Open kiruthikraaj opened 2 years ago
kitty-kad
commented
1 year ago I'm wondering if it's needed in Pact, specifically since it's possible to have multiple signing keysets on a transaction. Then its possible to use key-sets / guards to verify if a guard passes for a specific account.
I might also be mis-understanding the use-case :) Would be interesting to get an example of a dapp that would use this
kiruthikraaj
commented
1 year ago I don't want the authorised keyset to sign the transaction but to sign a message. I am aware of using multiple keyset in a transaction and I have used it.
This way for an example, an admin can sign a message, send it to user and user submits the txn. Note that the admin is signing an arbitrary message and not the txn.
Problem
To be able to verify cryptographic signatures generated by signing arbitrary data with the associated public key on-chain / contracts.
Current Approach
We can create a signature for a message with a key-pair and verify it off-chain using the function
Pact.crypto.signprovided inpact-lang-apiJs library.But there is no way to verify this signature on-chain / in contract.
Proposal
To add ECDSA crytopgraphic method to verify a signed message as a built in function.
verify-sigthat takes public key and a signature as parameters and returns a boolean value representing whether the public key is the one used to generate the given signature.Current Alternatives
There are no current alternatives to my knowledge. Also suggest if there is any other way to achieve the same.
References