTAD8OuAn8. This you have to base64 decode then drop the first byte to get a 32 byte ed25519 public key compatible with https://pkg.go.dev/crypto/ed25519#Verify . In base64, this public key is zjNy11rR7l7Nr4cnKT1LER2H6zdTHXyG1NMAPw64Cfw=
PKIX marshalled and PEM encoded:
-----BEGIN PUBLIC KEY-----