Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

signing arbitrary data #155

Open
robertkowalski opened this issue Jan 10, 2020 · 1 comment
Open

signing arbitrary data #155

robertkowalski opened this issue Jan 10, 2020 · 1 comment

Comments

@robertkowalski
Copy link

robertkowalski commented Jan 10, 2020
edited
Loading

Happy friday Scatter team!

We are trying to sign arbitrary data with Scatter.

We use scatter.getArbitrarySignature. It works well for any strings that have less than 12 chars per word.

In our case, we need to sign larger JSON messages, so the limitation becomes tricky. The documentation mentions that the limitation applies to strings.

Not sure if we can pass other data types to it.

I already tried to pass in plain Node.js Buffers and Uint8 Arrays created with eos.Serialize.SerialBuffer, but no luck so far.

Why is the limitation of 12 chars there? Any ideas how to solve this issue?

Example:

const publicKey = 'PUBLIC_KEY'

const data = '{"foo":"bar","type":"candy","price":"100000000","amount": "1.00000000000000"}'
const sig = await scatter.getArbitrarySignature(publicKey, data)
console.log(data, sig, publicKey)

Example with Uint8 Binary data

const publicKey = 'PUBLIC_KEY'

const { TextDecoder, TextEncoder } = require('util')
const { Serialize } = require('eosjs')

const sb = new Serialize.SerialBuffer({
  textEncoder: new TextEncoder(),
  textDecoder: new TextDecoder()
})

const data = '{"foo":"bar","type":"candy","price":"100000000","amount": "1.00000000000000"}'
sb.pushString(data)

const array = sb.asUint8Array()
const sig = await scatter.getArbitrarySignature(publicKey, array)
console.log(array, sig, publicKey)
@nsjames
Copy link
Contributor

nsjames commented Jan 13, 2020

That 12 character limit is imposed as a defense mechanism since hashes could be passed into that method which are actually packed transactions, and then signed by the user without their knowledge of the parameters of the transaction they are signing (since arbitrary sigs only show the data being signed, and doesn't unpack it).

The alternative is using a pseudo-chain call to trick Scatter into using an on-chain contract for parsing, and passing in the string to be signed as a parameter. The transaction isn't actually sent to chain, just using the ABIs.
Example: https://github.com/GetScatter/scatter-js/blob/master/mock-sites/eosjs/index.html#L245
This also allows hardware wallets to work with arbitrary signatures.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robertkowalski @nsjames