Apple Wallet passes use CMS signatures. you're right that only hashes are signed. but Apple requires an official Developer certificate ($99/year) with a private key that can't be exposed to browsers. for true privacy, each user would need their own cert. and defeats the "free" goal. and if you have a dev certificate it's trivial to generate one on your own machine.

▲

gruez 9 hours ago | parent | next [-]

>Apple Wallet passes use CMS signatures. you're right that only hashes are signed. but Apple requires an official Developer certificate ($99/year) with a private key that can't be exposed to browsers.

Why can't the browser send the hash to the server for signing?

	▲	alentodorov 9 hours ago \| parent [-]
		let me look into it.

▲

saagarjha 9 hours ago | parent | prev [-]

Any chance of allowing me to upload my own keys and doing the signing in the browser? I am sure this is a niche use case but I know how to generate the certificate for this but have been too lazy to make a thing like this for (checks to-do list) something like six years and I'd much rather just use your thing lol

	▲	alentodorov 9 hours ago \| parent \| next [-]
		that's a good idea. i'll release a BYOK version but don't plan to host it myself. will include a quick run script to run it locally.
	▲	the_lucifer 9 hours ago \| parent \| prev [-]
		Haha, I just made a comment above that I've been sitting on a half done project to do this for around 8 years now.