search

aptos-labs / petra-plugin-wallet-adapter

Apache License 2.0
5 stars 3 forks source link

When I use the Petra mobile wallet, the signature message verification fails #11

Closed EvanYan1024 closed 1 year ago

EvanYan1024 commented 1 year ago

https://aptos-labs.github.io/aptos-wallet-adapter/ I use this address to connect to the Petra mobile APP, then sign the message, and then use the method of verifying the signature on the official website to verify, but it fails. First, an error is reported as bad signature size. I noticed that the signature of the mobile APP has 130 characters, and there is an extra' in front of it. 0x', then I remove the '0x', then the validation returns false

import nacl from 'tweetnacl';

const publicKey = '0xf3b65113e6fef3403ca8652c5b5461a926603175d6d7edebb01f6eca83ed35c4'

const fullMessage = "APTOS\naddress: 0x578f679b0547555b0a37637944e14c813ec11ad04a225e81add82ab34cbd6cd7\napplication: https://aptos-labs.github.io\nmessage: Hello from Aptos Wallet Adapter\nnonce: 0.3d33d28489275"

const signature = "0xf7bbb8b38a864155b23e406c9faea1456425c928eb280ced8c071f0ce5b0afb57a889c290fa03da0ea76f37f290fa0584427c98ca8417033e8080100fc8dcf02"

try {
    // const response = await window.aptos.signMessage({
    //     message,
    //     nonce,
    // });
    // const { publicKey } = await window.aptos.account();
    // Remove the 0x prefix
    const key = publicKey.slice(2, 66);
    const verified = nacl.sign.detached.verify(
        Buffer.from(fullMessage),
        Buffer.from(signature, 'hex'),
        Buffer.from(key, 'hex'),
    );
    console.log(verified);
} catch (error) {
    console.error(error);
}
EvanYan1024 commented 1 year ago 
const data = {
    "address":
        "0x578f679b0547555b0a37637944e14c813ec11ad04a225e81add82ab34cbd6cd7",
    "application": "https://aptos-labs.github.io",
    "chainId": 2,
    "message": "Hello from Aptos Wallet Adapter",
    "nonce": "0.74df1280af10e",
    "fullMessage": "APTOS\naddress: 0x578f679b0547555b0a37637944e14c813ec11ad04a225e81add82ab34cbd6cd7\napplication: https://aptos-labs.github.io\nmessage: Hello from Aptos Wallet Adapter\nnonce: 0.74df1280af10e",
    "prefix": "APTOS",
    "signature": "0xf7bbb8b38a864155b23e406c9faea1456425c928eb280ced8c071f0ce5b0afb57a889c290fa03da0ea76f37f290fa0584427c98ca8417033e8080100fc8dcf02"
}

use data.message instead data.fullMessage can pass the verify, but the mobile wallet sign action is different from chrome wallet.