treadful/jot
1
0
Fork 0
Code Issues 19 Pull requests Projects Releases 14 Packages 3 Wiki Activity Actions

feat: implement reader-facing signature validation #13

New issue
Closed
opened 2025-09-27 20:41:46 +00:00 by treadful · 2 comments
treadful commented 2025-09-27 20:41:46 +00:00
Owner
Copy link

There's a few options.

  1. Simply display a checkmark and signature after the server validates (maybe offer raw downloads?)
  2. Implement client-side validation, where the client fetches the raw file and validates the signature on its own.
  3. Implement in the CLI client to validate foreign signatures

1 is relatively easy but requires trust of the server. 2 will no doubt have implementation difficulties between whatever JS (WASM?) ECDSA/secp256k implementation we get. 3 might be the most straight forward option, since most of the code needed is already there.

  • feat(server): server-side signature validation #94
  • feat(client): client-side signature validation #95
  • feat(server): authentication instructions in footer #96
There's a few options. 1) Simply display a checkmark and signature after the server validates (maybe offer raw downloads?) 2) Implement client-side validation, where the client fetches the raw file and validates the signature on its own. 3) Implement in the CLI client to validate foreign signatures 1 is relatively easy but requires trust of the server. 2 will no doubt have implementation difficulties between whatever JS (WASM?) ECDSA/secp256k implementation we get. 3 might be the most straight forward option, since most of the code needed is already there. - [ ] feat(server): server-side signature validation #94 - [ ] feat(client): client-side signature validation #95 - [ ] feat(server): authentication instructions in footer #96
treadful added this to the 0.1 milestone 2025-09-27 20:41:46 +00:00
treadful commented 2025-11-23 19:58:51 +00:00
Author
Owner
Copy link

Wondering if client-side validation could be implemented with WASM to allow the use of the same code as the server and client does. This might take a while though since there'll be some new learning but it'll be simpler in the long run.

Maybe push option 2 into the distant future.

Option 1 could be done on the server while doing real validation (to ensure storage wasn't fooled with). And option 3 just needs to be exposed to users somehow.

I think all options are valid and this issue should be split up.

Wondering if client-side validation could be implemented with WASM to allow the use of the same code as the server and client does. This might take a while though since there'll be some new learning but it'll be simpler in the long run. Maybe push option 2 into the distant future. Option 1 could be done on the server while doing real validation (to ensure storage wasn't fooled with). And option 3 just needs to be exposed to users somehow. I think all options are valid and this issue should be split up.
treadful commented 2025-11-23 20:08:30 +00:00
Author
Owner
Copy link

Should be noted that option 3 has already been implemented in the CLI client. It just needs to be exposed to the user on the Web page.

Closing this issue since it's been broken out into the 3 options.

Should be noted that option 3 has already been implemented in the CLI client. It just needs to be exposed to the user on the Web page. Closing this issue since it's been broken out into the 3 options.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
chore/pkgbuild-update
feat/comrak-extensions
chore/release-0.1.2
chore/first-release
feat/pr-workflow
v0.3.8
v0.3.7
v0.3.6
v0.3.5
v0.3.4
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.0
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
jot-v0.1.2
jot-server-v0.1.2
jot-client-v0.1.2
jot-server-v0.1.1
jot-client-v0.1.1
jot-v0.1.1
jot-server-v0.1.0
jot-client-v0.1.0
jot-v0.1.0
Labels
Clear labels   
bug

Something is not working

  
cli-client

   
devops

   
docs

Documentation

  
duplicate

This issue or pull request already exists

  
feature

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
library

   
question

More information is needed

  
security

   
server

   
wontfix

This won't be fixed

No labels
bug
cli-client
devops
docs
duplicate
feature
help wanted
invalid
library
question
security
server
wontfix
Milestone
Clear milestone
No items
No milestone
0.1
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
treadful/jot#13
No description provided.