Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signature verification returns false even if it should return true #12

Open
matteocoppola opened this issue Jul 12, 2024 · 2 comments
Open

Signature verification returns false even if it should return true #12

matteocoppola opened this issue Jul 12, 2024 · 2 comments

Comments

@matteocoppola
Copy link

Greetings,
one of our users is signing with his Ordinal Key (using Xverse wallet) the JSON.stringify() result of this following message:

{
    "runeId": "840000:3",
    "orderType": 0,
    "orderPosition": "buy",
    "orderAmount": 1332,
    "orderPrice": 7.51,
    "ownerBtckey": "020bb343eb11c05861b5d5607391a71b14fc941b6e50c52070fbb7c0665e7a48e2",
    "ownerOrdKey": "56f4b67b0ade2e9ba69244db27dd980e58c4445ffb29c60dac4a2c7bc08688ac",
    "ownerBtcAddress": "3KZKi6aWvoZp2BjSYm8X126AeExpqdqvyh",
    "ownerOrdAddress": "bc1pvnkl5kgyjnr33yn5myvlqvw0nahnrqx2mj6a8j4ggpy09gvt3pdq4nf2sl"
}

Generating the signature:
AUBeB9HL+fbcTrVOSwzZvSn/oDluEckq0st4YMgr0nelFOT1qpA9HiohI6uGNDQnu47YUbFHWM0CrkiT7VdWf6Na

Using bip322-js to verify this signature, it returns FALSE:
bip322.Verifier.verifySignature(data.ordinalAddress, JSON.stringify(data.message), data.signature)

This bug here is happening to a few of our users (not all of them), which makes me think it must be something related to how the library uses the Ordinal Address of the user.

Please help us addressing the issue and let us know if you need more details.
Thank you!
@ACken2
Copy link
Owner

ACken2 commented Jul 13, 2024

Hi,

I have attempted to verify your BIP322 signature and message (which I assumed is signed by bc1pvnkl5kgyjnr33yn5myvlqvw0nahnrqx2mj6a8j4ggpy09gvt3pdq4nf2sl) using the following command on a Bitcoin Core compiled for BIP-322 support (https://github.com/kallewoof/bitcoin/tree/202201-bip322):

verifymessage "bc1pvnkl5kgyjnr33yn5myvlqvw0nahnrqx2mj6a8j4ggpy09gvt3pdq4nf2sl" "AUBeB9HL+fbcTrVOSwzZvSn/oDluEckq0st4YMgr0nelFOT1qpA9HiohI6uGNDQnu47YUbFHWM0CrkiT7VdWf6Na" "{"runeId":"840000:3","orderType":0,"orderPosition":"buy","orderAmount":1332,"orderPrice":7.51,"ownerBtckey":"020bb343eb11c05861b5d5607391a71b14fc941b6e50c52070fbb7c0665e7a48e2","ownerOrdKey":"56f4b67b0ade2e9ba69244db27dd980e58c4445ffb29c60dac4a2c7bc08688ac","ownerBtcAddress":"3KZKi6aWvoZp2BjSYm8X126AeExpqdqvyh","ownerOrdAddress":"bc1pvnkl5kgyjnr33yn5myvlqvw0nahnrqx2mj6a8j4ggpy09gvt3pdq4nf2sl"}"

However, it also fails verification there, so it is likely that the signature is not valid for the provided message and address.

Is it possible that the message signed was somehow incorrect or that the message was signed using another address?

@matteocoppola
Copy link
Author

Hi @ACken2 ,
thank you for your testing.
As we are sure the message is correct and correctly signed, the problem must be outside our codebase.
As your test shows that it's not an issue of bip322-js library, then it means the bug is in the Xverse wallet when they use it to sign with the OrdinalAddress.
Let's see what they find!

@elRaulito elRaulito mentioned this issue Jul 15, 2024
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ACken2 @matteocoppola