This updates the way channel signatures are done. Instead of hashing all the data together and signing just a (hex-encoded) hash, the message is now constructed as a human-readable / clear-text string.
This string contains the game ID, channel ID, reinit and topic in a way that a human can check them inside before signing, and only the actual data (e.g. state proto) is hashed beforehand. This makes signatures potentially more secure and trusted (even though they should be made by a temporary key anyway).
With this change, we also include the game ID now, which was previously not included, as an extra protection against relay attacks.
Note that this forks existing game-channel applications, in particular the Xayaships tech demo.
This updates the way channel signatures are done. Instead of hashing all the data together and signing just a (hex-encoded) hash, the message is now constructed as a human-readable / clear-text string.
This string contains the game ID, channel ID, reinit and topic in a way that a human can check them inside before signing, and only the actual data (e.g. state proto) is hashed beforehand. This makes signatures potentially more secure and trusted (even though they should be made by a temporary key anyway).
With this change, we also include the game ID now, which was previously not included, as an extra protection against relay attacks.
Note that this forks existing game-channel applications, in particular the Xayaships tech demo.