top | item 46346526

(no title)

Apple Wallet passes use CMS signatures. you're right that only hashes are signed. but Apple requires an official Developer certificate ($99/year) with a private key that can't be exposed to browsers. for true privacy, each user would need their own cert. and defeats the "free" goal. and if you have a dev certificate it's trivial to generate one on your own machine.

discuss

gruez|2 months ago

>Apple Wallet passes use CMS signatures. you're right that only hashes are signed. but Apple requires an official Developer certificate ($99/year) with a private key that can't be exposed to browsers.

Why can't the browser send the hash to the server for signing?

alentodorov|2 months ago

let me look into it.

saagarjha|2 months ago

Any chance of allowing me to upload my own keys and doing the signing in the browser? I am sure this is a niche use case but I know how to generate the certificate for this but have been too lazy to make a thing like this for (checks to-do list) something like six years and I'd much rather just use your thing lol

alentodorov|2 months ago

that's a good idea. i'll release a BYOK version but don't plan to host it myself. will include a quick run script to run it locally.

the_lucifer|2 months ago

Haha, I just made a comment above that I've been sitting on a half done project to do this for around 8 years now.