@cardano-foundation/cardano-verify-datasignature
Advanced tools
A lightweight typescript library to verify a cip30 datasignature for browser and nodejs
A lightweight typescript library to verify a cip30 datasignature.
npm i @cardano-foundation/cardano-verify-datasignature
You need a key and a signature from a cip30 datasignature.
There are multiple ways to create a cip30 data signature:
Make sure you have a cip30 compatible wallet installed (Nami, NuFi, Typhon Wallet, Flint, Gerowallet, Yoroi, ...).
Option A: Open your browser console and copy&paste this function:
const signMessage = async (message, walletname) => {
const api = await window.cardano[walletname].enable();
const hexAddresses = await api.getRewardAddresses();
const hexAddress = hexAddresses[0];
let hexMessage = '';
for (var i = 0, l = message.length; i < l; i++) {
hexMessage += message.charCodeAt(i).toString(16);
}
try {
const { signature, key } = await api.signData(hexAddress, hexMessage);
console.log(signature, key);
} catch (error) {
console.warn(error);
}
};
Usage example:
signMessage('Hello World', 'yoroi').then((dataSignature) =>
console.log(dataSignature)
);
Option B: Use the signMessage function of the cardano-connect-with-wallet library to get a valid key and signature.
Option C: If you want to use the cli to sign or verify data please checkout the cardano-signer by gitmachtl.
This function uses the public key (COSE_KEY) and checks if its corresponding private key has been used to sign the payload (data/message) within the signature (COSE_Sign1).
Furthermore an optional plain text message can be provided to check if both the plain text and the signed message are equal.
Another optional argument is a readable (bech32) address starting with (addr1/addr_test1/stake1/stake_test1) to test if this address belongs to the key that was used to sign the message.
const verifyDataSignature = require('@cardano-foundation/cardano-verify-datasignature');
const key =
'a4010103272006215820b89526fd6bf4ba737c55ea90670d16a27f8de6cc1982349b3b676705a2f420c6';
const signature =
'84582aa201276761646472657373581de118987c1612069d4080a0eb247820cb987fea81bddeaafdd41f996281a166686173686564f458264175677573746120416461204b696e672c20436f756e74657373206f66204c6f76656c61636558401712458b19f606b322982f6290c78529a235b56c0f1cec4f24b12a8660b40cd37f4c5440a465754089c462ed4b0d613bffaee3d1833516569fda4852f42a4a0f';
const message = 'Augusta Ada King, Countess of Lovelace';
const address = 'stake1uyvfslqkzgrf6syq5r4jg7pqewv8l65phh024lw5r7vk9qgznhyty';
console.log(verifyDataSignature(signature, key)); // true
console.log(verifyDataSignature(signature, key, message)); // true
console.log(verifyDataSignature(signature, key, message, address)); // true
console.log(
verifyDataSignature(
signature,
key,
message,
'stake1_test1hweafkafrwf9ets85rs9gtk9qgzegwtg'
)
); // false
console.log(
verifyDataSignature(signature, key, 'Augusta Ada King, Countess of Lovelace!')
); // false
FAQs
A lightweight typescript library to verify a cip30 datasignature for browser and nodejs
We found that @cardano-foundation/cardano-verify-datasignature demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Biden's executive order pushes for AI-driven cybersecurity, software supply chain transparency, and stronger protections for federal and open source systems.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.