dsig/test.html

Digital Signature with OpenPGP

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8"/>
        <title>Sample</title>
    </head>
    <body>
        (see console output, please)
        <script src="./dst/dsig-api.js"></script>
        <script>
            (async () => {
                /*  configuration  */
                const passphrase = "sample"

                /*  generate public/private key pair  */
                console.log("==== generate public/private key pair ====")
                const keypair = await DSIG.keygen("Dr. Ralf S. Engelschall", "rse@engelschall.com", passphrase)
                console.log(keypair.publicKey)
                console.log(keypair.privateKey)

                /*  determine public key fingerprint  */
                console.log("==== determine public key fingerprint ====")
                const fpr = await DSIG.fingerprint(keypair.publicKey)
                console.log(fpr)

                /*  generate arbitrary application payload  */
                console.log("==== generate arbitrary application payload ====")
                const bin = "Foo"

                /*  generate arbitrary application meta-information  */
                console.log("==== generate arbitrary application meta-information ====")
                let inf =
                    "Name:    Sample\n" +
                    "Version: 1.0.*\n" +
                    "Issued:  2020-01-01\n" +
                    "Expires: 2020-12-31\n"
                console.log(inf)

                /*  sign arbitrary application payload and meta-information  */
                console.log("==== sign arbitrary application payload and meta-information ====")
                let sig = await DSIG.sign(bin, keypair.privateKey, passphrase, inf)
                console.log(sig)

                /*  verify signature  */
                console.log("==== verify signature ====")
                let infOut = await DSIG.verify(bin, sig, keypair.publicKey, fpr)
                console.log(infOut)
                if (inf === infOut)
                    console.log("meta-information: OK")
                else
                    console.log("meta-information: BAD")

                /*  generate arbitrary application meta-information (again)  */
                console.log("==== generate arbitrary application meta-information (again) ====")
                inf =
                    "Name:    Sample\n" +
                    "Version: 1.0.*\n" +
                    "Issued:  2020-01-01\n" +
                    "Expires: 2020-12-31\n"
                console.log(inf)

                /*  (clear-text) sign arbitrary application meta-information  */
                console.log("==== (clear-text) sign arbitrary application meta-information ====")
                sig = await DSIG.sign(null, keypair.privateKey, passphrase, inf)
                console.log(sig)

                /*  verify signature  */
                console.log("==== verify signature ====")
                infOut = await DSIG.verify(null, sig, keypair.publicKey, fpr)
                console.log(infOut)
                if (inf === infOut)
                    console.log("meta-information: OK")
                else
                    console.log("meta-information: BAD")

                /*  manipulate application license  */
                console.log("==== manipulate application license ====")
                const sigBad = sig.replace(/Expires: 2020-12-31/, "Expires: 2021-12-31")
                console.log(sigBad)

                /*  verify signature again (now has to fail)  */
                console.log("==== verify signature again (now has to fail) ====")
                let x = await DSIG.verify(null, sigBad, keypair.publicKey, fpr).catch((err) => "OK")
                if (x === "OK")
                    console.log("expected signature check failure: OK")
                else
                    console.log("expected signature check failure: BAD")
            })()
        </script>
    </body>
</html>