Add support to validate signatures from aleph-client

Question

Add support to validate signatures from aleph-client

hoh opened this issue 2 years ago · comments

Hugo Herter commented 2 years ago

Aleph-client supports signing messages, but not verifying signatures without the private key.

As a user, I would like to be able to validate the signature of an Aleph message.

See PyAleph: https://github.com/aleph-im/pyaleph/blob/master/src/aleph/chains/ethereum.py#L38

Mike Hukiewitz · Answer 1 · Tue Jan 03 2023 21:41:57 GMT+0800 (China Standard Time)

What would be the recommended approach for this?

Import aleph from pyaleph
Extract a new module from /chains, create a repo called "aleph-chains" (or similar), and import it into both pyaleph and aleph-client

Olivier Desenfans · Answer 2 · Tue Jan 03 2023 22:58:20 GMT+0800 (China Standard Time)

If this is truly needed in aleph-client, I believe it would make sense to move the validators from pyaleph to aleph-message and then use these in aleph-client and pyaleph.

What's the use case though?

Mike Hukiewitz · Answer 3 · Tue Jan 03 2023 23:02:26 GMT+0800 (China Standard Time)

I want to build an API that uses a simple authentication scheme based on signing the request payload. The user is not directly communicating with the Aleph API, as the intermediary API performs additional checks and sends a different signed message on the user's behalf.

Olivier Desenfans · Answer 4 · Tue Jan 03 2023 23:09:14 GMT+0800 (China Standard Time)

Ah so you want to verify all types of signatures, not Aleph messages specifically. Maybe there's value in providing that as another library then and then put the message-specific validation in aleph-message.