Add support to validate signatures from aleph-client

aleph-im / aleph-client

Lightweight Python Client library for the Aleph.im network

MIT License

11 stars 12 forks source link

Add support to validate signatures from aleph-client #95

Open hoh opened 1 year ago

hoh commented 1 year ago

Aleph-client supports signing messages, but not verifying signatures without the private key.

As a user, I would like to be able to validate the signature of an Aleph message.

See PyAleph: https://github.com/aleph-im/pyaleph/blob/master/src/aleph/chains/ethereum.py#L38

MHHukiewitz commented 1 year ago

What would be the recommended approach for this?

Import aleph from pyaleph
Extract a new module from /chains, create a repo called "aleph-chains" (or similar), and import it into both pyaleph and aleph-client

odesenfans commented 1 year ago

If this is truly needed in aleph-client, I believe it would make sense to move the validators from pyaleph to aleph-message and then use these in aleph-client and pyaleph.

What's the use case though?

MHHukiewitz commented 1 year ago

I want to build an API that uses a simple authentication scheme based on signing the request payload. The user is not directly communicating with the Aleph API, as the intermediary API performs additional checks and sends a different signed message on the user's behalf.

odesenfans commented 1 year ago

Ah so you want to verify all types of signatures, not Aleph messages specifically. Maybe there's value in providing that as another library then and then put the message-specific validation in aleph-message.