A user should be able to extract the footer and message part of a untrusted token. We can realize this by introducing two new types: UntrustedToken and TrustedToken.
Previous discussion in #40 stated the use case of not knowing what the footer contains, but still wanting to verify it. So a user should be able to get the untrusted footer value and pass it to verify()/decrypt() in order for it to be validated. Note that the footer is both compared in constant time AND is part of the signature for public tokens and the authenticated additional data for the AAD for local tokens. This means, that even if the footer has been tampered with, the signature/tag validtion should fail. Sufficient warnings should be part of the documentation of the UntrustedToken and it's risks.
let untrsuted_token = UntrsutedToken::try_from(untrsuted_input)
// untrsuted_token.footer() -> returns Option(&'a [ u8])
let verify([..], [..], untrsuted_token.footer())?;
verify()/decrypt() functions could then return a TrustedToken with the ability to return the same individual parts of the verified token.
A user should be able to extract the footer and message part of a untrusted token. We can realize this by introducing two new types:
UntrustedToken
andTrustedToken
.Previous discussion in #40 stated the use case of not knowing what the footer contains, but still wanting to verify it. So a user should be able to get the untrusted footer value and pass it to
verify()
/decrypt()
in order for it to be validated. Note that the footer is both compared in constant time AND is part of the signature for public tokens and the authenticated additional data for the AAD for local tokens. This means, that even if the footer has been tampered with, the signature/tag validtion should fail. Sufficient warnings should be part of the documentation of theUntrustedToken
and it's risks.verify()
/decrypt()
functions could then return aTrustedToken
with the ability to return the same individual parts of the verified token.Based on discussion starting here: https://github.com/brycx/pasetors/issues/40#issuecomment-1098557241