Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unicode Support #46

Closed
wants to merge 10 commits into from
Closed

Unicode Support #46

wants to merge 10 commits into from

Conversation

xcthulhu
Copy link
Contributor

The core module now handles signing Unicode payloads in a platform independent way. I have tested my changes both in the mocha tests here and also in a Clojure/JVM port of bitauth I have authored here:
https://github.com/xcthulhu/clj-bitauth/blob/utf-16/test/bitauth/core_test.cljc#L95

I also fixed the make_dist.sh script, and put the browser bundles back in the dist directory as per a request by @crisptrutski, the CLJSJS maintainer in a discussion I had with him here: cljsjs/packages#223

TODO:

  • bitauth.encrypt and bitauth.decrypt don't handle unicode in a platform independent manner
  • ECDH support for shared secrets in bitauth.encrypt and bitauth.decrypt would be nice, rather than just elementary passwords, as I discuss in Add encryption #38

I'm using BitAuth as my security layer for my own project. I had admittedly invented a similar protocol while I was doing contract work for Ethereum, and I figured since you guys already had an effort I would build off of this.

If you guys want, I would love to build on the BitAuth standard and make pull requests upstream as my design requirements dictate I make extensions.

@martindale
Copy link
Contributor

+1, have reviewed. This looks great. Solid ACK from me.

@braydonf
Copy link
Contributor

I think this would be a good time to switch to using the optimized Node.js crypto library for the sha256 function, similar to bitcore, and send it a Buffer. If the data argument isn't a buffer, the type would default to utf-8 with new Buffer(data, 'utf-8').

Also as mentioned in #44 we can include browser builds in tagged releases (not in master), however can fix this is a separate pull request that updates the release process.

Edit: Both ripemd and sha256 hash functions can use the Node.js crypto library both of which will browserify. However, we'll need to use the name rmd160 and not ripemd160 for it to browserify.

@xcthulhu
Copy link
Contributor Author

Does new Buffer(data, 'utf-8') handle surrogate pairs correctly?

Google closure's goog.crypt.stringToUtf8ByteArray does not, although it looks like this blog post here has a work-around: http://jonisalonen.com/2012/from-utf-16-to-utf-8-in-javascript/

As you know I have a port of BitAuth to the JVM in clojure here: https://github.com/xcthulhu/clj-bitauth

My tests are written in an isomorphic fashion where they compile to both Java byte code and javascript, and right now all my tests are passing and I have perfect feature parity.

This is currently working with my stack to be honest, but I'm willing to change my upstream code if javascript's new Buffer(data, 'utf-8') reliably agrees with java's data.getBytes("UTF-8").

@xcthulhu xcthulhu mentioned this pull request Oct 1, 2015
Merged
@xcthulhu xcthulhu closed this Oct 2, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xcthulhu @martindale @braydonf