Review: TZIP "Off-Chain Message Signing"

[jdsika]

Hello team,

in our efforts to introduce a CAIPs standard compliant Sign-in With Tezos message format and signing process we have created TZIP-31/32 to introduce a standardized way of signing messages which are not meant to be used as on-chain transactions. A merge request for TZIP-33 for SIWT is here.

We have created the library "Sign In With Tezos (SIWT)" alongside the specification above as a reference implementation. This library uses beacon and taquito and should provide maximum convenience for developers to:

* proving the users ownership of the private key to the address the user signs in with,
* adding permissions to use your API or backend using on chain data.

We would like to get your input on the current TZIP-31/32 proposal and encourage an implementation into your product to make this a real standard. The overall proposal was created in a close cooperation with the Kukai team. It would provide a standardized way of creating a signing message (and more applications) which are currently documented as followed: https://tezostaquito.io/docs/signing/#generating-a-signature-with-beacon-sdk

Please feel free to contact me on Slack as well if you would like to get in conversation!

Thank you very much!

Best regards Carlo (jdsika)

[hui-an-yang]

Hello @jdsika

I've made pr2879 with tzip-32 documentation and the preview build is here Would be great to know your thoughts on this

[jdsika]

Cool! What are your thoughts after implementing it? I designed it in the vast space of my brain so I expected critical feedback from your side? :))

[jdsika]

What I gather from your implementation is that you would wish to define the MagicByte separate from the MagicString whereas the tzip includes the MagicByte "0x80" as the prefix of the MagicString?