Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Sign and Verify messages

See original GitHub issue

Description of the Feature or Idea

Add the ability for websites to request the visitor’s LN node to sign or verify a message according to the WebLN provider spec https://github.com/wbobeirne/webln#provider-spec.

  /* Prompts the user to sign a message with their private key */
  signMessage(message: string): Promise<SignMessageResponse>;

  /* Shows the user a view that verifies a signed message */
  verifyMessage(signedMessage: string, rawMessage: string): Promise<void>;

Limitations

LND requires nodes be routable between each other in order to verify a message. In other words, given the lightning networks A -> B -> C & D <- E. If A signs a message, then B and C are able to verify that message but D and E are not.

The lncli verifymessage command returns valid: false in these two cases:

the message and signature do not match
the signing node is not reachable from the verifying node on the network

Joule will not be able to inform the website if the failure is one or the other.

Use Cases

Sign The obvious use case is for authentication. The website can give the user a message to sign using Joule then take the signature and verify it on the backend to confirm the identity of the user’s node.

Verify ??? 🤔

I’ve started implementing this functionality. I’m creating this PR to open the floor for suggestions or ideas for improvements

Issue Analytics

State:
Created 5 years ago
Reactions:1
Comments:7 (3 by maintainers)

Top GitHub Comments

1reaction

dmidnightcommented, Aug 30, 2019

As noted in https://github.com/BlueWallet/BlueWallet/issues/578, for the authentication use-case, it would be ideal to use a purely JS implementation of verifyMessage.

There is an implementation available at https://github.com/nerddan/ln-crypto for reference.

1reaction

jamaljsrcommented, Jan 21, 2019

I’ve implemented both prompts already. I’m not 100% satisfied with the UI for verify. I’ll create a PR tomorrow with what i have so far to get your feedback.

Top Results From Across the Web

How to Sign & Verify Messages on Ethereum

Go to the message verifying page on MyCrypto. Enter the signed message that you want to check, and click "Verify Message." verifying message....

Sign and verify messages with Ethereum - Shawn Tabrizi

Sign and verify messages with Ethereum. Hash message with SHA3. Sign a message using your Ethereum account. You will need MetaMask to sign...

Ethereum Signed Message Verification Tool

Verifying a message means verifying whether a message is really written (signed) by an address. For example, imagine that you're looking to ...

Sign & Verify messages Trezor Suite

Verifying messages. To Verify a message, select the account you wish to verify with in Trezor Suite and click the three dots and...

View, Sign & Verify Message Signatures - Etherscan

ID Age Address Message #13038 2022‑12‑26 18:36:47 6 hrs 49 mins ago 0x7184a38ce27bffc75c7eb87d8ce847c3f... #13037 2022‑12‑26 18:17:58 7 hrs 8 mins ago 0x822be99aaf0e6a8f88e5433a88b0a091... #13036 2022‑12‑26 16:58:45 8...