caesium icon indicating copy to clipboard operation
caesium copied to clipboard
verified publisher icon lvh

Unable to verify signatures created with a seed

Open talios opened this issue 8 years ago • 4 comments

Calling caesium.crypto.sign/keypair! with a byte[] seed seems to trigger verification failures with verify(sign ...)...).

I modified one of the test cases in sign-test.clj as seen in https://gist.github.com/talios/d0ea678b0ce5b044ec48c6074855cf6a which triggers the problem.

Is this not the correct way to generate a keypair with a common seed, which will survive VM restarts?

talios avatar May 14 '17 23:05 talios

Thanks for your report! I'm looking into this.

lvh avatar May 16 '17 22:05 lvh

The obvious problem is that the seed has to be seedbytes (is, to wit, 32), but that shouldn't matter for that example.

lvh avatar May 16 '17 23:05 lvh

Looks like it's a length problem:

caesium.crypto.sign> (let [{pk :public sk :secret} (generate-signing-keys (.getBytes "secret"))]
      (verify (sign (.getBytes "hi") sk) (.getBytes "hi") pk)
    )
java.lang.RuntimeException: Signature validation failed
caesium.crypto.sign> (let [{pk :public sk :secret} (generate-signing-keys (.getBytes "YELLOW SUBMARINEYELLOW SUBMARINE"))]
      (verify (sign (.getBytes "hi") sk) (.getBytes "hi") pk))

not sure why it doesn't just read 32 bytes past the pointer, though... (Although it still wouldn't be repeatable)

lvh avatar May 16 '17 23:05 lvh

@lvh should that error out/throw an exception is < seedBytes? That'll let me move on my own issues tho.

talios avatar May 17 '17 00:05 talios