[new feature] Verifying signatures

[rh0delta]

Query: As a user, I would like the ability to Verify Entropy signatures using the Entropy CLI
Blocked By: entropyxyz/sdk#438

Requirements:

• SDK verify method provided through adapters or entropy/sdk crypto utils
• verify signature using built-in hashing algorithms
• sign will return an object, all information returned from sign will be required params for the verify method
  • this will make the tui flow redundant if we want to build the verify flow in a way where sign result can be piped into the verify method

Command:

entropy sign | entropy verify
true/false/error?

TUI:

? Select Action 
  Manage Accounts 
  Entropy Faucet 
  Balance 
  Register 
❯ Manage Signatures
  Transfer 
  Deploy Program 
  User Programs 
  Exit 

? Select Action Manage Signatures
? interactionChoice: (Use arrow keys)
❯ New Signature 
  Verify Signature 
  Exit to Main Menu 

? Select Action Manage Signatures
? interactionChoice: Verify Signature
? Signature to be verified <signature>
? Verifying Key used <verifyingKey>
? Message signed <msgSigned>
Signature is verified!

[johnnymatthews]

Few questions:

1. What does it mean to verify a signature? Are we just calculating a checksum or something deeper?
2. What's the end-to-end goal for verifying a signature? Like, when will I, as a dev, want to use this feature? Every time I deal with sigs, or only occasionally?
3. You mention "all information returned from sign will be required params for the verify method" - what does that object looks like?
4. In the TUI flow, it looks like we'll prompt for signature, verifying key, and original message. Any thoughts on error handling? Like, should we give detailed feedback if verification fails because of a key-mismatch or whatever?
5. Just to confirm - the goal is that entropy sign | entropy verify should work as a basic pipe, returning a boolean or error, right? Or is entropy sign always gonna run verify?

[rh0delta]

Few questions:

1. What does it mean to verify a signature? Are we just calculating a checksum or something deeper?
2. What's the end-to-end goal for verifying a signature? Like, when will I, as a dev, want to use this feature? Every time I deal with sigs, or only occasionally?
3. You mention "all information returned from sign will be required params for the verify method" - what does that object looks like?
4. In the TUI flow, it looks like we'll prompt for signature, verifying key, and original message. Any thoughts on error handling? Like, should we give detailed feedback if verification fails because of a key-mismatch or whatever?
5. Just to confirm - the goal is that entropy sign | entropy verify should work as a basic pipe, returning a boolean or error, right? Or is entropy sign always gonna run verify?

1. we are verifying that the signature is valid based on the hashing algorithm used, the public key used and the message that was signed. @frankiebee can elaborate further if needed.
2. I would assume the verify should be used based on the dev/users specific needs, which is why it is being offered as a separate command/action rather than implemented in conjunction with signing

export interface SignatureData {
  signarure: string
  verifyingKey: string
  hashingAlogrithm: string
  messageHash: string // the hashed message
}
export interface AdapterSignatureData {
  signarure: string
  verifyingKey: string
  hashingAlogrithm: string
  messageHash: string // the hashed message
  messageParams: any // the original object or message
}

4. in terms of error handling, we will follow the same structure as we do for the rest of our actions, however we may be removing the TUI implementation, but this requires further discussion with the JS team.
5. the former is correct, sign will not always run verify.