Ethereum signature verification #169
Conversation
test/signature_test.js
Outdated
| `${CONCAT_PUBLISHER_ID_PUB58}.privateKey`) | ||
| const CONCAT_MESSAGE_FIXTURES = require('./resources/fixtures/concat-message-signature') | ||
| const ETH_MESSAGE_FIXTURES = require('./resources/fixtures/ethereum-message-signature') | ||
|
|
||
| describe('Signature verification', () => { | ||
| let publisherId | ||
|
|
There was a problem hiding this comment.
should add deterministic signature checking here as well, by analogy to my branch
|
last couple of commits add support for using the Also, I had to add dependencies to lots of forks - the libp2p stuff and ethereumjs-utils; hopefully we can clean this up soon |
|
Perhaps rename the publisher .id files to something that github will recognize as binary so that they don't pollute the diff? |
we still need a git dependency until they do a new npm release, but at least we're not on a fork any more
yusefnapora
force-pushed
the
yn-eth-verify
branch
from
5903319
to
5e255c7
Compare
|
shrinkwrap 😡 |
yusefnapora
changed the title
|
btw, the libp2p guys are tweaking the secp module loading stuff a bit (libp2p/js-libp2p-crypto#74). The changes are all good, but we'll need to update a few things here once they land. We should either wait a bit to merge this, or pin the version in package.json. Shrinkwrap will technically pin it for us, but I don't really want to lean on that. |
|
Upstream changes lgtm but let's cut a release w/o waiting for them anyway |
This is branched off of #168, and depends on my fork of js-libp2p-crypto until we can get that merged in.
Adds support for verifying messages signed by ethereum nodes, in the form of a
verifyEthereummethod on thePublicSigningKeyclass. If thePublicSigningKey's underlying key is a libp2pSecp256k1PublicKey, and the signature length is the expected 65 bytes produced by geth, we call through toverifyEthereumfrom the mainverifymethod.We can load an ethereum public key from either a marshaled libp2p-crypto PublicKey protobuf, or a Buffer containing either a standard SEC1 public key (compressed or uncompressed), or ethereum's predictably non-standard variant, where they chop off the leading byte of the uncompressed key (wtf dude).
We can also recover the public key from the combination of a message, the signature produced by an ethereum node, and that node's address. If the recovered key matches the address, we use it, otherwise throw an error.
TODO: