Closed fragosti closed 1 year ago
Would ASCII do? The Ledger's font doesn't support all of UTF8 and I'm fairly certain a UTF8 compliant transaction message could be constructed
If there are security reasons for just doing ASCII, sure, but our preference would be UTF8.
Yeah the inability of the ledger to actually display all UTF8 messages is pretty much a non-starter IMO
Is there any draft or standard about the signature? Does it use the similar algorithm as BIP-322 and ERC-191?
Star Atlas would like this fixed as well. The profile update page uses the message signing to allow clients to select avatar pics, and it works fine w Phantom and SolFlare, but Ledger users are not. I've been trying to trace the issue down and dealing with Ledger support the last few days. I've pinged their Discord admin and asked for a dev to pop in here for help figure out whether they can contribute utf support of if it'll have to be one of these 'allow blind signing' types of things.
Genopets would like this fixed as well - our summoning / hatching function requires a signature of the answers to the hatching questions. It works well on Phantom but Ledger users currently have to send the eggs over to a non-ledger address in order to hatch.
I spoke to @t-nelson via TG last week, he said that they actually don't need Ledger's assistance with this and that they (Solana) should be able to deliver a fix in 22Q1.
This works for Star Atlas team but obviously might need higher priority based on other projects' needs.
Portals would like this fixed as well! 🌀
Same thing for https://piratesdelsol.com
Planet owners at www.desolate.space are also begging for this :)
We need this for server side authentication of a user whose key is secured in a Ledger
I will bump this also from Grape (https://verify.grapes.network with over 250k verified wallets) - we use message signing to verify user wallets, currently Ledger is supported only with a transaction from/to the same wallet, drawback is that the user will end up paying the gas fees until support for message signing is rolled out with Ledger
And I bump because I can't sign in into https://game.playmysteria.com/ nor grape as above.
We at https://solparasites.com/ also make use of message signing for our verification system and have many users with Ledger wallets waiting for message signing support with Ledger.
Adding a vote to this feature from https://grimsyndicate.com
CyberConnect at https://sol.cyberconnect.me also want this to be fixed as well
Metavillage at https://metavillage.app/ also want this to be fixed as well
... would like to vote for this fix as well
This is Github, not a DAO. It's clear that this is desired, finding time to do the work is the remaining factor
Engineer behind Metavillage here. We'd also really appreciate this fix, as hundreds of our members use Ledger for security reasons.
Our use case: we ask users to sign a message with their wallets to authenticate with our web app. ASCII support should be enough but UTF8 is preferable.
any update on this?
... would like to vote for this fix as well
This is Github, not a DAO. It's clear that this is desired, finding time to do the work is the remaining factor
Trevor,
I see the Ledger program is written in C. Is the availability of C developers an issue here? I think at this point that we might be able to put a gitcoin bounty on this and move things forward.
What will it take to make this happen before April 1?
Solanalanders at liqnft.com would also love the fix!!
Pesky Penguins would love a fix for this as well 😁. We need this feature for creating JWT tokens that we can use to authenticate with our server.
Same for me
tfw the issue is brigaded by people who don't know the difference between a fix and a feature request
tfw the issue is brigaded by people who don't know the difference between a fix and a feature request
To be fair, it is a fix for a broken functionality. You could argue it is a feature request although the user experience needs to be considered.
What never existed cannot be broken
What never existed cannot be broken
It does exist, just not for ledger 😊
You can call it certainly as you want, it's a problem that needs to be addressed urgently if Solana doesn't want to fall behind!
Every day when another user lost his assets, more Ledgers will be out there and this is a serious problem for every Solana project. Many things are on hold because of that.
You can call it certainly as you want, it's a problem that needs to be addressed urgently if Solana doesn't want to fall behind!
Every day when another user lost his assets, more Ledgers will be out there and this is a serious problem for every Solana project. Many things are on hold because of that.
I don't see it that urgent, I know it is important but not crucial. Sign arbitrary messages current usage is mainly for NFTs and web3 apps. There are much more priorities on Solana development.
What we could do is collect a bounty between all the projects interested in this feature and leave the Solana developers handling core issues.
What we could do is collect a bounty between all the projects interested in this feature and leave the Solana developers handling core issues.
Yep, there seems to be enough brigaded here that there ought to be somebody from the community that is willing to do more than just direct other users to comment on this issue. Brigading will not be rewarded around here
FWIW I'm not generally interested in a community contribution to the Ledger App for this issue. There's some refactoring that should take place first and it will take longer to communicate the requirements to an unfamiliar contributor than to implement it myself.
I intend to prioritize this work before the end of Q1
What we could do is collect a bounty between all the projects interested in this feature and leave the Solana developers handling core issues.
Yep, there seems to be enough brigaded here that there ought to be somebody from the community that is willing to do more than just direct other users to comment on this issue. Brigading will not be rewarded around here
How are the replies here considered brigading? Comments are not THAT often and AFAIK they are all coming from project devs who are looking forward to use this in their apps. I don't see anyone directing their users to comment here.
Also, although I'm sure there must be other priorities for Solana core, NFTs and web3 apps are giving HUGE exposure to the whole Solana environment, so I don't see why there is a need to undermine them?
Thank you @t-nelson for trying to prioritize this
Thank you @t-nelson. The MLK Fam @ milktoast.world is looking forward to this issue being fixed! 🙏
I would also like to see this fixed. I'm a user; I purchased a Ledger Nano S directly from Ledger, and my primary use case for Ledger is the Solana app. The ability to securely sign a message via the Solana Ledger app has value. For example, several dApps on Solana implement this to authenticate users. Because Ledger does not support this, then I have to use alternative wallets. I would prefer to use my Ledger Nano S because of the additional security Ledger provides. FWIW, nobody brigaded me -- I was simply Google searching for a solution to this problem, and thought to add a user's perspective in the hope it is helpful.
+1, thank you for trying to prioritize this, @t-nelson! Little Atlas is also really looking forward to a fix 🙏🙏
Hopefully this will be added soon. SolanaFloor and many other platform users have been requesting this for months.
Hello, it is really needed for www.monkeyleague.io right now. There is a sign-in necessary to claim gifts and many users dont feel safe without ledger in this space. Please find a workaround for this. would be much appreciated.
Same for me. i do not want to put my stuff into an unsave browserwallet. so please add this as soon as possible!
Hi everybody, I know it won't solve it for everyone but as a simple workaround, I basically let the user authorize a mini transaction from his wallet to his wallet! This costs him some micro cents but works fine in my project. Of course, it's not a solution for people who have to sign in nonstop but it works well for some situations where you just want to verify something or authorize something special for this moment. At least in my case, no users have any issue with this workaround.
Having said that, YES this feature is really needed and at least some type of news/update would help to either build on better workarounds or wait until we get this feature. Thank you everyone!
highly recommend against training users to sign transactions for this use-case. you're grooming them to be socially engineered
Please add this functionality , games need it .
monkeyleague.io is in urgent need of this feature, please add it! appreciate your work.
highly recommend against training users to sign transactions for this use-case. you're grooming them to be socially engineered
As I said, it's a temp solution for those of us who can't wait any longer! Plus, it is a matter of making clear to the user what is happening. They are free to use or not to use it. However, if you have a project with hundreds or thousands of users who cant participate otherwise, I still prefer to give them a choice.
Would also like to see this fixed as I can't use Ledger with Monkeyleague.io
highly recommend against training users to sign transactions for this use-case. you're grooming them to be socially engineered
I agree with this. The crypto ecosystem is full of scams, frauds, and bad actors. I appreciate products -- such as Ledger -- that can deliver a good experience in this context. Hopefully folks with @t-nelson's mindset will make crypto safer for people who are trying to do good work or perform legitimate transactions.
would love to have a fix for sites like: https://app.monkeyleague.io/store
For all the people requesting this for monkeyleague, ask your developers to seek for an alternative to this, take a look at implementations from other projects like pesky penguins, yawww, matrica, grape, etc.
To sign arbitrary data with a ledger is not a priority for Solana core rn.
It's absolutely nuts that this wouldn't be a priority.
o sign arbitrary data with a ledger is not a priority for Solana co
Ridiculous! Not much more I can say about this comment.
Problem
At Phantom, we've implemented a
signMessage
feature that allows an application to request signing an arbitrary message. This feature is being used by Audius on Solana to authenticate users, and is popular on Ethereum for applications like OpenSea that also rely on it to authenticate their users.A long-standing issue with this feature is that the Solana Ledger app (https://github.com/LedgerHQ/app-solana) does not support signing arbitrary messages, and so this feature does not work for Ledger users.
Proposed Solution
Add support for signing arbitrary data (or just utf8 strings) to the Solana Ledger app. @t-nelson mentioned that support would need to be added to
solana-remote-wallet
and the CLI as well.