Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@dfinity/certificate-verification
Advanced tools
Changelog
2.4.0 (2024-02-19)
Readme
Certificate verification on the Internet Computer is the process of verifying that a canister's response to a query call has gone through consensus with other replicas hosting the same canister.
This package partially encapsulates the protocol for such verification. It performs the following actions:
In the following example, canister
is an actor created with @dfinity/agent-js
for a canister with the following candid:
type certified_response = record {
"data" : nat32;
"certificate" : blob;
"witness" : blob;
};
service : {
"get_data" : () -> (certified_response) query;
};
Check ic-certification for details on how to create certificate
and witness
inside your canister.
calculateDataHash
is a userland provided function that can calculate the hash of the data returned from the canister. This must be calculated in the same way on the canister and the frontend.
const { data, certificate, witness } = await canister.get_data();
const tree = await verifyCertification({
canisterId: Principal.fromText(canisterId),
encodedCertificate: new Uint8Array(certificate).buffer,
encodedTree: new Uint8Array(witness).buffer,
rootKey: agent.rootKey,
maxCertificateTimeOffsetMs: 50000,
});
const treeDataHash = lookup_path(['count'], tree);
const responseDataHash = calculateDataHash(data);
if (treeDataHash !== responseDataHash) {
// The data returned from the canister does not match the certified data.
}
See the certified counter example for a full e2e example of how to create a certification and verify it using this package.
FAQs
Client side certificate verification for the Internet Computer
The npm package @dfinity/certificate-verification receives a total of 1 weekly downloads. As such, @dfinity/certificate-verification popularity was classified as not popular.
We found that @dfinity/certificate-verification demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.