File tree Expand file tree Collapse file tree 1 file changed +17
-1
lines changed Expand file tree Collapse file tree 1 file changed +17
-1
lines changed Original file line number Diff line number Diff line change @@ -110,7 +110,23 @@ same payload. The resulted signatures are encoded and transmitted preferably
110110using the recommended [JSON envelope](envelope.md).
111111
112112A `(t, n)`-[JSON envelope](envelope.md) is valid if the enclosed signatures pass
113- the verification against at least `t` of `n` unique public keys.
113+ the verification against at least `t` of `n` unique trusted public keys.
114+
115+ To verify a `(t, n)`-ENVELOPE against `n` unique trusted public keys:
116+
117+ - Receive and decode SERIALIZED_BODY, PAYLOAD_TYPE, SIGNATURES from ENVELOPE.
118+ Reject if decoding fails.
119+ - For each (SIGNATURE, KEYID) in SIGNATURES,
120+ - Optionally, filter acceptable public keys by KEYID.
121+ - Verify SIGNATURE against PAE(UTF8(PAYLOAD_TYPE), SERIALIZED_BODY). Skip
122+ over if the verification fails.
123+ - Add the accepted public key to the set ACCEPTED_KEYS.
124+ - Optionally, break if the cardinality of ACCEPTED_KEYS is greater or
125+ equal to `t`.
126+ - Reject if the cardinality of ACCEPTED_KEYS is less than `t`.
127+ - Reject if PAYLOAD_TYPE is not a supported type.
128+ - Parse SERIALIZED_BODY according to PAYLOAD_TYPE. Reject if the parsing
129+ fails.
114130
115131## Test Vectors
116132
You can’t perform that action at this time.
0 commit comments