You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A given JSON object has many forms that are semantically equivalent. However, digital signatures are always computed over binary data. Therefore, it is necessary to know which form Intel actually signed so that the signature can be correctly verified.
The obvious approach is:
Parse the incoming JSON into timestamps and hex-encoded binary data.
Decode the hex-encoded parts into binary data.
Reserialize the JSON using string concatenation to ensure that there is no whitespace and the key/value pairs have the correct order. Timestamps and hex-encoded binary data will never have metacharacters so there are no injection concerns.
Verify the signature.
Is this correct?
The text was updated successfully, but these errors were encountered:
A given JSON object has many forms that are semantically equivalent. However, digital signatures are always computed over binary data. Therefore, it is necessary to know which form Intel actually signed so that the signature can be correctly verified.
The obvious approach is:
Is this correct?
The text was updated successfully, but these errors were encountered: