search

ACken2 / bip322-js

A Javascript library that provides utility functions related to the BIP-322 signature scheme
https://acken2.github.io/bip322-js/
MIT License
18 stars 13 forks source link

(question) Verification of buffers. #11

Open angrymouse opened 1 month ago

angrymouse commented 1 month ago

Hello! Is it possible to sign/verify buffer/uint8array? Strings are arguably not best representation of data, and when getting big, taking quite a some time for this library (and overall, any cryptographic algorithm) to verify. I used hash of data to convert it to smaller one, however I feel like stringifying hash in order for this library to process it is not optimal. Is there any issues with signing/verifying raw data?

ACken2 commented 1 month ago

Although it is not the intended usage, you can use a Buffer as a message. For example:

const { Signer, Verifier } = require('bip322-js');

const privateKey = 'L3VFeEujGtevx9w18HD1fhRbCH67Az2dpCymeRE1SoPK6XQtaN2k';
const address = 'bc1q9vza2e8x573nczrlzms0wvx3gsqjx7vavgkx0l'; // P2WPKH address
const message = Buffer.from('000102030405ff', 'hex'); // Some random Buffer
const signature = Signer.sign(privateKey, address, message);
const validity = Verifier.verifySignature(address, message, signature);
console.log(validity); // True

If you use TypeScript, you may need to typecast the message to any or skip type-checking for this to work. Technically speaking, the library already supports using a Buffer as a message.

angrymouse commented 1 month ago

Yeah, I've used it like this, just was wondering if there may occur any problems with this approach, will it make my app vulnerable in other words.

ACken2 commented 1 month ago

It shouldn't pose any security vulnerabilities since the message is parsed by the BIP322.hashMessage method on the line:

messageHasher.update(Buffer.from(message));

which should work with the message either as a string or as a buffer.

In the future, I might add official Buffer support to the library.