Re: [Help-gnunet] What's the correct CRYPTO API to sign a CADET message?

[Christian Grothoff]

On 9/18/19 9:52 PM, Alessio Vanni wrote:
> Hello,
> 
> As part of an application I'm writing, some messages are exchanged
> between peers through CADET.  Due to some design choices of the
> application, I need to sign these messages so that the recipient can
> verify that they were not tampered with (any particular characteristic
> of CADET does not apply here, due to the aforementioned choices.)
> 
> Looking at the CRYPTO library and some actual code using it I believe I
> got how to do what I need, but I'm still not sure, so I have these
> questions:
> 
> Can I use an ego's pair of keys to sign arbitrary data? 

Yes. Using the GNUNET_CRYPTO_ecdsa_sign() operation. You must #define a
new PURPOSE constant to ensure your signature is never confused with a
signature made with the same private key in a different context.

> The public key
> is part of the message already, so if I could also use the private key
> the recipient wouldn't need any extra information as part of the
> message.  This is mostly to be sure, in case there is a better approach.
> 
> How can I serialize the resulting signature in a string?  Using the
> ego's key pair the result is a structure, but there is no "to_string"
> API. 

You can use our generic GNUNET_STRINGS_data_to_string() API. However,
note that CADET is happy to send binary data, so usually there should be
no need to convert the signature to ASCII.

> Can I just copy the content in an array of char and use the result
> as a string?

No, as the signature may contain '\0' characters, so it is not a C-string.

>  If the proper way is another, is there an API or is
> copying the memory block as-is a choice?

For CADET yes, for using it as a C-String, no.

Happy hacking!

Christian

signature.asc
Description: OpenPGP digital signature