API call to sign arbitrary data

[WhoSoup]

There is currently no way to sign arbitrary data without retrieving a private key over the network, which is fundamentally a bad idea. Currently both FAT and PegNet sign their custom transaction entries by querying the private key of an address over the api, then signing locally.

This would add a "sign-data" method to the wallet that takes an FA address and arbitrary byte data as parameters:

factom/wallet/wsapi/structs.go

Lines 47 to 50 in 5c3c980

	type signDataRequest struct {
	Address string `json:"address"`
	Data []byte `json:"data"`
	}

and returns a public key + signature pair:

factom/wallet/wsapi/structs.go

Lines 210 to 213 in 5c3c980

	type signDataResponse struct {
	PubKey []byte `json:"pubkey"`
	Signature []byte `json:"signature"`
	}

The downside here is that you have to transfer the data to the wallet in order to sign it but with the advantage of never having to retrieve the private key over a potentially unsecure connection. If you need to sign a lot of data, you can still use the alternate method or just sign a hash of the data instead.

I think this would make the ecosystem a lot safer and the wallet a lot more useful for layer 2 applications.

The PR also includes a corresponding factom go client function to call this API endpoint:

factom/sign.go

Lines 7 to 12 in 5c3c980

	type Signature struct {
	PubKey []byte `json:"pubkey"`
	Signature []byte `json:"signature"`
	}
	func SignData(addr string, data []byte) (*Signature, error) {

[sambarnes]

One question on making the command more general purpose for keys of any type. Other than that, code looks healthy to me and a very much needed addition.

[WhoSoup]

alright, i renamed Address to Signer and you can now sign using FA address, EC address, or Identity key

[sambarnes]

Awesome, LGTM