2.2 KiB
| title | date | tags |
|---|---|---|
| SSB Log Entry 366 | 2020-03-10T08:07:06-05:00 |
SSB Verification From Scratch in Ruby
I just did it (I think). I am going to post it here in tutorial form with the hope that it helps someone.
First we need a few dependencies:
require "json"
require "base64"
require "ed25519"
Here's the message I want to verify:
original_message = {
previous: nil,
author: "@z2M8msI2EUubNHnrEJncglDIy2/SUd+36jCyJnfeiHk=.ed25519",
sequence: 1,
timestamp: 1554164725521,
hash: "sha256",
content: {
type: "about",
about: "@z2M8msI2EUubNHnrEJncglDIy2/SUd+36jCyJnfeiHk=.ed25519",
image: "&jqMB109+asDMUVWkeAsqK/4KlbF+6M2x+jtTdFIdVw8=.sha256",
name: "Netscape Navigator",
},
signature: "3er8E88P7WPSjnm+L3QmoPqNxhqAn/pOjvo6Owk0KNn69FgOjAYLOgRdrGnuihBp4QYWYPJ5bS1Gw9weQKj9DQ==.sig.ed25519",
}
The original message was JSON.
We need to delete the signature from the message before we can verify:
original_message.delete(:signature)
We also need a copy of our public key. I could have been fancy and exracted the value from original_message, but will instead copy/paste for readability:
public_key = Base64.urlsafe_decode64("z2M8msI2EUubNHnrEJncglDIy2/SUd+36jCyJnfeiHk=")
Same thing with the signature. I am just copy/pasting the value found in original_message:
signature = Base64.urlsafe_decode64("3er8E88P7WPSjnm+L3QmoPqNxhqAn/pOjvo6Owk0KNn69FgOjAYLOgRdrGnuihBp4QYWYPJ5bS1Gw9weQKj9DQ==")
Since JSON is not deterministic, we need to serialize the message exactly how we found it. Luckily the Ruby JSON lib follows those rules when using pretty_generate. Don't forget to call .chomp to remove any trailing carriage returns (they will invalidate the signature):
message = JSON.pretty_generate(original_message).chomp
We now have a message and a private_key. We are ready to verify:
Ed25519::VerifyKey.new(public_key).verify(signature, message)
The program will return true if OK (🎉) or throw a Ed25519::VerifyError exception if verification fails.
How does that look to all of the #ssb experts reading this?