-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support bundle verification with multiple public keys #826
Comments
hi @baka3k, I've taken a look at the whole proposal and your implementation and it looks good to me - there are few nitpicks that we would have to address but let's address that within the actual PR (like the JS API which is missing currently). Sorry for the lack of attention for this feature - the load is very high currently and it's simply hard for me to find the time. Regarding the threading issue - super glad you found it and investigated it 🎉 cc @okwasniewski would love to know your take on this! |
@baka3k Thanks for your great work on this! @jbroma Proposal looks good for me. This effort will touch many surfaces from introducing new Javascript API to native implementation and documentation so I think agreeing on the implementation and public API beforehand is crucial. @baka3k it would be great if you could add few missing pieces to your proposal before jumping in to implementation:
Thanks in advance! |
@jbroma @okwasniewski Thanks & Best Regards, |
Description
The situation we're facing is as follows:
We have multiple independent MiniApp development teams, and we want each team to use their own unique private key.
This means that when verifying a bundle, we need to pass in the public key of the respective team (which is fetched from the server).
However, when examining the repack source code, we found that the 'verify' function is currently ONLY allowing for a single public key that is hardcoded into the source code, as shown below."
Suggested solution
It would be much better if the verify bundle function could accept an additional public key as a parameter, instead of hardcoding it as it is now, such as:
With this approach, we can have multiple mini-app development teams, each with their own private key for signing their mini-apps. We can authenticate development teams using their keys, allowing them to join the ecosystem or rejecting teams without relying on the main app's private key.
Furthermore, if the main app's private key is lost or compromised, mini-apps created by various development teams can still operate. We have the flexibility to re-sign them whenever needed,(similar Google's Play App Signing approach)
Would you please consider this proposal
Thanks & BestRegard,
Additional context
No response
The text was updated successfully, but these errors were encountered: