Enhancement: Implement Content-Based SHA-256 Signature Verification for Apps/Templates

[IgorShadurin]

Overview

Currently, the app/template verification relies on title signatures, which could potentially lead to signature collisions or duplicates when different apps generate similar signatures. We should implement a more robust verification system using SHA-256 hashing of the entire content.

Current Issues

1. Title-based signatures may not be unique across different apps
2. Potential for signature collisions
3. Limited security as only the title is verified
4. No guarantee of content integrity

Proposed Solution

Implement a content-based SHA-256 signature system that verifies the entire app/template content rather than just the title.

Technical Implementation

1. Content Hash Generation

/**
 * Generates a SHA-256 hash of the app/template content
 * @param content - The complete content of the app/template
 * @returns SHA-256 hash of the content
 */
const generateContentHash = (content: AppContent): string => {
  const normalized = normalizeContent(content);
  return crypto.createHash('sha256')
    .update(JSON.stringify(normalized))
    .digest('hex');
};

/**
 * Normalizes content structure to ensure consistent hashing
 * @param content - Raw app/template content
 * @returns Normalized content structure
 */
const normalizeContent = (content: AppContent): NormalizedContent => {
  return {
    // Remove any temporary or volatile fields
    ...content,
    timestamp: undefined,
    tempFields: undefined,
    // Sort arrays to ensure consistent ordering
    dependencies: content.dependencies?.sort(),
    files: content.files?.sort((a, b) => a.path.localeCompare(b.path))
  };
};

2. Signature Structure

interface ContentSignature {
  hash: string;          // SHA-256 hash of normalized content
  timestamp: number;     // Creation timestamp
  version: string;       // Signature version
  publicKey: string;     // Creator's public key
  signature: string;     // Signature of the hash
}

3. Verification Process

/**
 * Verifies the content signature
 * @param content - App/template content
 * @param signature - Content signature
 * @returns boolean indicating if the signature is valid
 */
const verifyContentSignature = async (
  content: AppContent,
  signature: ContentSignature
): Promise<boolean> => {
  // Generate hash of current content
  const currentHash = generateContentHash(content);
  
  // Compare with provided hash
  if (currentHash !== signature.hash) {
    return false;
  }
  
  // Verify signature
  return await verifySignature(
    signature.hash,
    signature.signature,
    signature.publicKey
  );
};

4. Storage Schema Update

interface AppTemplate {
  // ... existing fields ...
  contentSignature: ContentSignature;
  // Remove or deprecate old title-based signature
  titleSignature?: string; // Mark as deprecated
}

Migration Plan

1. Phase 1: Dual Signature Support (2 weeks)

   • Add content signature fields while maintaining title signature
   • Update creation flow to generate both signatures
   • Update verification to check both signatures
   • Add migration script for existing apps/templates

2. Phase 2: Content Signature Transition (1 month)

   • Make content signature mandatory for new apps/templates
   • Display warnings for apps with only title signatures
   • Provide tools for regenerating content signatures

3. Phase 3: Title Signature Deprecation (2 weeks)

   • Remove title signature generation
   • Maintain verification for backward compatibility
   • Schedule complete removal in future version

Implementation Steps

1. Backend Changes

   // New middleware for signature verification
   const validateContentSignature = async (
     req: Request,
     res: Response,
     next: NextFunction
   ) => {
     try {
       const { content, signature } = req.body;
       const isValid = await verifyContentSignature(content, signature);
       
       if (!isValid) {
         return res.status(400).json({
           error: 'Invalid content signature'
         });
       }
       
       next();
     } catch (error) {
       res.status(500).json({
         error: 'Signature verification failed'
       });
     }
   };

2. Frontend Updates

   /**
    * Creates content signature for new app/template
    * @param content - App/template content
    * @param privateKey - Creator's private key
    * @returns Content signature object
    */
   const createContentSignature = async (
     content: AppContent,
     privateKey: string
   ): Promise<ContentSignature> => {
     const hash = generateContentHash(content);
     const timestamp = Date.now();
     
     return {
       hash,
       timestamp,
       version: '1.0',
       publicKey: getPublicKey(privateKey),
       signature: await signContent(hash, privateKey)
     };
   };

3. Database Schema Migration

-- Add new columns for content signature
ALTER TABLE templates
ADD COLUMN content_signature_hash VARCHAR(64),
ADD COLUMN content_signature_timestamp BIGINT,
ADD COLUMN content_signature_version VARCHAR(10),
ADD COLUMN content_signature_public_key TEXT,
ADD COLUMN content_signature_signature TEXT;

-- Create index for faster lookups
CREATE INDEX idx_content_signature_hash ON templates(content_signature_hash);

Security Considerations

1. Hash Collision Prevention

   • Use SHA-256 for cryptographic security
   • Implement content normalization
   • Validate hash uniqueness

2. Signature Verification

   • Implement timeouts for signature verification
   • Rate limit verification requests
   • Log failed verification attempts

3. Key Management

   • Secure private key storage
   • Key rotation policies
   • Public key distribution

Benefits

1. Improved Security

   • Full content verification
   • Cryptographic proof of integrity
   • Tamper detection

2. Better Duplicate Detection

   • Content-based deduplication
   • Accurate version tracking
   • Clear content lineage

3. Enhanced Reliability

   • Consistent verification
   • Reduced false positives
   • Better error handling

Testing Strategy

1. Unit Tests

   • Hash generation
   • Signature creation
   • Verification logic

2. Integration Tests

   • API endpoints
   • Database operations
   • Migration scripts

3. Performance Tests

   • Hash generation speed
   • Verification latency
   • Database query performance

Timeline

1. Week 1-2: Implementation of core signature system
2. Week 3-4: Migration system and dual signature support
3. Week 5-6: Frontend updates and testing
4. Week 7-8: Gradual rollout and monitoring

Success Metrics

1. Zero signature collisions
2. 100% content verification accuracy
3. < 100ms signature verification time
4. Successful migration of existing apps

Next Steps

1. Review and approve technical design
2. Set up development environment
3. Implement core signature system
4. Create migration scripts
5. Update frontend components
6. Deploy to staging
7. Test and validate
8. Plan production rollout

Please review and provide feedback on this proposal.