Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/lookup sometime returns bad signatures on vector.im #154

Closed
babolivier opened this issue May 7, 2019 · 2 comments
Closed

/lookup sometime returns bad signatures on vector.im #154

babolivier opened this issue May 7, 2019 · 2 comments

Comments

@babolivier
Copy link
Contributor

When looking up the MXID for an email I registered some time ago ([email protected], on 22/08/2018), and trying to validate the signature that Sydent returns in the response, I get Signature was forged or corrupt. The public key used to verify is ta8IQ0u1sp44HVpxYi7dFOdS/bfwDjcy4xLFlfY5KOA, which is the one currently shown when querying https://vector.im/_matrix/identity/api/v1/pubkey/ed25519:0.

I can reproduce this issue with all of my some-months-old 3PIDs, but if I register a new email address ([email protected], registered today around 2PM BST), the signature is correct.
@babolivier babolivier mentioned this issue May 7, 2019
Merged
@babolivier babolivier mentioned this issue Jun 28, 2019
Closed
@babolivier
Copy link
Contributor Author

After investigation it seems that this was caused by bad key management on vector.im, so this is not a Sydent bug.

@richvdh
Copy link
Member

richvdh commented Jul 29, 2020

Also: this is only a problem on the deprecated /_matrix/identity/api/v1/lookup API. The replacement /_matrix/identity/v2/lookup doesn't use a signature, so is unaffected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@richvdh @babolivier