Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
False negative verifying a message signed with polkadot{.js}
See original GitHub issueThe message is signed client-side with polkadot{.js} using the default cryptography, and the signature is successfully verified with polkadot{.js}. However, when I try to verify the message server-side with py-substrate-interface, verification results with False.
The JS code used client-side to sign and verify the message:
const address = account.address;
const message = 'Of course I own this wallet!';
let signature;
try {
({signature} = await signRaw({
address: address,
data: util.stringToHex(message),
type: 'bytes',
}));
}
catch {
return;
}
const publicKey = utilCrypto.decodeAddress(account.address);
const hexPublicKey = util.u8aToHex(publicKey);
const isValid = utilCrypto.signatureVerify(
message,
signature,
hexPublicKey,
).isValid;
console.log('Is signature valid?', isValid); // true
Then, address, message and signature are POST-ed over to the server, where this code tries to verify the message:
import substrateinterface as sub
keypair = sub.Keypair(address, ss58_format=42)
print(keypair.verify(message, signature)) # False
Issue Analytics
- State:
- Created 2 years ago
- Comments:11 (5 by maintainers)
Top Results From Across the Web
False negative to verify signatures for sr25519 accounts #1126
Now delete and type bla again --> the signature is now totally different. I would expect to have the same signature for the...
Read more >Sign & Verify - polkadot{.js}
The same signing and verification structure can be used on any kind of message. Here we will take you through the steps of...
Read more >JSDoc: Global
Returns a list of all RDF statements proven by the presentation. DOES NOT VERIFY THE PRESENTATION. Verification must be performed for the results...
Read more >Product data specification - Google Merchant Center Help
Use this specification to format your product information for Merchant Center programs, such as Shopping ads, free product listings, and Buy on Google....
Read more >Wrc - River Thames Conditions - Environment Agency - GOV.UK
Digdin carrosel, Electro optica, Eye of the tiger sign, Resolute desk history, ... Nice player toolbar for windows 7, Insti hiv test false...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
The wrapping the extension applies is exposed here - https://github.com/polkadot-js/common/blob/master/packages/util/src/u8a/wrap.ts#L42
(In the JS libs the verification then first tries the data as-is and then the wrapped version before failing the signature)
TL;DR The extension signs
<Bytes>...all data in here...</Bytes>(assuming it (a) is not already wrapped with<Bytes>or (b) it is not an Ethereum-style wrapped message, aka Frontier-like chains)Yeah, we also need this update. Would be so thankful to get it!
When do u think you can finish it? 🙏