Signature verification

We are using infrastructure for CryptoTask where our backend is paying gas fees and broadcasting transactions on behalf of users, and then the smart contract checks that the message originated from the user by using: Crypto.verify_sig

So an example smart contract:
contract Identity =
public entrypoint verifySig(myString1 : string, int1 : int, myString2 : string, pubkey: address, sig: signature) = Crypto.verify_sig(String.blake2b(String.concat(myString1, String.concat(Int.to_str(int1), myString2))), pubkey, sig)

In javascript we have something like:
const int1 = 24553;
const myString1 = ‘hello There’;
const myString2 = ‘hi fatty!’;
const args = myString1 + int1.toString() + myString2;
console.log(args);
const myMsg2 = Crypto.hash(args)
const mySig2 = Crypto.sign(myMsg2, keypair.secretKey)
console.log(msg2 hash: ${Buffer.from(myMsg2).toString('hex')})
console.log(msg2 sig: ${Buffer.from(mySig2).toString('hex')})

and call the contract by:

const contractSource = fs.readFileSync(’/home/slash/Desktop/vs2.aes’, ‘utf-8’);
ae.getContractInstance(contractSource, {contractAddress : ‘ct_vj8R74Cd4iGe8fM7z2K4ZCwHCycnJWhEVYLYhtyW7DiEtZWBq’}).then(contract => {
contract.methods.verifySig(myString1, int1, myString2, publicKey, Buffer.from(mySig2).toString(‘hex’)).then(res => {console.log(res)})
})

Ok, so that all works :smiley:
The question is, is using this stringify-and-concat-all-the-arguments-and-hash-them the best approach? For example if toString in javascript will match to_str in Sophia for all the data types now and in the future?

1 Like