On Jul 3, 2012, at 10:01 AM, Jim Klo wrote:

> Yes, and as a matter of fact, i just got digital signature validation using OpenPGP within a map function working a few minutes ago!
> Here's a link to the relevant code: https://github.com/jimklo/TheCollector/blob/master/dataservices/thecollector-resources/views/lib/sig_utils.js

As far as I can tell, this code uses a data schema where the signed contents are wrapped in some kind of OpenPGP encoding:

>         var msg_list = openpgp.read_message(doc.digital_signature.signature);
>         for (var i=0; i<msg_list.length; i++) {
>             isValid |= msg_list[i].verifySignature();
>         }

It looks like msg_list is the actual document payload, which has to be decoded using openpgp.read_message.

This is IMHO not a very good solution because it hides the document contents away — for example, all the map functions and any app logic that uses documents will have to know to call read_message, which will also make them slower.

The schema I implemented (see my previous message) doesn't alter the basic document format. The signature is in a nested object but applies to the entire document contents (minus the signature itself of course). There's no need to change any code that reads documents; the only time you have to know about the signature scheme is while verifying the signature. It's even possible to have multiple signatures on a document.

—Jens