Offline signature verification subcommand #12
Assignees
Labels
enhancement
New feature or request
Comments
|
this would be a good addition. I think the cli should rather be consuming the signature from stdin or a path, allowing chaining with curl for instance, or a json output should this be done at some point. |
|
That would be great! Right, stdin or json input file would be more practical than passing in the constituents. |
|
Do you think we can get this feature in the next version upgrade, whenever that is? Just wanted to avoid keeping internal patches. |
|
yes. I'll take a look |
thibmeu
added a commit
to thibmeu/plexi
that referenced
this issue
Nov 28, 2024
This commit adds the ability to perform local validation of proof and signature with plexi. You can run the following example ``` \# Set auditor validation key PLEXI_VERIFYING_KEY="$(curl -sS https://plexi.key-transparency.cloudflare.com/info | jq -r '.keys[0].public_key')" \# Download an akd proof curl -sS https://d1tfr3x7n136ak.cloudfront.net/458298/5f02bf9c5526151669914c4b80a300870e583b6b32e2c537ee4fa4f589fe889d/3ae9497069cc722dc9e00f8251da87071646a57dae2fc7882f1d8214961d80bd > /tmp/proof \# Retrieve epoch, and pass it to the local audit alongside the proof curl -sS https://plexi.key-transparency.cloudflare.com/namespaces/whatsapp.key-transparency.v1/audits/458298 | cargo run -- local-audit --proof-path /tmp/proof --long ``` To do before merge * Add test with real data, possibly the above example. I need to find the right too in Rust to do this * Consider overloading `plexi audit` instead. If an input is present on stdin, or an input path is provided, it's local validation. This might be too complex * Consider printing the previous epoch infered from the provided consistency proof Closes cloudflare#12
thibmeu
added a commit
to thibmeu/plexi
that referenced
this issue
Nov 29, 2024
This commit adds the ability to perform local validation of proof and signature with plexi. You can run the following example ``` \# Set auditor validation key PLEXI_VERIFYING_KEY="$(curl -sS https://plexi.key-transparency.cloudflare.com/info | jq -r '.keys[0].public_key')" \# Download an akd proof curl -sS https://d1tfr3x7n136ak.cloudfront.net/458298/5f02bf9c5526151669914c4b80a300870e583b6b32e2c537ee4fa4f589fe889d/3ae9497069cc722dc9e00f8251da87071646a57dae2fc7882f1d8214961d80bd > /tmp/proof \# Retrieve epoch, and pass it to the local audit alongside the proof curl -sS https://plexi.key-transparency.cloudflare.com/namespaces/whatsapp.key-transparency.v1/audits/458298 | cargo run -- local-audit --proof-path /tmp/proof --long ``` To do before merge * Add test with real data, possibly the above example. I need to find the right too in Rust to do this * Consider overloading `plexi audit` instead. If an input is present on stdin, or an input path is provided, it's local validation. This might be too complex * Consider printing the previous epoch infered from the provided consistency proof Closes cloudflare#12
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Are there any plans to extend the CLI with a subcommand that verifies a pre-obtained SignatureResponse (either input as JSON or its constituents). Such that the flow would be completely offline.
The text was updated successfully, but these errors were encountered: