New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ethereum signature verification #169
Conversation
test/signature_test.js
Outdated
`${CONCAT_PUBLISHER_ID_PUB58}.privateKey`) | ||
const CONCAT_MESSAGE_FIXTURES = require('./resources/fixtures/concat-message-signature') | ||
const ETH_MESSAGE_FIXTURES = require('./resources/fixtures/ethereum-message-signature') | ||
|
||
describe('Signature verification', () => { | ||
let publisherId | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should add deterministic signature checking here as well, by analogy to my branch
last couple of commits add support for using the Also, I had to add dependencies to lots of forks - the libp2p stuff and ethereumjs-utils; hopefully we can clean this up soon |
Perhaps rename the publisher .id files to something that github will recognize as binary so that they don't pollute the diff? |
we still need a git dependency until they do a new npm release, but at least we're not on a fork any more
5903319
to
5e255c7
Compare
shrinkwrap 😡 |
btw, the libp2p guys are tweaking the secp module loading stuff a bit (libp2p/js-libp2p-crypto#74). The changes are all good, but we'll need to update a few things here once they land. We should either wait a bit to merge this, or pin the version in package.json. Shrinkwrap will technically pin it for us, but I don't really want to lean on that. |
Upstream changes lgtm but let's cut a release w/o waiting for them anyway |
This is branched off of #168, and depends on my fork of js-libp2p-crypto until we can get that merged in.
Adds support for verifying messages signed by ethereum nodes, in the form of a
verifyEthereum
method on thePublicSigningKey
class. If thePublicSigningKey
's underlying key is a libp2pSecp256k1PublicKey
, and the signature length is the expected 65 bytes produced by geth, we call through toverifyEthereum
from the mainverify
method.We can load an ethereum public key from either a marshaled libp2p-crypto PublicKey protobuf, or a Buffer containing either a standard SEC1 public key (compressed or uncompressed), or ethereum's predictably non-standard variant, where they chop off the leading byte of the uncompressed key (wtf dude).
We can also recover the public key from the combination of a message, the signature produced by an ethereum node, and that node's address. If the recovered key matches the address, we use it, otherwise throw an error.
TODO: