Simplifying signature verification #1576
Description
End users should not be expected to manually reproduce the NEP-413 message transformation logic in order to verify signatures
Currently, to verify a SignedMessage (as returned from signNep413Message), developers must manually:
- Encode the prefix 2^31 + 413 as a little-endian u32
- Serialize the message, recipient, nonce, and callbackUrl? using the NEP-413 Borsh schema
- Concatenate the prefix and serialized message
- Hash the result with SHA-256
- Verify the signature using the resulting hash
This process is undocumented, error-prone, and not developer-friendly.
Proposal
Add a helper function to generate the NEP-413 message hash
export function hashNep413Message(params: SignMessageParams): Uint8Array;This function would return the exact Uint8Array hash of the NEP-413-compliant message that was originally signed using signNep413Message(...).
Add a high-level signature verification function
// 📍 Suggested location: packages/client/src/crypto.ts
export function verifyNep413Signature(params: SignMessageParams & {
publicKey: PublicKey;
signature: Uint8Array;
}): boolean;This function should internally call hashNep413Message(...) and perform publicKey.verify(hash, signature).
It allows developers to verify signed NEP-413 messages in a single call.
Also, the feature should be well-documented and accompanied by a practical example.
I'd be happy to contribute this via a PR, including one or both utility functions and integration into the cookbook.
I'm also working on testing the client package and plan to include this feature in the test suite as part of PR #1501.