| blob | b9a8bb618f359b14ba9b9bcbc934595f8c1ba4ba |
2 The public/private key pairs were generated with the following commands:
4 openssl genrsa -out private_key.pem 2048
5 openssl rsa -in private_key.pem -pubout -out public_key.pem
8 The payload.json file contains randomly generated base64url encoded sha256
9 hashes for a set of file paths.
12 The signature was generated by:
14 1) Take the contents of payload.json and base64url encode them:
15 cat payload.json | tr -d \\n | base64 -w0 | tr / _ | tr + \- | tr -d '=' > payload_encoded.txt
17 2) Put the contents of payload_encoded.txt into the "payload" field of
18 verified_contents.json.
20 3) Copy the contents of the "protected" field (the one with {"kid":
21 "webstore"}) from verified_contents.json into protected.txt.
23 4) Concatenate the "protected" and "payload" fields with a '.' separator.
25 echo -n '.' | cat protected.txt - payload_encoded.txt > signature_input.txt
27 5) Sign it
29 tr -d \\n < signature_input.txt | openssl dgst -sha256 -sign private_key.pem -binary | base64 -w0 | tr / _ | tr + \- | tr -d '=' > signature.txt
31 6) Put the contents of signature.txt into the "signature" field in
32 verified_contents.json.