coming up with better README

Author: Weiwu Zhang

xmldsig/js/README.md

@@ -1,5 +1,38 @@
-Demonstrating verifying XML Digital Signature (xmldsig)
-====
+# Demonstrating verifying XML Digital Signature (xmldsig) #
 
 xmldsig is used to sign every TokenScript file. This directory contains a
-demonstration of how to verify xmldsig with JavaScript code.
+demonstration on how to verify xmldsig with JavaScript code.
+
+## Prepare ##
+
+First, make sure your nodejs is above version 15.0.0 where [WebCrypto was introduced](https://www.nearform.com/blog/implementing-the-web-cryptography-api-for-node-js-core/)
+
+Then, install the dependencies
+
+````
+$ npm install
+````
+
+Finally, apply an xmldom patch for [a known bug](https://github.com/xmldom/xmldom/issues/203). Note that this patch is destructive, the resulting xmldom won't work properly on html files (which we don't use in our case). Such a patch will not be needed (hence will be deleted from this repo) when xmldom release the next version after 0.5.0.
+
+````
+$ patch -p0 < xmldom.patch
+````
+
+## Test ##
+
+Let's say you have a bunch of signed TokenScripts residing in `../../../TokenScript-Repo/aw.app/2020/06/` (which you can get by checking out [TokenScript-Repo](https://github.com/AlphaWallet/TokenScript-Repo)). Run the files through the `xmldsigverifier.js` script:
+
+````
+$ node xmldsigverifier.js ../../../TokenScript-Repo/aw.app/2020/06/*
+[  OK  ] ../../../TokenScript-Repo/aw.app/2020/06/aDAI.tsml
+[  OK  ] ../../../TokenScript-Repo/aw.app/2020/06/cBAT.tsml
+…
+[  OK  ] ../../../TokenScript-Repo/aw.app/2020/06/WETH.tsml
+````
+
+## Work in progress ##
+
+- Because this signature verifier doesn't check the certificates, the result is not an indication whether or not the TokenScript is signed with the correct key. More work needs to be done to use it in production environment.
+
+- A version that can run in the web browser is needed.