search

solana-labs / solana-web3.js

Solana JavaScript SDK
https://solana-labs.github.io/solana-web3.js
MIT License
2.19k stars 868 forks source link

Create `@solana/offchain-message` for signing and verifying offchain messages #1941

Open steveluscher opened 11 months ago

steveluscher commented 11 months ago

Motivation

There's a protocol for signing non-transaction messages. Let's create @solana/offchain-message helpers to sign and verify messages with modern CryptoKeys.

Example use case

// This prepends the header and signs the message, returning a signature.
async function getOffchainMessageSignature(privateKeys: CryptoKey[], message: Uint8Array): Promise<Uint8Array[]>;

// This verifies the signature given a public key and a message.
async function verifyOffchainMessageSignature(message: Uint8Array, signature: Uint8Array, publicKeys: CryptoKey[]): Promise<boolean>;

Details

We can argue in the PR whether publicKey should be a CryptoKey or an Address, whether the return type of getOffchainMessageSignature() should be Uint8Array or Signature, but preferably not that message should be a string. Each decision that gets us further from JS primitives trades ergonomics for added dependencies.

The use case above is also missing details about configuring the message version, the application domain. Also, the decision needs to be made whether to auto-determine the message format or allow the user to explicitly choose a format then validate that the message conforms to the choice. Lots to chew on here.

Related Rust CLI PR: https://github.com/solana-labs/solana/pull/27456

sebscholl commented 2 months ago

Is this moving forward and getting implemented?