You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am really confused about Why must the serialized object for signing be canonical.
The process of signing involves the sender's object being serialized into a byte array, which is then signed. The data transmitted is just byte data, and when the receiver verifies the signature, they simply retrieve the same byte data and perform signature verification. It seems like there is no connection to canonical at all during this process.
So, what is the actual impact of canonical on signature verification ?
For example, I’m using proto buffer, a non-canonical serialization format, and it still works as expected. When I sign the data, I’m signing the hash of the serialized byte array. On the receiving side, the same exact byte array is transmitted and received. The recipient hashes the identical byte array and verifies the signature.
It seems to me that there’s no strict need for canonical serialization here, because the signature verification operates directly on the same byte array transmitted over the network, not on an object that is first deserialized and then re-serialized before verification.
This has left me quite confused. Thank you!
The text was updated successfully, but these errors were encountered:
I am really confused about Why must the serialized object for signing be canonical.
The process of signing involves the sender's object being serialized into a byte array, which is then signed. The data transmitted is just byte data, and when the receiver verifies the signature, they simply retrieve the same byte data and perform signature verification. It seems like there is no connection to canonical at all during this process.
So, what is the actual impact of canonical on signature verification ?
For example, I’m using proto buffer, a non-canonical serialization format, and it still works as expected. When I sign the data, I’m signing the hash of the serialized byte array. On the receiving side, the same exact byte array is transmitted and received. The recipient hashes the identical byte array and verifies the signature.
It seems to me that there’s no strict need for canonical serialization here, because the signature verification operates directly on the same byte array transmitted over the network, not on an object that is first deserialized and then re-serialized before verification.
This has left me quite confused. Thank you!
The text was updated successfully, but these errors were encountered: