Another potentially hard thing to keep secure. We should probably have a disclaimer about the fact that this is more or less a feature that's going to be nearly impossible to implement securely without hosing the JS on an SSL secured server. Would take a semi-skilled attacker to really get through either of these, but it wouldn't be unheard of.
This is already mostly done by myself (fitblip), I've figured out a good way of parsing out keys and text, as well as lots of error checking and whatnot. I also have all the algorithms to verify signatures for V4 keys finished, but can eventually expand them to V3 if we decide it's needed.
As of right now, I only have SHA256 working properly, but that's just a matter of replacing my hash call with the proper one in the preferred hashing algo/enclosed hashing algo.
My code works for verification, but there are a number of places which I'd like to clean it up and make it run faster & smoother.
Last edited by Stephen Paul Weber,