Author: Jeremy Spilman 2014-03-02 07:52:40
Published on: 2014-03-02T07:52:40+00:00
The BIP70 protocol outlines that if the pki_type is x509+sha256, then the PaymentRequest message is hashed using the SHA256 algorithm to produce the message digest that is signed. On the other hand, if the pki_type is x509+sha1, then the SHA1 algorithm is used. However, it's worth noting that this reference may be outdated as the field to be hashed is actually 'PaymentRequest', not 'Payment' message. There are a few suggestions to improve the clarity of the protocol. Firstly, the hashing process could be more explicitly outlined such as copying the PaymentRequest, setting the signature field to an empty string, serializing it to a byte[] and then hashing it. Additionally, since SHA1 is retiring, it may be worth reconsidering its use in the protocol. Finally, the question was raised whether there is any way for end-users to see details like the pki_type and certificate chain, similar to how browsers display these details.
Updated on: 2023-06-08T03:41:50.930209+00:00