Closed xcthulhu closed 8 years ago
+1, have reviewed. This looks great. Solid ACK from me.
I think this would be a good time to switch to using the optimized Node.js crypto library for the sha256 function, similar to bitcore, and send it a Buffer. If the data
argument isn't a buffer, the type would default to utf-8
with new Buffer(data, 'utf-8')
.
Also as mentioned in https://github.com/bitpay/bitauth/issues/44 we can include browser builds in tagged releases (not in master), however can fix this is a separate pull request that updates the release process.
Edit: Both ripemd
and sha256
hash functions can use the Node.js crypto library both of which will browserify. However, we'll need to use the name rmd160
and not ripemd160
for it to browserify.
Does new Buffer(data, 'utf-8')
handle surrogate pairs correctly?
Google closure's goog.crypt.stringToUtf8ByteArray
does not, although it looks like this blog post here has a work-around: http://jonisalonen.com/2012/from-utf-16-to-utf-8-in-javascript/
As you know I have a port of BitAuth to the JVM in clojure here: https://github.com/xcthulhu/clj-bitauth
My tests are written in an isomorphic fashion where they compile to both Java byte code and javascript, and right now all my tests are passing and I have perfect feature parity.
This is currently working with my stack to be honest, but I'm willing to change my upstream code if javascript's new Buffer(data, 'utf-8')
reliably agrees with java's data.getBytes("UTF-8")
.
The core module now handles signing Unicode payloads in a platform independent way. I have tested my changes both in the mocha tests here and also in a Clojure/JVM port of bitauth I have authored here: https://github.com/xcthulhu/clj-bitauth/blob/utf-16/test/bitauth/core_test.cljc#L95
I also fixed the
make_dist.sh
script, and put the browser bundles back in thedist
directory as per a request by @crisptrutski, the CLJSJS maintainer in a discussion I had with him here: https://github.com/cljsjs/packages/pull/223TODO:
bitauth.encrypt
andbitauth.decrypt
don't handle unicode in a platform independent mannerbitauth.encrypt
andbitauth.decrypt
would be nice, rather than just elementary passwords, as I discuss in https://github.com/bitpay/bitauth/issues/38I'm using BitAuth as my security layer for my own project. I had admittedly invented a similar protocol while I was doing contract work for Ethereum, and I figured since you guys already had an effort I would build off of this.
If you guys want, I would love to build on the BitAuth standard and make pull requests upstream as my design requirements dictate I make extensions.