Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Experimental: Add a function to verify a signature for an address #19

Open
mcintyre94 opened this issue Jul 24, 2024 · 2 comments
Open
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@mcintyre94
Copy link
Contributor

Motivation

In the deserialize-transanction example, we demonstrate how to verify the signature for a transaction

const signedByAddress = 'ED1WqT2hWJLSZtj4TtTdoovmpMrr7zpkUdbfxmcJR1Fq' as Address;
const signedBySignature = decodedTransaction.signatures[signedByAddress]!;
// We encode the source address to bytes
const sourceAddressBytes = getAddressEncoder().encode(signedByAddress);
// Then we create a public Ed25519 key with those bytes
const signedByPublicKey = await crypto.subtle.importKey('raw', sourceAddressBytes, 'Ed25519', true, ['verify']);
// Now we can verify the signature using that key
const verifiedSignature = await verifySignature(signedByPublicKey, signedBySignature, decodedTransaction.messageBytes);

We could write a helper function that takes as input the bytes purported to have been signed, signature to verify and address, and performs the verification for you.

Example use case

const signedByAddress = 'ED1WqT2hWJLSZtj4TtTdoovmpMrr7zpkUdbfxmcJR1Fq' as Address;
const signedBySignature = decodedTransaction.signatures[signedByAddress]!;
const verifiedSignature = await verifySignatureForAddress(signedByAddress, signedBySignature, decodedTransaction.messageBytes)

Details

  • This should just be the code from my example - address to bytes, verify-only public key from bytes, verifySignature call
  • We may want to note in documentation that you shouldn't do this if you're going to re-use the key for multiple verifications since it'll re-create the same key multiple times

Alternatively, perhaps we could create a function eg createVerifyPublicKeyForAddress that just gives you the public key for an address, to avoid that potential performance issue?

@mcintyre94 mcintyre94 added the enhancement New feature or request label Jul 24, 2024
@steveluscher
Copy link
Collaborator

I agree that we shouldn't create a method that internally constructs the public key only to throw it out, lest that be called more than once for the same address. Creating an address-to-public key helper sounds fine though. No need to use ‘verify’ in that function name, since all Ed25519 CryptoKeys have only ['verify'] usage.

@steveluscher steveluscher added the good first issue Good for newcomers label Oct 24, 2024
@andiz2
Copy link

andiz2 commented Nov 14, 2024

I can take care of this

@steveluscher steveluscher transferred this issue from solana-labs/solana-web3.js Dec 14, 2024
@steveluscher steveluscher transferred this issue from another repository Dec 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants