contentauth / c2pa-js

JavaScript SDK for displaying and validating C2PA data
https://opensource.contentauthenticity.org
MIT License
73 stars 39 forks source link

Failed verification with ed25519 signed image with c2patool #61

Open SoftAvocado opened 2 years ago

SoftAvocado commented 2 years ago

Hello! I am trying to sign image with CAI information with ed25519 cryptographic algorithm. I used private key and certificate from c2pa-rs library main branch at b167baeb3faa78f3a5b9f0e7cf6e197b81ac095b commit. I have added manifest to the image with c2patool according with section "Adding a manifest to an asset file". I noticed that the result picture verifies normally with c2patool, but it fails on verification site. I also repeated the same actions with another keys and certificates (ps256.pem, ps256.pub and es384.pem, es384.pub) from c2pa-rs examples and it worked just fine for both c2patool and verification site.

Can you please clarify if I am doing something wrong? All the files that I used are attached here: artifacts.zip

Validation signed_image.jpg with verification site:

image

Validation signed_image.jpg with c2patool:

image

dkozma commented 2 years ago

Hello @SoftAvocado, unfortunately we don't currently support Ed25519 since WebCrypto doesn't currently have support for it. We have an issue in the https://github.com/contentauth/c2pa-rs project to build this into WASM via WebAssembly, but we haven't prioritized it yet. Let me check in with the team regarding prioritization.

Regardless, we should call this out in the c2pa-js documentation, which we will do shortly.

SoftAvocado commented 2 years ago

@dkozma, thank you for your reply. I'll be looking forward for Ed25519 support implementation.

crandmck commented 1 year ago

@adobe export issue to Jira project CAI

github-jira-sync-bot commented 1 year ago

:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/CAI-3386 is successfully created for this GitHub issue.