verificar la firma

* que la llave pública de la firma sea la que se envía en la transaction
* que el cuerpo del mensaje tenga una línea vacía al final

app/controllers/readings_controller.rb

@@ -16,7 +16,8 @@ class ReadingsController < ActionController::API
       reading.id = params[:transaction_uuid]
       reading.signature = request.headers[:'X-Signature']
       reading.raw_transaction  = request.raw_post
-      reading.verified = reading.verify_ssh_signature
+      reading.raw_transaction << "\n"
+      reading.verified = reading.verify(public_key)
 
       params[:arduinos]&.reject do |a|
         a[:id].blank? || a[:sensores].empty?
@@ -57,11 +58,14 @@ class ReadingsController < ActionController::API
                        r.name = params[:controller_id]
                        r.serial_number = params[:serial_number]
                        r.save
-                       r.public_keys.find_or_create_by(content: params[:public_key])
                      end
                    end
   end
 
+  def public_key
+    @public_key ||= SSHData::PublicKey.parse_openssh(raspberry.public_keys.find_or_create_by(content: params[:public_key]).content)
+  end
+
   # Procesa la transacción
   def reading_params
     @reading_params ||= params.permit(:timestamp,

app/models/reading.rb

@@ -4,8 +4,9 @@ class Reading < ApplicationRecord
   belongs_to :raspberry
   has_many :arduinos
 
-  def verify_ssh_signature
+  # @param :public_key [SSHData::PublicKey]
-    ssh_signature.verify raw_transaction
+  def verify(public_key)
+    public_key == ssh_signature.public_key && ssh_signature.verify(raw_transaction)
   rescue SSHData::Error
     false
   end