solana-web3.js icon indicating copy to clipboard operation
solana-web3.js copied to clipboard

Published 20 hours ago verified publisher icon solana-labs

Create `@solana/offchain-message` for signing and verifying offchain messages

Open steveluscher opened this issue 7 months ago • 0 comments

Motivation

There's a protocol for signing non-transaction messages. Let's create @solana/offchain-message helpers to sign and verify messages with modern CryptoKeys.

Example use case

// This prepends the header and signs the message, returning a signature.
async function getOffchainMessageSignature(privateKeys: CryptoKey[], message: Uint8Array): Promise<Uint8Array[]>;

// This verifies the signature given a public key and a message.
async function verifyOffchainMessageSignature(message: Uint8Array, signature: Uint8Array, publicKeys: CryptoKey[]): Promise<boolean>;

Details

We can argue in the PR whether publicKey should be a CryptoKey or an Address, whether the return type of getOffchainMessageSignature() should be Uint8Array or Signature, but preferably not that message should be a string. Each decision that gets us further from JS primitives trades ergonomics for added dependencies.

The use case above is also missing details about configuring the message version, the application domain. Also, the decision needs to be made whether to auto-determine the message format or allow the user to explicitly choose a format then validate that the message conforms to the choice. Lots to chew on here.

Related Rust CLI PR: https://github.com/solana-labs/solana/pull/27456

steveluscher avatar Dec 05 '23 20:12 steveluscher