web3-cardano-token icon indicating copy to clipboard operation
web3-cardano-token copied to clipboard

Published 20 hours ago verified publisher icon pyropy

Do we verify the Signature?

Open gavinharris-dev opened this issue 3 years ago • 5 comments
trafficstars

Does the code currently verify the authenticity of the signed message in any way? I can see that we are ensuring that the token is correctly formed but are we checking if the signature provided is a signature for this token?

gavinharris-dev avatar Nov 30 '21 11:11 gavinharris-dev

No there is no code for signature checking currently in place.

pyropy avatar Dec 01 '21 07:12 pyropy

Okay cool; I will investigate as this would be important to try preventing spoofing of a token

gavinharris-dev avatar Dec 01 '21 07:12 gavinharris-dev

Thanks for this update, i implemented it and it works fine until I changed the implementation of the cardano api call to the new one, check #5 .

pierre-andre-long avatar Feb 07 '22 13:02 pierre-andre-long

Yeah I need to rework the way that I am integrating with the Wallet; CIP-30 changed this process to be more generic.

gavinharris-dev avatar Feb 07 '22 23:02 gavinharris-dev

I've updated my fork to handle the updated 'signData' api response. It was a little different to just returning a 'string' output.

gavinharris-dev avatar Mar 07 '22 04:03 gavinharris-dev