Add ed25519-sha2 signature code #139
Comments
|
Hey @lebdron, thanks for bringing this up again during our sync call earlier. I was reviewing the codec table a second ago and thinking about this. Would it be possible to just combine the existing code for ed25519 keys ( So your implementation of "multi-signature" or whatever it gets called would be to pull two varint-encoded multicodecs, one for the key type, and one for the hash algorithm. In this case, it would be Just a thought - if you do need a new code, I think submitting a PR to this repo as @raulk suggested would be fine. |
|
I'd be careful about allowing the hash function to be customized like this. An attacker could:
Ideally, the hash algorithm would be a property of the key (so changing the algorithm changes the identity of the author). (yes, you can just ban insecure algorithms, just be careful) |
|
@yusefnapora @Stebalien Any updates? |
|
@yusefnapora has actually been working on a signed envelope spec which should be useful here: https://github.com/libp2p/specs/pull/217/files#diff-1d3e44bb1e34e0581019f35b96151a0d. Unfortunately, it does use libp2p keys which don't use multicodecs to identify key types. |
|
Thanks for the reply! I looked at the RFC, and the problem is that |
|
Does not seem to be an issue anymore, as signatures are not transferred without corresponding public keys, and there is already a codec present for the ed25519-sha2 public key. |
Since it is possible to encode ed25519 (sha2?) public key already with
0xed, it would be great to encode ed25519-sha2 signature in the same way.The following related issues are not actively updated, but the introduction of "multisig"/multisign may greatly help us in https://github.com/hyperledger/iroha to migrate from one cryptography algorithm to another without losing backward compatibility.
multiformats/multiformats#23
#125
Ping @yusefnapora
The text was updated successfully, but these errors were encountered: