@sj @dangoodin how would you know whether or not the public key belongs to Alice? Usually in protocols you would have a handshake at the beginning where you'd verify that the sender can sign a message properly. The public key of the sender would have to be known prior and out of band (think certificates like in TLS). Here they just place the public key in the message and use it for the signature verification. As far as I can see, there is nothing in the snippet ensuring that the public key belongs to the sender we are expecting to communicate with.
Notices by Robert Gützkow (robertguetzkow@infosec.exchange)
-
Embed this notice
Robert Gützkow (robertguetzkow@infosec.exchange)'s status on Thursday, 16-Jan-2025 22:17:29 JST 
Robert Gützkow
-
Embed this notice
Robert Gützkow (robertguetzkow@infosec.exchange)'s status on Thursday, 16-Jan-2025 11:33:34 JST
Robert Gützkow
@sj @dangoodin the signature should be validated with a key that you know belongs to the legitimate sender. If you just use the public key that is contained within the very same message you are trying to validate then what is stopping an attacker from supplying a key of their choice?
All GNU social JP content and data are available under the