search

amark / gun

An open source cybersecurity protocol for syncing decentralized graph data.
https://gun.eco/docs
Other
18.03k stars 1.16k forks source link

SEA.verify not accepting json signed by old versions #1253

Open mmalmi opened 2 years ago

mmalmi commented 2 years ago

New gun version doesn't accept json signed by old gun versions.

This works in old (pre-manhattan) gun versions, but not on the latest:

await SEA.verify('SEA{"m":{"b":"b","a":"a"},"s":"lLj1EcJUGgCWKuw2tDLY2Uq9UHWxHqhEtn0eEqHhYC6z7kRj13KkFdjbHV4NNyiAYm6XezUl6phbXzssaoHKEA=="}', '1LgnhjM1H1eciNRO7ovT5RCogaAcbpLYF526bEC6RRU.mxCo7QMypmLfGUC0SsdKbf4f_y4bNNKbKdqudnyB6lw')

With alphabetically ordered fields it works just fine:

await SEA.verify('SEA{"m":{"a":"a","b":"b"},"s":"Go1rUggsglOFC3RmUFYCrTSkDrJIat3VR99nj5TUFLtiiZ2B3aAUxFsdPCln7rbCP278EAzFOCfW1rWvl6Vq4Q=="}', '1LgnhjM1H1eciNRO7ovT5RCogaAcbpLYF526bEC6RRU.mxCo7QMypmLfGUC0SsdKbf4f_y4bNNKbKdqudnyB6lw')

What's the best way to accept old format messages?

amark commented 2 years ago

Odd, I'm pretty sure sorted JSON predated Manhattan. Hmm. I'm not sure, thoughts?

mmalmi commented 2 years ago

The old version is 0.2020.1232

https://github.com/mmalmi/gun/blob/old/package.json