On Mar 8, 2009, at 10:14 AM, Chris Anderson wrote:

> I think you'll want to add to the signature field, a list of the
> signed fields. This way _rev can change freely, and intermediate users
> can add new fields, without breaking the signature.

That would be one way to do it. Another is to apply the signature not  
to the top-level document itself but to an object nested inside it.  
The nice thing about this signature schema is that it has a very  
flexible topology, so you can sign pieces of objects, have multiple  
signed pieces in an object, etc.

> There are reliable JS md5 and sha1 libs. Will that get you there?

No, unfortunately. Verifying a signature requires re-running the  
public-key algorithm over the message digest. So this would require an  
implementation of RSA or the equivalent.

(RSA is ubiquitous but getting old; apparently elliptic-key systems  
are gaining favor because they provide more security per bit of key  
length. I don't know whether they're any less compute-intensive than  
RSA. I'll do some research and try to find JS impls of any of these.)

—Jens