@cardano-foundation/cardano-verify-datasignature
Advanced tools
A lightweight typescript library to verify a cip30 datasignature for browser and nodejs
A lightweight typescript library to verify a cip30 datasignature.
npm i @cardano-foundation/cardano-verify-datasignature
You need a key and a signature from a cip30 datasignature.
There are multiple ways to create a cip30 data signature:
Make sure you have a cip30 compatible wallet installed (Nami, NuFi, Typhon Wallet, Flint, Gerowallet, Yoroi, ...).
Option A: Open your browser console and copy&paste this function:
const signMessage = async (message, walletname) => {
const api = await window.cardano[walletname].enable();
const hexAddresses = await api.getRewardAddresses();
const hexAddress = hexAddresses[0];
let hexMessage = '';
for (var i = 0, l = message.length; i < l; i++) {
hexMessage += message.charCodeAt(i).toString(16);
}
try {
const { signature, key } = await api.signData(hexAddress, hexMessage);
console.log(signature, key);
} catch (error) {
console.warn(error);
}
};
Usage example:
signMessage('Hello World', 'yoroi').then((dataSignature) =>
console.log(dataSignature)
);
Option B: Use the signMessage function of the cardano-connect-with-wallet library to get a valid key and signature.
Option C: If you want to use the cli to sign or verify data please checkout the cardano-signer by gitmachtl.
This function uses the public key (COSE_KEY) and checks if its corresponding private key has been used to sign the payload (data/message) within the signature (COSE_Sign1).
Furthermore an optional plain text message can be provided to check if both the plain text and the signed message are equal.
Another optional argument is a readable (bech32) address starting with (addr1/addr_test1/stake1/stake_test1) to test if this address belongs to the key that was used to sign the message.
const verifyDataSignature = require('@cardano-foundation/cardano-verify-datasignature');
const key =
'a4010103272006215820b89526fd6bf4ba737c55ea90670d16a27f8de6cc1982349b3b676705a2f420c6';
const signature =
'84582aa201276761646472657373581de118987c1612069d4080a0eb247820cb987fea81bddeaafdd41f996281a166686173686564f458264175677573746120416461204b696e672c20436f756e74657373206f66204c6f76656c61636558401712458b19f606b322982f6290c78529a235b56c0f1cec4f24b12a8660b40cd37f4c5440a465754089c462ed4b0d613bffaee3d1833516569fda4852f42a4a0f';
const message = 'Augusta Ada King, Countess of Lovelace';
const address = 'stake1uyvfslqkzgrf6syq5r4jg7pqewv8l65phh024lw5r7vk9qgznhyty';
console.log(verifyDataSignature(signature, key)); // true
console.log(verifyDataSignature(signature, key, message)); // true
console.log(verifyDataSignature(signature, key, message, address)); // true
console.log(
verifyDataSignature(
signature,
key,
message,
'stake1_test1hweafkafrwf9ets85rs9gtk9qgzegwtg'
)
); // false
console.log(
verifyDataSignature(signature, key, 'Augusta Ada King, Countess of Lovelace!')
); // false
FAQs
A lightweight typescript library to verify a cip30 datasignature for browser and nodejs
We found that @cardano-foundation/cardano-verify-datasignature demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
vlt's new "reproduce" tool verifies npm packages against their source code, outperforming traditional provenance adoption in the JavaScript ecosystem.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.