@majikah/majik-signature 0.0.2 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -63,7 +63,7 @@ export declare class MajikSignatureEmbed {
|
|
|
63
63
|
*/
|
|
64
64
|
static verify(file: Blob, publicKeys: MajikSignerPublicKeys, MajikSig: MajikSignatureStaticAdapter, options?: ExtractOptions & {
|
|
65
65
|
expectedSignerId?: string;
|
|
66
|
-
}): Promise<EmbedVerifyResult>;
|
|
66
|
+
}, debug?: boolean): Promise<EmbedVerifyResult>;
|
|
67
67
|
/**
|
|
68
68
|
* Verify using a MajikKey instance instead of raw public keys.
|
|
69
69
|
* Called from MajikSignature.verifyFile() — MajikSig passed to avoid
|
|
@@ -28,6 +28,7 @@ import { MkvHandler } from "./handlers/mkv";
|
|
|
28
28
|
import { OfficeHandler } from "./handlers/office";
|
|
29
29
|
import { TextHandler } from "./handlers/text";
|
|
30
30
|
import { FallbackHandler } from "./fallback";
|
|
31
|
+
import { bytesToBase64, hashContent } from "../hash";
|
|
31
32
|
// ─── Registry ─────────────────────────────────────────────────────────────────
|
|
32
33
|
const DEFAULT_REGISTRY = new FormatHandlerRegistry()
|
|
33
34
|
.register(new PdfHandler())
|
|
@@ -105,12 +106,14 @@ export class MajikSignatureEmbed {
|
|
|
105
106
|
* Requires the MajikSignature static class passed in as `MajikSig` to
|
|
106
107
|
* avoid a circular import. Called from MajikSignature.verifyFile().
|
|
107
108
|
*/
|
|
108
|
-
static async verify(file, publicKeys, MajikSig, options) {
|
|
109
|
+
static async verify(file, publicKeys, MajikSig, options, debug = false) {
|
|
109
110
|
const bytes = await blobToBytes(file);
|
|
110
111
|
const mimeType = options?.mimeType ?? detectMimeType(bytes, file.type);
|
|
111
112
|
const handler = DEFAULT_REGISTRY.resolve(bytes, mimeType);
|
|
112
113
|
const signatureJson = await handler.extract(bytes);
|
|
113
114
|
if (!signatureJson) {
|
|
115
|
+
if (debug)
|
|
116
|
+
console.error("No embedded signature found");
|
|
114
117
|
return {
|
|
115
118
|
valid: false,
|
|
116
119
|
reason: "No embedded signature found",
|
|
@@ -129,6 +132,12 @@ export class MajikSignatureEmbed {
|
|
|
129
132
|
};
|
|
130
133
|
}
|
|
131
134
|
const originalBytes = await handler.strip(bytes);
|
|
135
|
+
if (debug) {
|
|
136
|
+
const recomputedHash = bytesToBase64(hashContent(originalBytes));
|
|
137
|
+
console.log("Verify-side hash:", recomputedHash);
|
|
138
|
+
console.log("Embedded hash: ", parsedSig.contentHash);
|
|
139
|
+
console.log("match:", recomputedHash === parsedSig.contentHash);
|
|
140
|
+
}
|
|
132
141
|
if (options?.expectedSignerId &&
|
|
133
142
|
parsedSig.signerId !== options.expectedSignerId) {
|
|
134
143
|
return {
|
|
@@ -49,7 +49,7 @@ export declare class MajikSignature {
|
|
|
49
49
|
* @param options - Optional content type label and timestamp override
|
|
50
50
|
* @returns - MajikSignature instance (ready to serialize)
|
|
51
51
|
*/
|
|
52
|
-
static sign(content: Uint8Array | string, key: MajikKey, options?: SignOptions): Promise<MajikSignature>;
|
|
52
|
+
static sign(content: Uint8Array | string, key: MajikKey, options?: SignOptions, debug?: boolean): Promise<MajikSignature>;
|
|
53
53
|
/**
|
|
54
54
|
* Verify a MajikSignature against content and the signer's public keys.
|
|
55
55
|
*
|
package/dist/majik-signature.js
CHANGED
|
@@ -86,7 +86,7 @@ export class MajikSignature {
|
|
|
86
86
|
* @param options - Optional content type label and timestamp override
|
|
87
87
|
* @returns - MajikSignature instance (ready to serialize)
|
|
88
88
|
*/
|
|
89
|
-
static async sign(content, key, options) {
|
|
89
|
+
static async sign(content, key, options, debug = false) {
|
|
90
90
|
try {
|
|
91
91
|
// ── Input validation ──
|
|
92
92
|
MajikSignatureValidator.validateContent(content);
|
|
@@ -116,10 +116,21 @@ export class MajikSignature {
|
|
|
116
116
|
contentHash,
|
|
117
117
|
contentType,
|
|
118
118
|
});
|
|
119
|
+
if (debug) {
|
|
120
|
+
console.log("Signing Payload:", payload);
|
|
121
|
+
}
|
|
119
122
|
// ── Sign with Ed25519 ──
|
|
120
123
|
const edSigBytes = ed25519.sign(edSecretKey, payload);
|
|
124
|
+
if (debug) {
|
|
125
|
+
console.log("mlDsaSecretKey type:", mlDsaSecretKey?.constructor?.name);
|
|
126
|
+
console.log("mlDsaSecretKey length:", mlDsaSecretKey?.length);
|
|
127
|
+
console.log("mlDsaSecretKey byteLength:", mlDsaSecretKey?.byteLength);
|
|
128
|
+
console.log("mlDsaSecretKey byteOffset:", mlDsaSecretKey?.byteOffset);
|
|
129
|
+
console.log("mlDsaSecretKey buffer.byteLength:", mlDsaSecretKey?.buffer?.byteLength);
|
|
130
|
+
console.log("is Uint8Array:", mlDsaSecretKey instanceof Uint8Array);
|
|
131
|
+
}
|
|
121
132
|
// ── Sign with ML-DSA-87 ──
|
|
122
|
-
const mlDsaSigBytes = ml_dsa87.sign(
|
|
133
|
+
const mlDsaSigBytes = ml_dsa87.sign(payload, mlDsaSecretKey);
|
|
123
134
|
// ── Assemble envelope ──
|
|
124
135
|
const envelope = {
|
|
125
136
|
version: MAJIK_SIGNATURE_VERSION,
|
|
@@ -135,6 +146,9 @@ export class MajikSignature {
|
|
|
135
146
|
return new MajikSignature(envelope);
|
|
136
147
|
}
|
|
137
148
|
catch (err) {
|
|
149
|
+
if (debug) {
|
|
150
|
+
console.error("Raw Signing Error:", err);
|
|
151
|
+
}
|
|
138
152
|
if (err instanceof MajikSignatureError)
|
|
139
153
|
throw err;
|
|
140
154
|
throw new MajikSignatureError("Failed to sign content", err);
|
|
@@ -191,7 +205,9 @@ export class MajikSignature {
|
|
|
191
205
|
// ── Step 4: Verify ML-DSA-87 ──
|
|
192
206
|
let mlDsaOk;
|
|
193
207
|
try {
|
|
194
|
-
mlDsaOk = ml_dsa87.verify(
|
|
208
|
+
mlDsaOk = ml_dsa87.verify(base64ToBytes(env.mlDsaSignature), // sig
|
|
209
|
+
payload, // msg
|
|
210
|
+
publicKeys.mlDsaPublicKey);
|
|
195
211
|
}
|
|
196
212
|
catch {
|
|
197
213
|
return invalid();
|
package/package.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"name": "@majikah/majik-signature",
|
|
3
3
|
"type": "module",
|
|
4
4
|
"description": "Majik Signature is a hybrid post-quantum content signing and verification library for the Majikah ecosystem. Built on top of Majik Key, it provides tamper-proof, forgery-resistant digital signatures for any content format — using a dual-algorithm architecture that combines classical Ed25519 with post-quantum ML-DSA-87 (FIPS-204).",
|
|
5
|
-
"version": "0.0.
|
|
5
|
+
"version": "0.0.4",
|
|
6
6
|
"license": "Apache-2.0",
|
|
7
7
|
"author": "Zelijah",
|
|
8
8
|
"main": "./dist/index.js",
|
|
@@ -48,7 +48,7 @@
|
|
|
48
48
|
"prepublishOnly": "npm run build"
|
|
49
49
|
},
|
|
50
50
|
"dependencies": {
|
|
51
|
-
"@majikah/majik-key": "^0.2.
|
|
51
|
+
"@majikah/majik-key": "^0.2.1",
|
|
52
52
|
"@noble/post-quantum": "^0.5.4",
|
|
53
53
|
"@stablelib/ed25519": "^2.0.2",
|
|
54
54
|
"@stablelib/sha256": "^2.0.1",
|