Closed AnderUstarroz closed 2 years ago
^^ Interested in this too PyNacl and Tweetnacl seem to be incompatible
PyNaCl uses libsodium
and passes all tests. I've never used tweetnacl but I would expect it, too, is well tested so it's likely that there's a bug in the way people are calling one or both. As a quick test I went to https://tweetnacl.js.org/#/sign and generated a random secret key (N4BHr448pwlfZF26vOg8BNJWuQHt1RZD+NRIk3Yt5HwFTUE6y9EKtMmyHr4jUEc6fWPW0d8bpFRvbQbyQ2EtuQ==
), put a message testing
, and got the signature 0qUSNxiDKrDGiwhph4fSdPblWEhTvawSKsvqCK4tDJJ8ESPw5oOrQ3h06IsYtYauokPCTM8k4/bllslUiCzmCg==
. I then verified it on the pynacl side with
from nacl.signing import VerifyKey
VerifyKey(base64.b64decode(b"BU1BOsvRCrTJsh6+I1BHOn1j1tHfG6RUb20G8kNhLbk=")).verify(smessage=b"testing", signature=base64.b64decode("0qUSNxiDKrDGiwhph4fSdPblWEhTvawSKsvqCK4tDJJ8ESPw5oOrQ3h06IsYtYauokPCTM8k4/bllslUiCzmCg=="))
Which worked without issue. Note that you need to decode the base64 as PyNaCl expects bytes, not encoded data. I suspect the failures here are related to encoding of the signature.
Describe the bug Javascript Signed messages cannot be verified using pynacl (Python)
To Reproduce Sign a message using Solana's wallet adapter example:
Try to verify the signed message using PyNaCl and Solana-py:
But verification returns:
nacl.exceptions.BadSignatureError: Signature was forged or corrupt.
Expected behavior The verification should be successful, same way as when using
sign.detached.verify()
in JS.Actual behavior The verification throws:
nacl.exceptions.BadSignatureError: Signature was forged or corrupt.
Maybe it has something to do with the encoding? In JS the bytes have the following types:
And in python: