Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactoring: signing data using LocalKey #227

Closed
Patrik-Stas opened this issue Feb 21, 2024 · 4 comments
Closed

Refactoring: signing data using LocalKey #227

Patrik-Stas opened this issue Feb 21, 2024 · 4 comments

Comments

@Patrik-Stas
Copy link

While integrating askar to aries-vcx, following pattern has appeared in our sign function implementation:

        if let Some(key) = self
            .session()
            .await?
            .fetch_key(&did_from_key(key.to_owned()), false)
            .await?
        {
            let local_key = key.load_local_key()?;
            let key_alg = SigType::try_from_key_alg(local_key.algorithm())?;
            Ok(local_key.sign_message(msg, Some(key_alg.into()))?)
        }

What happens here is:

  • We load up a key from database, this is of type LocalKey
  • Next we want to use it for signing, but for that, we need instance of SigType. We have to fallibly try to get that as key_alg from the local_key
  • Lastly, we pass in local_key and the key_alg to make magic happen

I find this un-intuitive that I need to use SigType::try_from_key_alg before I can use LocalKey's sign_message, even though the information about key type is in fact contained in local_key variable itself. Therefore I would rather welcome following API:

            let local_key = key.load_local_key()?;
            Ok(local_key.sign_message(msg?)

Such that sign_message would check the key type itself.

Additionally, the current API opens up doors to error where I load up local_key of certain cryptography type, but then pass wrong value of SigType argument to sign_message function.

I am open to make contribution, but before I proceed, is there's some perspective I am missing?
@swcurran
Copy link
Member

@andrewwhitehead — could you please weigh in here?

@andrewwhitehead
Copy link
Member

Hiya, I believe what you're doing is effectively the same as passing in None for the signature type. In that case the default signature type for that key is chosen.

@Patrik-Stas
Copy link
Author

@andrewwhitehead excuse the lack of my knowledge - you indicate that there might be keys which can be used for variaty of signature types. Is that right?

@andrewwhitehead
Copy link
Member

There are keys for which multiple signature types could be supported, for example EdDSA signatures can be deterministic or randomized: https://www.ietf.org/archive/id/draft-mattsson-cfrg-det-sigs-with-noise-04.html

At the moment none of the implemented key types support multiple signature types, though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@swcurran @Patrik-Stas @andrewwhitehead