How does one create a signed signature?

[adshodgson]

Hi there, loving Pera Wallet so far... In terms of verification of ownership, how do I create a signed signature?

In our dApp we like to let users bind their wallets to their account, in this instance they login to our website - and would use Pera Wallet to bind their wallet to their account,

How can I verify with a signature? From the documentation it seems the only way to do that currently is with a transaction of some description

[adshodgson]

Incase anyone is struggling with this, it looks like currently there's no way to currently sign a signature via PeraWallet, However I can sign a signedTransaction with a transaction amount of 0 (Without actually making any transaction), use that Buffer to then verify against ed25519

`
import * as ed from '@noble/ed25519';

const decodeToken = new Uint8Array(Buffer.from(tx, "base64")); const decodedTx = algosdk.decodeSignedTransaction(decodeToken); const toCheck = decodedTx.txn; const signature = decodedTx.sig; const verified = await ed.verify(signature, toCheck.bytesToSign(), toCheck.from.publicKey); `

Hope this helps some weary traveller in the future....

[bofeng]

I am wondering if every time you ask user to sign 0 amount of algo, will this cause replay attack? every time user can use the same signature to send it back to your server and since you don't have the timestamp info, you don't know if this is a stale "signed" action before. Maybe instead of using 0 amount of algo, I guess you could use a random tiny amount of ago or put a timestamp in the note every time?