search

multiversx / mx-sdk-dapp

A library that holds the core functional logic of a dapp on the MultiversX
66 stars 63 forks source link

mx-sdk-dapp still using older version of sdk-wallet ("@multiversx/sdk-wallet": "2.1.3") #732

Closed newbreedofgeek closed 1 year ago

newbreedofgeek commented 1 year ago

Noticed that mx-sdk-dapp is still using older SDK Wallet: https://github.com/multiversx/mx-sdk-dapp/blob/main/package.json#L151

This is causing us some issues in our front end when we sign some data and send it to backend (which uses latest SDK Wallet) to verify.

Raised this in MX dev chat on Telegram...

- [Front end] We were using "signMessage({ message })" offered by "@multiversx/sdk-dapp": "2.10.17" + "@multiversx/sdk-core": "^11.6.0" on the front-end to collect a signature from a user
- [Back End] We were then verifying this signature on the backend using: "UserVerifier.fromAddress(accessRequester).verify(...SignableMessage)". [UserVerifier] from "@multiversx/sdk-wallet": "^2.1.3"

The above worked fine. BUT THEN...

We upgraded [Back End] to "@multiversx/sdk-core": "^12.1.1" + "@multiversx/sdk-wallet": "^4.0.0"

- [Back End] we changed the verification to be: "accessRequesterVerifier.verify(Buffer.from(message), Buffer.from(sig))". 

But we now get an error from some core library that "Error: Expected Signature to be 64 bytes". I can see that the signature from the [Front end]'s signMessage is 128 bytes.

Tnx!

newbreedofgeek commented 1 year ago

As an update.

I tried Buffer.from(sig, 'hex') which converted it 64 bytes but the signature verification still failed.

i.e. accessRequesterVerifier.verify(Buffer.from(message), Buffer.from(sig, 'hex'));

andreibancioiu commented 1 year ago

Hello @newbreedofgeek,

Furthermore, in the backend, the original message has to be serialized accordingly before being passed to the verifier.

For example,

message = new SignableMessage({ message: Buffer.from("hello") });
serializedMessage = message.serializeForSigning();
messageSignature = Buffer.from("561b...5d0f", "hex");

console.log(verifier.verify(serializedMessage, messageSignature));

Snippet extracted from: https://docs.multiversx.com/sdk-and-tools/sdk-js/sdk-js-cookbook/#verifying-signatures

Does this work on your side?

An update of the sdk-dapp will not automatically solve this - the change has to be applied on the backends using the new sdk-wallet. The migration notes do not include an explicit example for message verification, I am adding / linking one right now, thanks :pray:

newbreedofgeek commented 1 year ago

Hi @andreibancioiu

Tnx for the super quick response.

It worked! 🙏