-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWS proof least significant bit change #68
Comments
No, because, like you said, it's just the padding. When you decode the signature value (whether it's modified in the way you described or not), you get the same raw signature bytes.
The same as for any other signature scheme that uses base64 encoding (like everything in JOSE). Changing the value should not affect the integrity of the data that the signature is over (as the signature is itself separate from that and, as mentioned above, decoding the value produces the same signature bytes). However, if someone were to hash the data (including the signature value), of course the hashes would be different. Whether that is a problem for someone depends on their use of such hashes, etc. |
@mkhraisha it seems like your question has been answered. Is there anything further that we need to do wrt. changes to the specification or specification text? If there is a change that is needed to the specification, I expect it would be editorial in nature (like something put in the Security Considerations section) and could be done after the specification enters the Candidate Recommendation phase. |
The question has been answered, but I think it is important to note in the security considerations post candidate rec . |
Ok, can do. There's got to be some text out there in an IETF RFC on this given that it's a general issue w/ JOSE and its use of base64url encoding. We might just point to whatever that RFC says on the matter from our security considerations section. |
None of the current cryptosuites that the VCWG is standardizing use JWS encoding. All JWS cryptosuites have been abandoned by the group, so there is nothing left to say on this issue. Marking this issue as pending close. |
I believe this can be closed. |
Running into a rather confusing issue, hope someone hear can shed some light.
If you create a VC that outputs a proof that is a jws such as Ed25519Signature2018, and verify it then you get a correct response.
If you take the same VC then increment the last bit in the signature to a character that is within 15 characters ahead, it still returns "verified". i.e. in the case of the character
g
you can change it tov
but notw
If you take the same VC then decrement the last bit in the signature, it fails.
After talking to @msporny it appears this is due to base64url encoding.
The text was updated successfully, but these errors were encountered: