Jeremy Spilman [ARCHIVE] on Nostr: 📅 Original date posted:2014-03-02 📝 Original message:From BIP70: If pki_type is ...
📅 Original date posted:2014-03-02
📝 Original message:From BIP70:
If pki_type is "x509+sha256", then the Payment message is hashed using
the
SHA256 algorithm to produce the message digest that is signed. If
pki_type
is "x509+sha1", then the SHA1 algorithm is used.
A couple minor comments;
- I think it meant to say the field to be hashed is 'PaymentRequest' not
'Payment' message -- probably got renamed at some point and this is an old
reference calling it by its original name.
- Could be a bit more explicit about the hashing, e.g. 'copy the
PaymentRequest, set the signature field to the empty string, serialize to
a byte[] and hash.
- SHA1 is retiring, any particular reason to even have it in there at all?
- Should there any way for the end-user to see details like the pki_type
and the certificate chain, like browser do?
Thanks,
Jeremy
📝 Original message:From BIP70:
If pki_type is "x509+sha256", then the Payment message is hashed using
the
SHA256 algorithm to produce the message digest that is signed. If
pki_type
is "x509+sha1", then the SHA1 algorithm is used.
A couple minor comments;
- I think it meant to say the field to be hashed is 'PaymentRequest' not
'Payment' message -- probably got renamed at some point and this is an old
reference calling it by its original name.
- Could be a bit more explicit about the hashing, e.g. 'copy the
PaymentRequest, set the signature field to the empty string, serialize to
a byte[] and hash.
- SHA1 is retiring, any particular reason to even have it in there at all?
- Should there any way for the end-user to see details like the pki_type
and the certificate chain, like browser do?
Thanks,
Jeremy