On Jul 3, 2012, at 10:01 AM, Jim Klo wrote:
> Yes, and as a matter of fact, i just got digital signature validation using
> OpenPGP within a map function working a few minutes ago!
> Here's a link to the relevant code:
> https://github.com/jimklo/TheCollector/blob/master/dataservices/thecollector-resources/views/lib/sig_utils.js
As far as I can tell, this code uses a data schema where the signed contents
are wrapped in some kind of OpenPGP encoding:
> var msg_list = openpgp.read_message(doc.digital_signature.signature);
> for (var i=0; i<msg_list.length; i++) {
> isValid |= msg_list[i].verifySignature();
> }
It looks like msg_list is the actual document payload, which has to be decoded
using openpgp.read_message.
This is IMHO not a very good solution because it hides the document contents
away — for example, all the map functions and any app logic that uses documents
will have to know to call read_message, which will also make them slower.
The schema I implemented (see my previous message) doesn't alter the basic
document format. The signature is in a nested object but applies to the entire
document contents (minus the signature itself of course). There's no need to
change any code that reads documents; the only time you have to know about the
signature scheme is while verifying the signature. It's even possible to have
multiple signatures on a document.
—Jens
