[Solved] Signature verification

We are using infrastructure for CryptoTask where our backend is paying gas fees and broadcasting transactions on behalf of users, and then the smart contract checks that the message originated from the user by using: Crypto.verify_sig

So an example smart contract:
contract Identity =
public entrypoint verifySig(myString1 : string, int1 : int, myString2 : string, pubkey: address, sig: signature) = Crypto.verify_sig(String.blake2b(String.concat(myString1, String.concat(Int.to_str(int1), myString2))), pubkey, sig)

In javascript we have something like:
const int1 = 24553;
const myString1 = ‘hello There’;
const myString2 = ‘hi fatty!’;
const args = myString1 + int1.toString() + myString2;
const myMsg2 = Crypto.hash(args)
const mySig2 = Crypto.sign(myMsg2, keypair.secretKey)
console.log(msg2 hash: ${Buffer.from(myMsg2).toString('hex')})
console.log(msg2 sig: ${Buffer.from(mySig2).toString('hex')})

and call the contract by:

const contractSource = fs.readFileSync(’/home/slash/Desktop/vs2.aes’, ‘utf-8’);
ae.getContractInstance(contractSource, {contractAddress : ‘ct_vj8R74Cd4iGe8fM7z2K4ZCwHCycnJWhEVYLYhtyW7DiEtZWBq’}).then(contract => {
contract.methods.verifySig(myString1, int1, myString2, publicKey, Buffer.from(mySig2).toString(‘hex’)).then(res => {console.log(res)})

Ok, so that all works :smiley:
The question is, is using this stringify-and-concat-all-the-arguments-and-hash-them the best approach? For example if toString in javascript will match to_str in Sophia for all the data types now and in the future?


Hey @CryptoTask,
I am not sure about compatibility of toString and to_str, so i can propose you to prepare a hash of message using SDK and then send only the hash to Sophia verify
Exm: https://github.com/aeternity/aepp-sdk-js/blob/develop/test/integration/contract.js#L286

1 Like

thanks for ur help! ^^

1 Like

Hey @CryptoTask please let us know if your issue is resolved.

yes, it is resolved :slight_smile: