Signatures use wrong labels
The blog, forum, private group and introduction clients are using the wrong labels for their signatures. The signatures use a label of the form CLIENT_ID + "/FOO"
, which results in the string org.briarproject.bramble.sync.ClientId@abcd1234/FOO
, where abcd1234
is the hash code of the ClientId object, because ClientId inherits its toString()
implementation from Object.
The ClientId object has the same hash code as the string it wraps, which is the same across devices, so the signatures will verify as long as the verifier has the same bug.
Fortunately we're about to break compatibility with the beta series, so we can fix this cleanly.