A method that returns the message being signed

bitcoinjs / bitcoinjs-message

MIT License

128 stars 79 forks source link

A method that returns the message being signed #44

Closed tian000 closed 1 year ago

tian000 commented 1 year ago

Expose a public method that returns the message being signed - so that users can verify the signature.

This method would look like

createPrefixedMessage(message, messagePrefix) {
  messagePrefix = messagePrefix || '\u0018Bitcoin Signed Message:\n'
  if (!Buffer.isBuffer(messagePrefix)) {
    messagePrefix = Buffer.from(messagePrefix, 'utf8')
  }
  if (!Buffer.isBuffer(message)) {
    message = Buffer.from(message, 'utf8')
  }
  const messageVISize = varuint.encodingLength(message.length)
  const buffer = Buffer.allocUnsafe(
    messagePrefix.length + messageVISize + message.length
  )
  messagePrefix.copy(buffer, 0)
  varuint.encode(message.length, buffer, messagePrefix.length)
  message.copy(buffer, messagePrefix.length + messageVISize)
  return message;
}

junderw commented 1 year ago

The message format is an implementation detail and not standardized, so it is inappropriate to expose it from the public interface.

tian000 commented 1 year ago

How can I verify the message using my own cryptography libraries if I don't have access to the raw message that this library is signing?

junderw commented 1 year ago

In general, you have two options that you could choose from, one being focused on your individual app, and the other is focused on the public API of this library:

Fork the library to expose the internals for your individual use case. (Probably easiest for you, since it doesn't involve consideration for the public API exposed to 40k weekly downloads.)
Make the crypto parts modular. (ie. the library returns a class that needs to be constructed with a crypto library with a specific interface that is used within the code) (This is probably harder, will require a lot of review, and will require a major version increment before publishing)

junderw commented 1 year ago

I would recommend the first option... since Bitcoin Core has removed the signing and verifying functions that this library is based on... so we should really deprecate this library and halt its maintenance.

See #39

tian000 commented 1 year ago

Got it! Thank you for the insights - I made a fork for my use-case here: https://github.com/bitcoinjs/bitcoinjs-message/compare/master...phantom:bitcoinjs-message:master