undefined | Better HN

0 pointsmartinko3y ago0 comments

> I feel like a hash of the contents + some secret bytes could be a convincing signature that only the owners of the secret bytes could author.

How would you validate the signature?

0 comments

Parent is describing a keyed HMAC scheme. JWTs sometimes use them, but key management is a massive PITA.

j / k navigate · click thread line to collapse

0 pointsmartinko3y ago0 comments

> I feel like a hash of the contents + some secret bytes could be a convincing signature that only the owners of the secret bytes could author.

How would you validate the signature?

Parent is describing a keyed HMAC scheme. JWTs sometimes use them, but key management is a massive PITA.

j / k navigate · click thread line to collapse