Custody Verification in Algorand

Can any one help me on the custody verification in Algorand i.e. identify an address/ account belongs to particular owner.

For example in bitcoin and ethereum we use address , message and signed message to identify the the address/account belongs to someone.

Contrary to Bitcoin, Algorand is account-based.

If smart contracts / logic signatures (https://developer.algorand.org/docs/features/asc1/) are not used, there is a single way to approve a transaction from a given account address:

  • either the account address is an ED25519 public key, in which case the transaction must be properly signed with regards to this public key.
  • or the account address is a multisig address, in which case the transaction must be properly signed with regards to enough public keys.

See https://developer.algorand.org/docs/features/transactions/signatures/ for details.

Here is a snippet for message signing:
http://algorand.hu/sign_message/sign_message.html

I have supplied a test account mnemonic.

DO NOT enter your mnemonic here, as the site uses http protocol.(*)
Instead, save the page to your local hard drive, and start it from there,
if you want to experiment with your real mnemonic (i.e. private key).

(*) Any help is welcome, how to install https instead…

Thanks @Maugli for the help but i need bit different like signing a message with private key and then what ever message it generates use the signature hash , message and public address to verify it. Do we have any library or Apis for that.

How can i generate a dummy algorand account along with public /private key for testing purpose

Dear @debasish,

  • On the “Sign message” tab the mnemonic is used to recreate the account, i.e. it is the private key in coded form.
  • the result of the “Sign message” is a JSON structure with “message”, “addr” and “sig”
  • it can be verified on the “Verify signature” tab.

Instead of the private key, its mnemonic is used in Algorand.
But otherwise it does exactly what you want.

Thanks @Maugli for the clarification. Could you please redirect me to some Api or node js lib where i can pass this sign message and get it verified and also if there is an api to sign a messge if i have the menomonic

Dear @debasish,
the snippet uses the Algorand JS SDK. See:
https://developer.algorand.org/docs/reference/sdks/
and specifically:

base64js was taken from https://github.com/beatgammit/base64-js

jquery and jquey_ui is taken from https://code.jquery.com

See also the source of the snippet, too:



/*
 * Input:	mnemonic, 	25 word mnemonic of account
 * Input:	message,	message to sign
 * Returns:	sig,		signed message
 *			addr,		address of account
 *			errmsg,		error message
 */
function algo_sign_message(mnemonic, message) {
	try {
		let recoveredAccount = algosdk.mnemonicToSecretKey(mnemonic);
		let arr_message=new TextEncoder("utf-8").encode(message);
		let arr_sig=algosdk.signBytes(arr_message, recoveredAccount.sk);
		let sts=algosdk.verifyBytes(arr_message, arr_sig, recoveredAccount.addr);
		let sig_str=new TextDecoder("utf-8").decode(arr_sig);
		let sig=base64js.fromByteArray(arr_sig);
		return {sig: sig, addr: recoveredAccount.addr, errmsg: ''};
	}
	catch (e) {
		console.log(e);
		return {sig: '', addr: '', errmsg: e};
	}
}

/*
 * Input:	addr,		Algorand address
 * Input:	message,	message
 * Input:	sig,		signature of message by address
 * Returns:	sig_sts		true of signature is correct, false otherwise
 *			errmsg,		error message
 */
function algo_verify_message(addr, message, sig) {
	try {
		let arr_message=new TextEncoder("utf-8").encode(message);
		let arr_sig=base64js.toByteArray(sig);	
		let sig_sts=algosdk.verifyBytes(arr_message, arr_sig, addr);
		return {sig_sts: sig_sts, errmsg: ''};
	}
	catch (e) {
		console.log(e);
		return {sig_sts: false, errmsg: e};
	}
}

This function could even be included in the Web wallet and the mobile wallet, too…
It would be useful.

Thanks @Maugli i was doing the same now from developer tools . Seems we both are on the same page :slight_smile:

You can install the Algorand software (https://developer.algorand.org/docs/run-a-node/setup/install/) and run algokey generate