Expose method to sign arbitrary messages #1051
Comments
|
Thanks for posting this! I think such a feature is crucial. |
I agree, and I think many on the team would agree, too 👍 I'll work to update this issue as we talk through it. |
|
@MarvinJanssen Mind indicating the use case(s) you'd like to build in the short-term with this to help weigh priorities? |
|
@markmhx talking short-term, there is really only one reason why I need it. I am creating a server-side component that tracks user app bucket URLs (for zonefiles). In order to secure this API, the user should sign his/her bucket URL with Connect. The server then resolves the user's reported BNS name via the BNS contract and uses the corresponding principal to verify the signature. I basically need to verify that a specific message actually came from a principal who owns a name on BNS. If you have alternative solutions, let me know. My backup plan was introducing simple Clarity contract and having the user submit a proof via contract call, but that makes it a workaround for a workaround for a workaround... |
|
there are 2 main other use cases I've seen signatures being used on Eth:
|
|
@psq yep long term we need it for DeFi and DeX, and platforms that do server-side matching that require user signatures. (Like 0x Protocol and Wyvern on Ethereum.) |
|
Thanks for the additional context 🙏 I'm assigning to Jasper so he can design. |
|
I see this is in the icebox @markmhx does that mean it will be considered in a later sprint? @MarvinJanssen is awaiting updates 🙂 |
|
I've moved back this issue back into the Kanban backlog. Note that we're no longer working against 2-week sprints but rather incremental delivery of priorities as reflected in the backlog from top to bottom. |
|
I am totally on board with evaluating a system for signed typed data structures, but that's a much bigger engineering task that I don't think we should take on first. The main benefit of the structured data is to fee-less on-chain transactions with logic tied to the data in that signature. However, two things:
Strings are the most obvious use case for Stacks at the moment. It would allow for the very common use case of providing off-chain access to a user that can prove they own an STX address. For example, a web app that gives specific functionality if you own an NFT. To be more concrete about use cases:
|
|
It was determined during a conversation with @MarvinJanssen and @GinaAbrams yesterday that the .BTC app won't have an urgent need for arbitrary message signing unless two things happen sequentially:
The arbitrary message signing route is basically a fallback to the above routes, which are preferable in the order listed. It would involve sending signed messages with zonefile data to a centralized server, which would save the end user the cost of having to sign a transaction but also incur the undesirable involvement of a centralized party. @agraebe @diwakergupta I'll check in with splat next week to see how the Atlas deployment plans are going so we can provide @MarvinJanssen with an update here in regards to timing and how it impacts his options. He's happy to wait a week or two to see if we can get the fixes live on mainnet and save him the work of either workaround. |
|
This is an invaluable thing to have, using signatures from the identity would prove the ownership of a name and a whole lot of things, especially when it comes to off-chain operations, 100% for this |
|
See this feature request: stacks-network/stacks-core#2693. Clarity types are great for this sort of stuff as they are very readable. We could have a mechanism to hash a serialised CV and then sign it. Here is a quick concept:
|
|
This would also be great for bitcoin transaction signing, it would allow pools to implement bitcoin wallet functionality on the web, for instance to withdraw payouts, without needing to instruct the user to user third party wallets or ask the user for the private key (this is a no go). Is there any way I can help speed up this? Thanks. |
|
@aulneau @MarvinJanssen @psq @fiftyeightandeight The PR is ready here #2350 If you can provide your feedback that would be great ! |
|
Provided my test findings on #2350 |
# [3.8.0-beta.2](v3.8.0-beta.1...v3.8.0-beta.2) (2022-05-11) ### Features * add arbitrary message signing ([cfb28e8](cfb28e8)), closes [#1051](#1051)
# [3.8.0-beta.1](v3.7.2...v3.8.0-beta.1) (2022-05-13) ### Bug Fixes * choose account padding ([13d091e](13d091e)) * disable confirm button until fees are loaded ([0500796](0500796)) * error message page ([228e9b7](228e9b7)) * scrollbars from padding changes ([1dffe55](1dffe55)) * transaction page, keep padding at all breakpoints ([feebd62](feebd62)) ### Features * add arbitrary message signing ([cfb28e8](cfb28e8)), closes [#1051](#1051) * update NFTs URL ([5bd221a](5bd221a))
# [3.8.0](v3.7.2...v3.8.0) (2022-05-16) ### Bug Fixes * choose account padding ([13d091e](13d091e)) * disable confirm button until fees are loaded ([0500796](0500796)) * error message page ([228e9b7](228e9b7)) * scrollbars from padding changes ([1038ddb](1038ddb)) * transaction page, keep padding at all breakpoints ([feebd62](feebd62)) ### Features * add arbitrary message signing ([cfb28e8](cfb28e8)), closes [#1051](#1051) * update NFTs URL ([5bd221a](5bd221a))
|
Discourse sign-in with Hiro wallet: |
and others
There will be times when an app needs to sign an arbitrary message. This functionality exists in wallets in Eth, but we don't currently expose a function to do this in stacks apps.
It's suggested that we should make an equivalent to https://eips.ethereum.org/EIPS/eip-712
from discord:
The text was updated successfully, but these errors were encountered: