-
Notifications
You must be signed in to change notification settings - Fork 317
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CIP-0030: update to api.signData() (#148)
* CIP-0030: update to api.signData() The current specification of signData() suffers from several issues: 1) There is no way to get the verification keys to verify the signature returned without prior knowledge 2) The specification did not completely say what would be returned, if it was merely hex-encoded bytes of the signature or what. 3) The COSE_Sign1/COSE_Sign object would need to be constructed identically on both the wallet and dApp side which was not covered by the spec This update should address these as for 1) the COSE_Sign1 object returned is specified to contain in the `kid` header the verification key. 2) is resolved as well as we no longer have untyped bytes, and 3) is also resolved by nature of explicitly returning it. The endpoint as a result is simpler and does not cover more complex CIP-0008/COSE situations but these are likely not needed for dApps, and if they ever are, it would be better to simply add in another endpoint to cover them as this should cover the standard case for verifying ownership of an address(and associated payment key) in a simpler way. Other alterntives were previously discussed in the original CIP-0030 PR: #88 * CIP-30 signData - add address protected header * CIP30: data sign add COSEKey to return value and change kid header * CIP30 data sign: Use Address instead of cbor<address>
- Loading branch information
1 parent
dbca318
commit 3672786
Showing
1 changed file
with
32 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters