Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The Relationship Between Canonical and Signature in BCS #12

Open
tjchern opened this issue Dec 2, 2024 · 1 comment
Open

The Relationship Between Canonical and Signature in BCS #12

tjchern opened this issue Dec 2, 2024 · 1 comment

Comments

@tjchern
Copy link

tjchern commented Dec 2, 2024

I am really confused about Why must the serialized object for signing be canonical.
The process of signing involves the sender's object being serialized into a byte array, which is then signed. The data transmitted is just byte data, and when the receiver verifies the signature, they simply retrieve the same byte data and perform signature verification. It seems like there is no connection to canonical at all during this process.
So, what is the actual impact of canonical on signature verification ?
I look forward to your response. Thank you!

@tjchern
Copy link
Author

tjchern commented Dec 5, 2024

My question is: I’m using proto buffer, a non-canonical serialization format, and it still works as expected. When I sign the data, I’m signing the hash of the serialized byte array. On the receiving side, the same exact byte array is transmitted and received. The recipient hashes the identical byte array and verifies the signature.

It seems to me that there’s no strict need for canonical serialization here, because the signature verification operates directly on the same byte array transmitted over the network, not on an object that is first deserialized and then re-serialized before verification.

This has left me quite confused. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant