Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Services
Re: [OPEN 11 left] UniJoin.io Premium Review and Suggestion Campaign
by
LoyceV
on 04/04/2022, 07:38:32 UTC
I'll continue my review here:
Quote from: LoyceV on April 03, 2022, 11:36:11 AM
Me:
Quote
Are you saying there is no way to verify its authenticity locally?
If so, its just a Letter without Guarantee.
About 5 hours later I got this response from Support Chat:
Quote
You can also verify it locally, you can use the public key and the signature format to generate the signature.

-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxDT7TzmPR+7UdV76iSCr IrdN8DXE4aSMjzgb1Tl66w7p6HOUXGhS4knzAPUklEMqJMDeB0XOhNlsYxLqfzY2 NzFkx6iuYaCgDV9CW/Ilx1Bxp7KY0SWNkJTRU/SQhwTyKoFc0/k+u95+Qt9YxpqX om9Ab9s5EkBRHzz9G5Tzcm1MYVWlk2fBe5g5pF65agCZpbd7tYFRpYdYiyLSFTP/ baF6GljcOfaO7Zq/IdyoXH+2vISMFTspaGAyqmEM2dgTpOfsljQ9s2bOcfLoIN1u CH8iOLfgdCbCOzJ6GWEv8gyBURHFg7YydQ2iOYHbVFhqbtOcqWiY5fx+cph7DmGV PD5Rv72Epue+90cJ7RbODBMMlrJ4XAnb/rUxw9q5ZeMCfROOn8462hoggLjEZJ4S WgvZBepax3/OFJL3BZftf5JCU2YrS55YGY26aRdZyIfa4ZE1WT0hbdCCgKq+EYUW 3uTRi7coAcHmhmtYaxmXIWn//tkNbvwoVkm4lQgs1NBhi7oVbqyHGOFwbCUgdKac hRZ6gczHYPTIUdTctAwBuDfgHX7MBXTOxmjpGDHG20x1/cuUgUYvk3OpO+g+uvvK PKysw589rqYOxq2hs2Q80D1Kd9VzayGU5+ZBcM35fby6bQmhUgvVAa6fIm9a3NK2 SiazvF6yc59qdzdBnBkWUVkCAwEAAQ== -----END PUBLIC KEY-----

Here is our public key so you can double check it in the letter of guarantee

The signature was created through RSA and can be verified through the public key mentioned above and the signature format.

If you dont have a specific tool to verify the signature locally you can use for example this website.

https://8gwifi.org/rsasignverifyfunctions.jsp

Enter the Public Key from your letter of guarantee, the clear text is the signature format, enter the signature itself and select SHA256withRSA as the Signature Algorithm.

We will also add the public key into our website shortly so people can compare and proof the authenticity of the public itself.
First: the public key above is the same as I received. I'll keep this post as the first public mention of UniJoin's public key.

Using a third-party website to verify a signed message is terrible for privacy, but the site might work offline. I haven't been able to test that, because I haven't been able to verify the LoG. All I get is:
Quote
Signature Verification Failed

I'll say again that verifying a signed message would have been so much easier if it's signed from a Bitcoin address.