perkeep/doc/protocol/jsonsign.md

1.3 KiB

JSON signing & verification

A Perkeep server will typically expose a JSON signing handler. The operations for the signing handler are available at URL paths that are under the Discovery protocol response's jsonSignRoot value.

The three handlers paths are:

  • [jsonSignRoot]/camli/sig/discovery
  • [jsonSignRoot]/camli/sig/sign
  • [jsonSignRoot]/camli/sig/verify

Discovery

The discovery handler, in response to a GET request with no options, returns a SignDiscovery value, such as:

{
    "publicKey": "/sighelper/camli/sha1-f72d9090b61b70ee6501cceacc9d81a0801d32f6",
    "publicKeyBlobRef": "sha1-f72d9090b61b70ee6501cceacc9d81a0801d32f6",
    "publicKeyId": "94DE83C46401800C",
    "signHandler": "/sighelper/camli/sig/sign",
    "verifyHandler": "/sighelper/camli/sig/verify"
}

Signing

The signing handler requires a POST request (of either type application/x-www-form-urlencoded or multipart/form-data) and accepts parameters:

  • json: the unsigned JSON to sign

Verification

The verification handler requires a POST request (of either type application/x-www-form-urlencoded or multipart/form-data) and accepts parameters:

  • sjson: the signed JSON to verify