Open sgessa opened 4 months ago
Sorry for the delay, but I'll take a look at this before the end of the weekend and thank you again for the contribution!
-------- Ursprüngliche Nachricht -------- Am 24.05.24 14:36 um Stefano Gessa schrieb :
@sgessa commented on this pull request.
@.***(https://github.com/Ianleeclark) can you take a look? What do you think?
PS: should I bump the Elixir version too?
In lib/paseto/v2.ex:
iex> Paseto.V2.sign("Test Message", sk)
"v2.public.VGVzdAJxQsXSrgYBkcwiOnWamiattqhhhNN_1jsY-LR_YbsoYpZ18-ogVSxWv7d8DlqzLSz9csqNtSzDk4y0JV5xaAE" """ @spec sign(String.t(), String.t(), String.t()) :: String.t() | {:error, String.t()}
- def sign(data, secret_key, footer \ "") when byte_size(secret_key) == 64 do
- def sign(data, secret_key, footer \ "") when byte_size(secret_key) == 32 do
each key in Ed25519 is 32 bytes
In test/fixtures/test_vectors/v2_public.exs:
@@ -3,17 +3,15 @@ vector: "v2-S-1", token: "v2.public.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIiwiZXhwIjoiMjAxOS0wMS0wMVQwMDowMDowMCswMDowMCJ9HQr8URrGntTu7Dz9J2IF23d1M7-9lH9xiqdGyJNvzp4angPW5Esc7C5huy_M8I8_DjJK2ZXC2SUYuOFM-Q_5Cw",
- private_key:
- "b4cbfb43 df4ce210 727d953e 4a713307 fa19bb7d 9f850414 38d9e11b 942a3774 1eb9dbbb bc047c03 fd70604e 0071f098 7e16b28b 757225c1 1f00415d 0e20b1a2",
- private_key: "b4cbfb43 df4ce210 727d953e 4a713307 fa19bb7d 9f850414 38d9e11b 942a3774",
removing the public key since it's not needed
In test/fixtures/test_vectors/v2_public.exs:
public_key: "1eb9dbbb bc047c03 fd70604e 0071f098 7e16b28b 757225c1 1f00415d 0e20b1a2",
payload: ~s({"data":"this is a signed message","exp":"2019-01-01T00:00:00+00:00"}) ], [ vector: "v2-S-2", token: "v2.public.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIiwiZXhwIjoiMjAxOS0wMS0wMVQwMDowMDowMCswMDowMCJ9flsZsx_gYCR0N_Ec2QxJFFpvQAs7h9HtKwbVK2n1MJ3Rz-hwe8KUqjnd8FAnIJZ601tp7lGkguU63oGbomhoBw.eyJraWQiOiJ6VmhNaVBCUDlmUmYyc25FY1Q3Z0ZUaW9lQTlDT2NOeTlEZmdMMVc2MGhhTiJ9",
- private_key:
- "b4cbfb43 df4ce210 727d953e 4a713307 fa19bb7d 9f850414 38d9e11b 942a3774 1eb9dbbb bc047c03 fd70604e 0071f098 7e16b28b 757225c1 1f00415d 0e20b1a2",
- private_key: "b4cbfb43 df4ce210 727d953e 4a713307 fa19bb7d 9f850414 38d9e11b 942a3774",
removing the public key since it's not needed
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
Unfortunately I'm going to have to reject this as it increases the maintenance burden and quite frankly I'm stuffed to the gills at the moment.
Should things ease up, I'll leave this open and reassure
This PR removes
libsalty
library because outdated and no longer maintained.libsalty
was used forXChaCha20Poly1305
andEd25519
crypto functions that are now implemented using Erlang native crypto functions. I also fixed an issue whereV2.sign/3
expected a keypair (a binary composed with private + public key) with 64 bytes length to work. Only the secret key is needed for signing and must be 32 bytes.