In late September Mark Nottingham announced on the HTTP Bis WG mailing list that the httpbis-message-signatures spec was in last call. That gave a very good reason to update first the bobcats crypto library and then the HttpSig library.
Noteworthy: attending the IETF 115 London Meeting virtually, I discovered that Mastodon has been using an older version of HttpSig (see their Security page).
Bobcats is a library that provides the same Scala interface for Java cryptograph, as well as for Browser Cryptography. It could be extended for NodeJS if someone needed it.
- PR7: Update with examples from Message Signatures 13. Tested the signatures on all the examples in the Message Signing spec. Doing this led to me to find a difficulty with one of the PEM keys from the spec. Issue 2290. That led to JWK versions of all the keys to be added to the spec in PR 2301 which led to
- PR9: Add Support for JWK in bobcats
- PR 10: Update Dependencies - minor update for bobcats to work better with other libraries
I have a huge PR to commit all the bobcats changes to the original repo. I need to remove the conflicts, and then there is probably some work to be done to timprove the APIs for it, before it would get accepted. Having it used is most likely to have it accepted longer term.
Published new snapshot on sonatype for Java and JS
- PR 12: Updgrade to spec version 13 took a whole month of work somehow as I cleaned up the interfaces, improved the tests, and made for a typesafe version of the library.
- PR 11 and PR 19 are minor fixes.
Published new snapshot on sonatype
- http4s-http-signature java and browser JavaScript
- Other crypto libraries on which it depends are also in net/bblfish/crypto
Other:
- issue 2347: Signature: error in 4.3. examples found a minor bug in spec v15
- PR 24: update bobcats and httpSig updated Reactive Solid. This will continue as we develop more advanced examples from the SolidCtrl App.
- PR2: Update HttpSig, also contains some initial thoughts on how develop the client in a very generic way (see Free Readme) very similar to what I used on the server, so that it can easily fetch data in a cache, remotely, etc... This may be a way to develop a basic actor system on the client, that could then be used to rework the server later.
Found a bug in Scala Issue 16408: Problem with Traits not being Matchable. After finding the bug, minimizing the code was a lot of work, that was done intermittenlty over a 3 weeks or so. It looks like they have accepted it now.