couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Trivial Update of "SignedDocuments" by JensAlfke
Date Mon, 09 Mar 2009 17:24:21 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The following page has been changed by JensAlfke:
http://wiki.apache.org/couchdb/SignedDocuments

------------------------------------------------------------------------------
  
  So the process of verifying the digest looks like this:
  
-  # Remove the `signature` property from the document.
+  1. Remove the `signature` property from the document.
-  # Remove all other properties whose keys begin with "_".
+  1. Remove all other properties whose keys begin with "_".
-  # Serialize the result as canonical JSON (q.v.)
+  1. Serialize the result as canonical JSON (q.v.)
-  # Compute a SHA-1 digest of the resulting byte stream.
+  1. Compute a SHA-1 digest of the resulting byte stream.
-  # Compare this with `signature.digest`.
+  1. Compare this with `signature.digest`.
  
  If the digest is valid, the digital signature itself is verified using a similar technique:
  
-  # Start with the `signature` object.
+  1. Start with the `signature` object.
-  # Remove the `signed` property.
+  1. Remove the `signed` property.
-  # Serialize the result as canonical JSON (q.v.)
+  1. Serialize the result as canonical JSON (q.v.)
-  # Perform digital-signature verification on the resulting byte stream, using the `signed`
field and the public key.
+  1. Perform digital-signature verification on the resulting byte stream, using the `signed`
field and the public key.
  
  Note that the key does not directly sign the document. This is so that the signature can
also encompass metadata like the creation and expiration dates. Also, it would be feasible
to separate the signature from the document entirely, and store it elsewhere, since its `digest`
field uniquely identifies the document it signs.
  

Mime
View raw message