Representation of public key and signature in meta.security is underspecified

[magnusbaeck]

Description

The documentation of the meta.security.integrityProtection{publicKey,signature} fields doesn't specify the representation/encoding of the values. Are they expected to be hex strings? Or Base64? A complete PEM file? The schema itself doesn't give any guidance; the fields are just plain strings without any restrictions.

Data like this is typically expressed in Base64 and that's probably what the original spec author intended. It's also what the .NET SDK implementation has chosen.

The documentation is the important part, but we could also amend the schemas themselves to only allow the characters permitted in Base64 encoding, plus probably horizontal whitespace.

Motivation

Clarity for people implementing support for event signing in applications and SDKs.

Exemplification

N/A

Benefits

Clarity and unambiguity.

Possible Drawbacks

None.

[e-backmark-ericsson]

For reference, the public key was added to the meta.security object through PR #197, and was earlier discussed in issue #185.