Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@cardano-foundation/cardano-verify-datasignature

Package Overview
Dependencies
Maintainers
6
Versions
12
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@cardano-foundation/cardano-verify-datasignature

A lightweight typescript library to verify a cip30 datasignature for browser and nodejs

  • 1.0.8
  • npm
  • Socket score

Version published
Maintainers
6
Created
Source

Cardano Verify Datasignature

Release semantic-release: angular

A lightweight typescript library to verify a cip30 datasignature.

Getting Started

npm i @cardano-foundation/cardano-verify-datasignature

Verification

You need a key and a signature from a cip30 datasignature.

How to get a cip30 datasignature?

There are multiple ways to create a cip30 data signature:

  1. Make sure you have a cip30 compatible wallet installed (Nami, NuFi, Typhon Wallet, Flint, Gerowallet, Yoroi, ...).

  2. Option A: Open your browser console and copy&paste this function:

const signMessage = async (message, walletname) => {
  const api = await window.cardano[walletname].enable();
  const hexAddresses = await api.getRewardAddresses();
  const hexAddress = hexAddresses[0];
  let hexMessage = '';

  for (var i = 0, l = message.length; i < l; i++) {
    hexMessage += message.charCodeAt(i).toString(16);
  }

  try {
    const { signature, key } = await api.signData(hexAddress, hexMessage);
    console.log(signature, key);
  } catch (error) {
    console.warn(error);
  }
};

Usage example:

signMessage('Hello World', 'yoroi').then((dataSignature) =>
  console.log(dataSignature)
);
  1. Option B: Use the signMessage function of the cardano-connect-with-wallet library to get a valid key and signature.

What does it mean "to verify a signature"?

This function uses the public key (COSE_KEY) and checks if its corresponding private key has been used to sign the payload (data/message) within the signature (COSE_Sign1).

Furthermore an optional plain text message can be provided to check if both the plain text and the signed message are equal.

Another optional argument is a readable (bech32) address starting with (addr1/addr_test1/stake1/stake_test1) to test if this address belongs to the key that was used to sign the message.

const verifyDataSignature = require('@cardano-foundation/cardano-verify-datasignature');

const key =
  'a4010103272006215820b89526fd6bf4ba737c55ea90670d16a27f8de6cc1982349b3b676705a2f420c6';
const signature =
  '84582aa201276761646472657373581de118987c1612069d4080a0eb247820cb987fea81bddeaafdd41f996281a166686173686564f458264175677573746120416461204b696e672c20436f756e74657373206f66204c6f76656c61636558401712458b19f606b322982f6290c78529a235b56c0f1cec4f24b12a8660b40cd37f4c5440a465754089c462ed4b0d613bffaee3d1833516569fda4852f42a4a0f';
const message = 'Augusta Ada King, Countess of Lovelace';
const address = 'stake1uyvfslqkzgrf6syq5r4jg7pqewv8l65phh024lw5r7vk9qgznhyty';

console.log(verifyDataSignature(signature, key)); // true
console.log(verifyDataSignature(signature, key, message)); // true
console.log(verifyDataSignature(signature, key, message, address)); // true
console.log(
  verifyDataSignature(
    signature,
    key,
    message,
    'stake1_test1hweafkafrwf9ets85rs9gtk9qgzegwtg'
  )
); // false
console.log(
  verifyDataSignature(signature, key, 'Augusta Ada King, Countess of Lovelace!')
); // false

Keywords

FAQs

Package last updated on 19 Dec 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc