-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signing
: extract and verify intermediate key
#2715
Conversation
data: intermediatePublicKey)) | ||
|
||
do { | ||
return try Self.createPublicKey(with: intermediatePublicKey) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We considered caching this, but I just ran a benchmark on my device and the whole process (creating this key and verifying the original signature) takes 0.17 seconds.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I meant 0.17ms!
52c5c76
to
0d1bd54
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love this! Going to try to get this done in Android ASAP
} | ||
|
||
guard let expirationDate = Self.extractAndVerifyIntermediateKeyExpiration(intermediateKeyExpiration) else { | ||
return nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So if the intermediate key is expired, we assume it's an attacker correct? As long as the backend makes sure this doesn't happen, this should be fine 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup /cc @bisho
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love this! Going to try to get this done in Android ASAP
e9e2d8e
to
4d7e631
Compare
0d1bd54
to
7aa47ba
Compare
b4e4adc
to
dd41618
Compare
7aa47ba
to
4dc2d8a
Compare
fb1b4c9
to
7181dba
Compare
54b4e49
to
69a2415
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
Some tests seem to be failing though |
7181dba
to
ba53303
Compare
Yeah that's |
ba53303
to
1876819
Compare
69a2415
to
fcbc752
Compare
fcbc752
to
bef3bef
Compare
Last step of the new Signature format. Follow up to #2679 and #2698.
This reverts the public key change in #2679, since that was the intermediate key.
This now extracts the new intermediate public key from the signature, and verifies it using the public key.