explain verify metadata step by step#75
Conversation
Signed-off-by: Alper Öztürk <67455295+alperozturk96@users.noreply.github.com>
Signed-off-by: Alper Öztürk <67455295+alperozturk96@users.noreply.github.com>
alperozturk96
requested review from
marinofaggiana,
mgallien,
susnux and
tobiasKaminsky
susnux
left a comment
susnux
left a comment
There was a problem hiding this comment.
This is very implementation specific it should explain what to do not how to do it.
Because e.g. convert PEM to x.509 depends on what library you are using.
| #### Step-by-Step Verification Process | ||
|
|
||
| 1. Download the metadata and its corresponding signature from the endpoint: '/ocs/v2.php/apps/end_to_end_encryption/api/v2/meta-data/' | ||
| 2. Decrypt the Metadata Key: |
| - Locate the current user's entry in the users array within the metadata. | ||
| - Extract the encrypted metadata key for that user. Decrypt this key using the client’s private key. | ||
| - This produces the decrypted folder metadata file, which includes: A list of users and each user’s certificate | ||
| 3. Prepare Metadata for Verification: |
There was a problem hiding this comment.
This needs to be step 2, because if it is invalid you have throw it away.
So you should not try to decrypt metadata that is not valid.
There was a problem hiding this comment.
Android does in this order. How do you validate metadata? Client just fetches metadata and removes the file-drop section and serializes. Serialization most likely will succeed.
What kind of verification logic do you have?
| - Convert it into a UTF-8 byte array. | ||
| - Wrap it as a processable content object. |
There was a problem hiding this comment.
This is implementation specific.
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Signed-off-by: Alper Öztürk <67455295+alperozturk96@users.noreply.github.com>
Signed-off-by: Alper Öztürk <67455295+alperozturk96@users.noreply.github.com>
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Signed-off-by: Alper Öztürk <67455295+alperozturk96@users.noreply.github.com>
That's why I created this PR to align also wrote in the description:
Thus with everyone's suggestion we have understandable RFC. Implementation details is just starting point then we can trim and make it better. |
2 participants
Currently, all clients perform the same or similar steps, but the process is not clearly documented.
Please review your codebase. If the implementation does not fully align with the description, provide suggestions to make it more understandable and consistent across all four platforms (iOS, Android, Desktop, and Web).