Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Imp: Famedly: Refactor signature chain verification code to be more explicit #359

Open
famedly-bot opened this issue Nov 24, 2022 · 1 comment
Open

Imp: Famedly: Refactor signature chain verification code to be more explicit #359

famedly-bot opened this issue Nov 24, 2022 · 1 comment
Labels
improvement

Comments

@famedly-bot
Copy link

In GitLab by @mrmcoding88 on Nov 24, 2022, 13:44

Description

Currently the hasValidSignatureChain function in the SDK does way more than we need. It automatically looks for any possible chain of signatures, recursing potentially infinitely. Usually we do known what chains we are looking for ahead of time though. Usually we need one of these chains:

our device key -> our master -> our device signing key -> our device key

our device key -> our master -> our user-signing -> their master -> their device signing -> their device key

Additionally we want devices directly verified.

For TOFU:

their master -> their device signing -> their device key

Refactoring the code to explicitly check those chains can make the code more resistent to attacks as well as easier to understand for the developers, which helps making the app more maintainable and secure in the long term.

Service,Platform & Version

FamedlySDK

More information
@famedly-bot
Copy link
Author

In GitLab by @Mar-Ga on Feb 2, 2023, 12:32

moved from undefined##undefined

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nikzen @famedly-bot