@majikah/majik-signature 0.0.13 → 0.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -289,10 +289,13 @@ export class MajikSignatureEmbed {
|
|
|
289
289
|
// "Cannot seal an open-signing file. Sealing is only available for files with an allowlist.",
|
|
290
290
|
// );
|
|
291
291
|
// }
|
|
292
|
-
//
|
|
293
|
-
if (
|
|
294
|
-
|
|
295
|
-
|
|
292
|
+
// Must be a restricted multi-sig file (has an allowlist)
|
|
293
|
+
if (!!envelope.allowlist && !!envelope.allowlistSignerId?.trim()) {
|
|
294
|
+
// Only the issuer may seal
|
|
295
|
+
if (key.fingerprint !== envelope.allowlistSignerId) {
|
|
296
|
+
throw new MajikSignatureKeyError(`Only the issuer ("${envelope.allowlistSignerId}") may seal this file. ` +
|
|
297
|
+
`Provided key fingerprint: "${key.fingerprint}".`);
|
|
298
|
+
}
|
|
296
299
|
}
|
|
297
300
|
// Already sealed
|
|
298
301
|
if (envelope.sealHash) {
|
package/package.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"name": "@majikah/majik-signature",
|
|
3
3
|
"type": "module",
|
|
4
4
|
"description": "Majik Signature is a hybrid post-quantum content signing and verification library for the Majikah ecosystem. Built on top of Majik Key, it provides tamper-proof, forgery-resistant digital signatures for any content format — using a dual-algorithm architecture that combines classical Ed25519 with post-quantum ML-DSA-87 (FIPS-204).",
|
|
5
|
-
"version": "0.0.
|
|
5
|
+
"version": "0.0.14",
|
|
6
6
|
"license": "Apache-2.0",
|
|
7
7
|
"author": "Zelijah",
|
|
8
8
|
"main": "./dist/index.js",
|