Translations: Japanese
Guaranteeing (Signing) Text Data by Site Owners
This allows for user-specific settings.
This mechanism is implemented using the Web standard, Web Crypto API.
Characters
- Site owner
- Special user
- Other users
Overview of the Mechanism
The site owner signs the certificate used by the special user,
and by having the special user sign the data shared through the text data function,
it ensures that the data generated by the special user is the data intended by the site owner.
Data Involved
We refer to a pair of private and public keys, which can be signed/verified, as a certificate.
- Site Certificate
- Issued and held by the site owner. Used to sign the special user certificate.
- Special User Certificate
- Held by the special user, it is signed by the site owner's site certificate.
- Signed User Data
- Data generated and signed by the special user using the special user certificate.
Flow
- The site administrator issues a site certificate.
- Example: Source code for generating site certificates (codepen)
- The public key of the site certificate is placed in a location accessible to anyone (such as the site's source code).
- The site administrator issues a special user certificate.
- The special user certificate is signed with the site certificate.
- It is distributed to the special user in some way.
- Example: Source code for generating special user certificates (codepen)
- The special user signs the data to be sent to other users, creating the signed user data.
- By including the session ID in the data to be signed, it is possible to prevent impersonation.
- The public key of the special user certificate also needs to be sent.
- Example: Source code for signing user data (codepen)
- About Session ID
- Other users verify the received data.
- The public key of the special user certificate is verified with the public key of the site certificate.
- The signed user data is verified with the public key of the special user certificate.
- Example: Source code for verifying user data (codepen)