search

oddsdk / ts-odd

An SDK for building apps with decentralized identity and storage.
https://odd.dev/
Apache License 2.0
179 stars 24 forks source link

RSA magic bytes seem to be incorrect #519

Closed hugomrdias closed 1 year ago

hugomrdias commented 1 year ago

am i missing something here ? the magic bytes for rsa seem incorrect.

https://github.com/oddsdk/ts-odd/blob/36c5e95467e6f38044ebf18422e47442e039aad1/src/components/crypto/implementation/browser.ts#L92-L95

// multicodec code for rsa-pub https://github.com/multiformats/multicodec/blob/master/table.csv#L163
const code = 0x1205
const bytes = new Uint8Array([0x85, 0x24])
matheus23 commented 1 year ago

When this code was written, there was no multiformat code for RSA, so we chose something in the "free range" (and I think we may have incorrectly encoded the varint back then).

This needs to be fixed, the code in ts-ucan is correct. The problem is mainly it'll break stuff :)

https://github.com/ucan-wg/ts-ucan/blob/b9188fcf5a4dc505aef46fd60ef24546f73be1a7/packages/default-plugins/src/prefixes.ts#L18-L21

icidasset commented 1 year ago

It’s fixed in the new server, so when we make the switch to the new UCANs we can close this one. Related to #306 (might also be rs-ucan)

hugomrdias commented 1 year ago

Thank you @matheus23 and @icidasset for the explanation. Is it encoding DER ANS1 RSAPublicKey ? Sizes seems to not match either

matheus23 commented 1 year ago

@hugomrdias I don't remember the specific name ATM. I think both the old and the new format are ASN DER, but one encodes SubjectPublicKeyInfo or something like that and the other encodes PublicKeyInfo. I think the ts-ucan code has all the details regarding the old format, too (it has awkward backwards compat code for that).

icidasset commented 1 year ago

Going to close this one, when we switch to the fission-server/ucans it'll be fixed.