Hacker News new | ask | show | jobs
by conradludgate 1425 days ago
I feel like a hash of the contents + some secret bytes could be a convincing signature that only the owners of the secret bytes could author.

Alternatively, hash the contents and signed using asymmetric keys. This would allow for non private key owners to validate the integrity
1 comments
martinko 1425 days ago
> I feel like a hash of the contents + some secret bytes could be a convincing signature that only the owners of the secret bytes could author.

How would you validate the signature?

link
noodlesUK 1425 days ago
Parent is describing a keyed HMAC scheme. JWTs sometimes use them, but key management is a massive PITA.
link