Thus said "S. Dale Morrey" on Thu, 17 Apr 2014 11:56:38 -0600:
> However when I send the post request to the server, I hex decode the
> strings back into byte arrays (for hash and sig) the sig comes back as
> invalid (does not conform to spec). Note that the sig is checked for a
> number of attr
I believe that's what I am doing at present. I guess at least for testing
I can pass in the private key and see if the server creates the same
keypair as the client. Then sign the same message between them and compare
the sig hashes at each step. Probably need to do that as a unit test
anyways i
Backup a few steps. Sorry if this is basic - but brute force your way
through.
Within both client and server start at the raw parameters, generate the
intermediates of your signature, compute the final signature. Output
the results of each of these steps and compare (translate raw bytes to
I'm working on a mobile API for something rather sensitive.
The first time a device connects each user generates an ECDSA keypair.
During all subsequent calls, an SHA256 hash is made of all the input
variables along with an nonce or timestamp. The hash is then signed by the
ECDSA key.
I do this t
