So, I've been trying to inter-operate with CryptoKit, and my backend running on Linux, and it appears that the documentation here is incorrect. It claims that the data is first digested with SHA256
, but my testing seems to say that the convenience Data
functions is actually done with SHA512
import CryptoKit
import Foundation
typealias Key = P521.Signing.PrivateKey
func verify1() throws {
let key = Key()
let data = "1 2 3 4 5 6 7 8 9 0".data(using: .ascii)!
let digest = SHA256.hash(data: data)
let signature = try key.signature(for: digest)
let verified = key.publicKey.isValidSignature(signature, for: data)
print("verified \(verified)")
}
func verify2() throws {
let key = Key()
let data = "1 2 3 4 5 6 7 8 9 0".data(using: .ascii)!
let digest = SHA512.hash(data: data)
let signature = try key.signature(for: digest)
let verified = key.publicKey.isValidSignature(signature, for: data)
print("verified \(verified)")
}
func main() {
do {
try verify1()
try verify2()
}
catch {
print(error.localizedDescription)
}
}
main()
(My Generic-Fu was insufficient to avoid the copy paste)
When the above is run on my machine I get:
% swift test.swift
verified false
verified true
Is my diagnosis correct?