Closed 2byrds closed 2 weeks ago
Some notes from a recent round of testing @aydarng:
Thanks for providing the example code. I used this as the reference: https://github.com/GLEIF-IT/reg-pilot/blob/69121800e693a300477e8eaa3966e4333f7817d9/signify-ts-test/test/report.test.ts#L288-L294
The difference between that implementation and our implementation is that we are creating a SHA-256 digest of the raw file first, then we are signing the digest. The reason for that is to avoid sending the entire files from web app to extension. From my understanding, we cannot and should not send too large messages over the IPC channel.
Per https://github.com/GLEIF-IT/reg-pilot/discussions/41 we will expect/validate SHA-256 prefixed digests through the api/verifier: https://github.com/GLEIF-IT/reg-pilot-api/issues/23 https://github.com/GLEIF-IT/vlei-verifier/issues/25
@lenkan will work with us to align with their signing format