No means of signature verification without the signer providing their device address

netgum / archanova

Archanova monorepo

https://archanova.io/

19 stars 11 forks source link

No means of signature verification without the signer providing their device address #73

Closed RyRy79261 closed 4 years ago

RyRy79261 commented 4 years ago

Description

While the SDK allows the signing & verifying of a signed message, the issue is that the address that does the signing is different to the address that interacts with the chain.

This means that in order to validate that a signature came from an admin for example, the account verifying the signature needs to know if the resulting signer is a device of the account which provided the signature.

There is no means of looking up an external accounts devices.

RyRy79261 commented 4 years ago

@jamesyoung @stanislaw-glogowski

RyRy79261 commented 4 years ago

This is the flow I'm seeking: Verify Signature -> Signer -> Get target Account devices -> check is signer is a device of the target account

stanislaw-glogowski commented 4 years ago

@RyRy79261 I added sdk.recoverAccountDeviceFromPersonalMessageSignature in lates version of sdk: https://playground.archanova.run/#recover_account_device_from_personal_message_signature

The flow should works that way:

account A device signs message
account A sends signature to account B
account B recovers account A device and verifies device properties (state, type etc.)

RyRy79261 commented 4 years ago

Epic, Thanks @stanislaw-glogowski !