Closed informartin closed 3 years ago
Currently, IsValidSignature uses the certificate's signature algorithm field for verifying a signature. However, this field refers to the algorithm used by the CA to sign the user certificate. Thus, it may be different from the algorithm used for signing a document. https://github.com/GSMA-CPAS/BWRP-chaincode/blob/25d48d76a1653122d8823ee24c92ac5e65ae28d4/hybrid/offchain.go#L468
IsValidSignature
In general, I would suggest using OID in the future to identify used signature algorithms. This will permit full flexibility to organizations, as they can choose whatever algorithm they want while maintaining verifiability as well.
I have come up with a first implementation: https://github.com/GSMA-CPAS/BWRP-chaincode/blob/7a9e3ac46fb84baa0949d186a0337b4988e4300c/hybrid/offchain.go#L467-L473
However, this is only to showcase the use of OIDs and shouldn't be merged, as the signing process is being refactored: https://github.com/GSMA-CPAS/BWRP-chaincode/issues/20
Currently,
IsValidSignatureuses the certificate's signature algorithm field for verifying a signature. However, this field refers to the algorithm used by the CA to sign the user certificate. Thus, it may be different from the algorithm used for signing a document. https://github.com/GSMA-CPAS/BWRP-chaincode/blob/25d48d76a1653122d8823ee24c92ac5e65ae28d4/hybrid/offchain.go#L468In general, I would suggest using OID in the future to identify used signature algorithms. This will permit full flexibility to organizations, as they can choose whatever algorithm they want while maintaining verifiability as well.
I have come up with a first implementation: https://github.com/GSMA-CPAS/BWRP-chaincode/blob/7a9e3ac46fb84baa0949d186a0337b4988e4300c/hybrid/offchain.go#L467-L473
However, this is only to showcase the use of OIDs and shouldn't be merged, as the signing process is being refactored: https://github.com/GSMA-CPAS/BWRP-chaincode/issues/20