You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found that it was necessary to duplicate much of the code involved in generating the signing string. I hopeful that we can figure out a way to improve on this situation.
And there does not appear to be any support for custom verifiers which would allow one to validate an EdDSA signature. Even if one would roll their own verification code, there is still a need to specify the proper algorithm.
I'm hoping to start a conversation about how to make this module more extensible generally. Some goals:
a way to implement signers/verifiers that does not involve reimplementing header/signing string boilerplate in other libs
a way to extend the available signing/verification algorithms
Making another run at #58
Here is a first draft of an implementation that uses the RequestSigner API as a patch to
request: request/request@master...digitalbazaar:httpSignI found that it was necessary to duplicate much of the code involved in generating the signing string. I hopeful that we can figure out a way to improve on this situation.
The show stopper at the moment is the lack of support for
eddsaalgorithm here: https://github.com/joyent/node-http-signature/blob/master/lib/utils.js#L13-L17And there does not appear to be any support for custom verifiers which would allow one to validate an EdDSA signature. Even if one would roll their own verification code, there is still a need to specify the proper algorithm.
I'm hoping to start a conversation about how to make this module more extensible generally. Some goals:
Why EdDSA? Here's some informal benchmarking that shows that ed25519 signing is much faster that RSA 2048. https://github.com/digitalbazaar/crypto-bench
The text was updated successfully, but these errors were encountered: