I am using ECDSA P-384 for signing and verifying messages. The messages are basically stringified JSON.

Should the public key be included inside the message (aka the JSON which gets stringified)? Or should I send the public key separately along with the stringified JSON and the signature?

Does it make any difference?

The reason I ask is because if the public key is included inside the message (stringified JSON), then on the recipient side, first, I have to parse the JSON, then extract the public key, then do the verification. This seems a bit wasteful.

Instead, if I simply included the public key separately along with the message and the signature of the message, then I won't have to parse the message first to extract the public key.

0

There are 0 answers