versia-pub/docs
2
0
Fork 0
mirror of https://github.com/versia-pub/docs.git synced 2025-12-06 22:38:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:lysand-org/docs

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-03-17 20:11:53 -10:00
parent 2003c75456 158ec6ead4
commit b1089770c2
No known key found for this signature in database
1 changed files with 30 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
docs/cryptography/signing.md
View file

@ -55,9 +55,22 @@ Where `/users/uuid/inbox` is the path of the request.
Here is an example of signing a request using TypeScript and the WebCrypto API: Here is an example of signing a request using TypeScript and the WebCrypto API:
```typescript ```typescript
/**
* Convert a string into an ArrayBuffer
* from https://developers.google.com/web/updates/2012/06/How-to-convert-ArrayBuffer-to-and-from-String
*/
const str2ab = (str: string) => {
const buf = new ArrayBuffer(str.length);
const bufView = new Uint8Array(buf);
for (let i = 0, strLen = str.length; i < strLen; i++) {
bufView[i] = str.charCodeAt(i);
}
return buf;
};
const privateKey = await crypto.subtle.importKey( const privateKey = await crypto.subtle.importKey(
"pkcs8", "pkcs8",
atob("base64_private_key"), str2ab(atob("base64_private_key")),
"Ed25519", "Ed25519",
false, false,
["sign"] ["sign"]
@ -68,18 +81,26 @@ const digest = await crypto.subtle.digest(
new TextEncoder().encode("request_body") new TextEncoder().encode("request_body")
); );
const userInbox = new URL("...");
const date = new Date();
const signature = await crypto.subtle.sign( const signature = await crypto.subtle.sign(
"Ed25519", "Ed25519",
privateKey, privateKey,
new TextEncoder().encode( new TextEncoder().encode(
"(request-target): post /users/uuid/inbox\n" + `(request-target): post ${userInbox.pathname}\n` +
"host: example.com\n" + `host: ${userInbox.host}\n` +
"date: Fri, 01 Jan 2021 00:00:00 GMT\n" + `date: ${date.toUTCString()}\n` +
"digest: SHA-256=" + btoa(digest) `digest: SHA-256=${btoa(
String.fromCharCode(...new Uint8Array(digest))
)}\n`
) )
); );
const signatureBase64 = base64Encode(signature); const signatureBase64 = btoa(
String.fromCharCode(...new Uint8Array(signature))
);
``` ```
> [!WARNING] > [!WARNING]
@ -91,9 +112,9 @@ await fetch("https://example.com/users/uuid/inbox", {
method: "POST", method: "POST",
headers: { headers: {
"Content-Type": "application/json", "Content-Type": "application/json",
"Date": "Fri, 01 Jan 2021 00:00:00 GMT", Date: date.toUTCString(),
"Origin": "https://example.com", Origin: "https://example.com",
"Signature": `keyId="https://example.com/users/uuid",algorithm="ed25519",headers="(request-target) host date digest",signature="${signatureBase64}"` Signature: `keyId="${...}",algorithm="ed25519",headers="(request-target) host date digest",signature="${signatureBase64}"`,
}, },
body: JSON.stringify({ body: JSON.stringify({
// ... // ...