tarcieri
commented
1 year ago That's far from a minimal repro. It would be good if you could remove superfluous things like a web browser.
If you can, please provide the private key which generated the failing signature, the message to be signed, and the signature that was generated by the other library.
Ed25519 is deterministic, so that should allow us to check if the signature is being generated incorrectly by the other library.
I don't know where the issue actually sits, which library or more likely my code, but a signature generated in another library (noble_edwards25519) does not pass verification using ed25519-dalek.
I wrote a short sample that generates keys in the browser using the other library(noble_ed25519), signs a string and then sends all of that to the backend using headers. In Rust it decodes the headers and attempts to verify the signature, but fails.
https://github.com/jcdc404/edwards_test