| Option1: json.inlineSig: '{ "a": 1, "b": 2, "signature": "ff1341234..." }' Option2: json.outOfBandSig: '?????' Option2: json.signature: 'File=json.outOfBandSig; Signature=ff12341234...' Basically if you try and do option #1 you actually need to parse the content, and THEN find out it's untrusted (which means you need to _execute_ your parser on the potentially unknown / hostile bytes), and then pretend you never processed them in the first place (discard) unknown / hostile bytes. If you do option #2 then you blindly process the bytes with the signature algorithm, verify they are trusted and THEN run your parser on bytes of a signed / known origin. Compare: signedParseInlineSig( '{ "a": 1, "signature": "<<INVALID>>" }' ); signedParseOutOfBandSig( '{ "a": 1 }', "<<INVALID>>" ); ...with #1 you have to run isValid( input, JSON.parse(input).signature ) ...with #2 you run isValid( input, signature ) && JSON.parse( input ) |
And you need to remove the signature and reassemble the modified data structure back to bytes in EXACTLY the same way as the signer did. This is more work (for larger data structures) and way harder to get right.
Re-normalization of the message also has some other issues, e.g. you need to make sure that you are parsing and processing the re-assembled version (what the signature was checked against), not the message you received; otherwise your signature might be completely useless (think about an attacker inserting duplicate keys: the re-normalization might remove them, but your parser might normally not. Signature validates, but you're not processing what was signed! Oops.)
If you do this the best case scenario is that it kinda seems to work, and if you're lucky it's even secure, but it actually doesn't work or silently stops working for some messages after you update a parser somewhere in the system, because suddenly they disagree about some edge case, and your system breaks.