This repository has been archived by the owner on Feb 11, 2025. It is now read-only.
Signature payload cleartext generation deviates from spec #284
Labels
bug
Something isn't working
Comments
|
Good catch on this. We'll fix it soon |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The signing spec says:
The signature is computed by concatenating the following pieces of data together in a line-separated (\n) UTF-8 string: by, name, version, role, at and the label.sha256 of each parcel:However the Bindle server does not include the
atvalue when generating its version of the payload, and so a client who follows the spec creates a signature that is invalid in the eyes of the server.The text was updated successfully, but these errors were encountered: