Closed salessandri closed 4 years ago
Albedo signs not the message itself, but the SHA-256 hash of it. Here is a JS code example for the verification:
const {Keypair } = require("stellar-sdk"),
shajs = require("sha.js") //this package comes with StellarSDK (as dependency) so you don't need to install it
const pubkey = 'GDWPMRQSLXNEHCXC7RTISZAHULB7FDDIOPR6CF5B5IUWOQXN2CUWN4LO',
rawSignature = '049a26b40c1a30be1cef3ef7a64af8ae305e7567ee2cac57e5a494e0036860b81dc417c005e4f4dff6ad6bc52f56f0e61e9d084c2718638bc4f78130fc14d20e',
signedMessage = 'GDWPMRQSLXNEHCXC7RTISZAHULB7FDDIOPR6CF5B5IUWOQXN2CUWN4LO:DGmk7s8gkhXMqRNsiCBanwL76Kt+5+WUzAOlWoh0nDs='
//load a keypair
const kp = Keypair.fromPublicKey(pubkey)
//get the hash of the message to sign
const message = shajs('sha256').update(signedMessage).digest()
//convert hex-encoded signature to byte array
const signature = Buffer.from(rawSignature, 'hex')
//verify the signature
const isValid = kp.verify(message, signature)
console.log(isValid)
Sorry that we didn't describe the process of signing and verification in details. We'll definitely add this to the documentation.
That makes a lot more sense :-) Just validated it in my Rust application!
I'm having the following issue. I'm trying to use the
publicKey
intent.I'm getting the following output:
I'm trying to verify the signature but it always fails. I'm doing it in Rust, but even in node.js it is failing:
I might be doing something wrong, but couldn't figure out what it is.