(question) Verification of buffers.

[angrymouse]

Hello! Is it possible to sign/verify buffer/uint8array?
Strings are arguably not best representation of data, and when getting big, taking quite a some time for this library (and overall, any cryptographic algorithm) to verify.
I used hash of data to convert it to smaller one, however I feel like stringifying hash in order for this library to process it is not optimal.
Is there any issues with signing/verifying raw data?

[ACken2]

Although it is not the intended usage, you can use a Buffer as a message. For example:

const { Signer, Verifier } = require('bip322-js');

const privateKey = 'L3VFeEujGtevx9w18HD1fhRbCH67Az2dpCymeRE1SoPK6XQtaN2k';
const address = 'bc1q9vza2e8x573nczrlzms0wvx3gsqjx7vavgkx0l'; // P2WPKH address
const message = Buffer.from('000102030405ff', 'hex'); // Some random Buffer
const signature = Signer.sign(privateKey, address, message);
const validity = Verifier.verifySignature(address, message, signature);
console.log(validity); // True

If you use TypeScript, you may need to typecast the message to any or skip type-checking for this to work. Technically speaking, the library already supports using a Buffer as a message.

[angrymouse]

Yeah, I've used it like this, just was wondering if there may occur any problems with this approach, will it make my app vulnerable in other words.

[ACken2]

It shouldn't pose any security vulnerabilities since the message is parsed by the BIP322.hashMessage method on the line:

messageHasher.update(Buffer.from(message));

which should work with the message either as a string or as a buffer.

In the future, I might add official Buffer support to the library.