Custody Verification in Algorand

debasish · March 2, 2020, 6:28pm

Can any one help me on the custody verification in Algorand i.e. identify an address/ account belongs to particular owner.

For example in bitcoin and ethereum we use address , message and signed message to identify the the address/account belongs to someone.

fabrice · March 3, 2020, 8:12pm

Contrary to Bitcoin, Algorand is account-based.

If smart contracts / logic signatures (https://developer.algorand.org/docs/features/asc1/) are not used, there is a single way to approve a transaction from a given account address:

either the account address is an ED25519 public key, in which case the transaction must be properly signed with regards to this public key.
or the account address is a multisig address, in which case the transaction must be properly signed with regards to enough public keys.

See https://developer.algorand.org/docs/features/transactions/signatures/ for details.

Maugli · March 4, 2020, 4:39pm

Here is a snippet for message signing:
http://algorand.hu/sign_message/sign_message.html

I have supplied a test account mnemonic.

DO NOT enter your mnemonic here, as the site uses http protocol.(*)
Instead, save the page to your local hard drive, and start it from there,
if you want to experiment with your real mnemonic (i.e. private key).

(*) Any help is welcome, how to install https instead…

debasish · March 5, 2020, 6:15am

Thanks @Maugli for the help but i need bit different like signing a message with private key and then what ever message it generates use the signature hash , message and public address to verify it. Do we have any library or Apis for that.

How can i generate a dummy algorand account along with public /private key for testing purpose

Maugli · March 5, 2020, 9:06am

Dear @debasish,

On the “Sign message” tab the mnemonic is used to recreate the account, i.e. it is the private key in coded form.
the result of the “Sign message” is a JSON structure with “message”, “addr” and “sig”
it can be verified on the “Verify signature” tab.

Instead of the private key, its mnemonic is used in Algorand.
But otherwise it does exactly what you want.

debasish · March 5, 2020, 9:09am

Thanks @Maugli for the clarification. Could you please redirect me to some Api or node js lib where i can pass this sign message and get it verified and also if there is an api to sign a messge if i have the menomonic

Maugli · March 5, 2020, 9:22am

Dear @debasish,
the snippet uses the Algorand JS SDK. See:
https://developer.algorand.org/docs/reference/sdks/
and specifically:

github.com

algorand/js-algorand-sdk/blob/master/dist/algosdk.min.js

(function(e){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{var t;t="undefined"==typeof window?"undefined"==typeof global?"undefined"==typeof self?this:self:global:window,t.algosdk=e()}})(function(){var t=Math.pow,o=Math.min,r=Number.isSafeInteger,a=Math.abs,s=Math.floor,d=String.fromCharCode,p;return function(){function s(l,e,r){function t(d,n){if(!e[d]){if(!l[d]){var i="function"==typeof require&&require;if(!n&&i)return i(d,!0);if(o)return o(d,!0);var c=new Error("Cannot find module '"+d+"'");throw c.code="MODULE_NOT_FOUND",c}var a=e[d]={exports:{}};l[d][0].call(a.exports,function(e){var o=l[d][1][e];return t(o||e)},a,a.exports,s,l,e,r)}return e[d].exports}for(var o="function"==typeof require&&require,a=0;a<r.length;a++)t(r[a]);return t}return s}()({1:[function(e,o,n){!function(r,e){"object"==typeof n&&"object"==typeof o?o.exports=e():"function"==typeof p&&p.amd?p([],e):"object"==typeof n?n.MessagePack=e():r.MessagePack=e()}(this,function(){return function(o){function a(t){if(e[t])return e[t].exports;var r=e[t]={i:t,l:!1,exports:{}};return o[t].call(r.exports,r,r.exports,a),r.l=!0,r.exports}var e={};return a.m=o,a.c=e,a.d=function(o,e,t){a.o(o,e)||Object.defineProperty(o,e,{enumerable:!0,get:t})},a.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},a.t=function(o,r){if(1&r&&(o=a(o)),8&r)return o;if(4&r&&"object"==typeof o&&o&&o.__esModule)return o;var t=Object.create(null);if(a.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:o}),2&r&&"string"!=typeof o)for(var n in o)a.d(t,n,function(e){return o[e]}.bind(null,n));return t},a.n=function(o){var e=o&&o.__esModule?function(){return o.default}:function(){return o};return a.d(e,"a",e),e},a.o=function(o,e){return Object.prototype.hasOwnProperty.call(o,e)},a.p="",a(a.s=0)}([function(u,e,t){"use strict";function y(a){for(var e=a.length,t=0,s=0,l;s<e;)if(l=a.charCodeAt(s++),0==(4294967168&l))t++;else if(0==(4294965248&l))t+=2;else{if(55296<=l&&56319>=l&&s<e){var c=a.charCodeAt(s);56320==(64512&c)&&(++s,l=((1023&l)<<10)+(1023&c)+65536)}t+=0==(4294901760&l)?3:4}return t}function w(i,e,t){for(var r=e,p=r+t,o=[],s="",u;r<p;){if(u=i[r++],0==(128&u))o.push(u);else if(192==(224&u)){var g=63&i[r++];o.push((31&u)<<6|g)}else if(224==(240&u)){g=63&i[r++];var y=63&i[r++];o.push((31&u)<<12|g<<6|y)}else if(240==(248&u)){var m=(7&u)<<18|(g=63&i[r++])<<12|(y=63&i[r++])<<6|63&i[r++];65535<m&&(m-=65536,o.push(55296|1023&m>>>10),m=56320|1023&m),o.push(m)}else o.push(u);65536<=o.length-4&&(s+=d.apply(String,ie(o)),o.length=0)}return 0<o.length&&(s+=d.apply(String,ie(o))),s}function c(o,e,t){var r=s(t/4294967296);o.setUint32(e,r),o.setUint32(e+4,t)}function p(o,e){return 4294967296*o.getInt32(e)+o.getUint32(e+4)}function T(o){var e=o.sec,t=o.nsec;if(0<=e&&0<=t&&17179869183>=e){if(0===t&&4294967295>=e){var r=new Uint8Array(4);return(a=new DataView(r.buffer)).setUint32(0,e),r}return r=new Uint8Array(8),(a=new DataView(r.buffer)).setUint32(0,t<<2|3&e/4294967296),a.setUint32(4,4294967295&e),r}var a;return r=new Uint8Array(12),(a=new DataView(r.buffer)).setUint32(0,t),c(a,4,e),r}function v(o){var e=o.getTime(),t=s(e/1e3),r=1e6*(e-1e3*t),a=s(r/1e9);return{sec:t+a,nsec:r-1e9*a}}function g(t){return t instanceof Date?T(v(t)):null}function z(o){var e=new DataView(o.buffer,o.byteOffset,o.byteLength);switch(o.byteLength){case 4:return{sec:e.getUint32(0),nsec:0};case 8:var t=e.getUint32(0);return{sec:4294967296*(3&t)+e.getUint32(4),nsec:t>>>2};case 12:return{sec:p(e,4),nsec:e.getUint32(0)};default:throw new Error("Unrecognized data size for timestamp: "+o.length);}}function m(o){var e=z(o);return new Date(1e3*e.sec+e.nsec/1e6)}function U(t){return t instanceof Uint8Array?t:ArrayBuffer.isView(t)?new Uint8Array(t.buffer,t.byteOffset,t.byteLength):t instanceof ArrayBuffer?new Uint8Array(t):Uint8Array.from(t)}function E(l,e,t){var r=l.length,n=2*r,i=x.malloc(n);!function(a,e,t,r){for(var n=new DataView(x.memory.buffer,a,e),s=0;s<r;s++)n.setUint16(2*s,t.charCodeAt(s))}(i,n,l,r);var o=x.malloc(5+4*r);try{var s=x.utf8EncodeUint16Array(o,i,r);return e.set(new Uint8Array(x.memory.buffer,o,s),t),s}finally{x.free(i),x.free(o)}}function L(l,e,t){var r=x.malloc(t),s=x.malloc(2*t),a,c,p;try{a=r,c=l.subarray(e,e+t),p=t,new Uint8Array(x.memory.buffer,a,p).set(c);var u=x.utf8DecodeToUint16Array(s,r,t);return function(o){if(o.length<=65536)return d.apply(String,o);for(var e="",a=0,s;a<o.length;a++)s=o.subarray(65536*a,65536*(a+1)),e+=d.apply(String,s);return e}(new Uint16Array(x.memory.buffer,s,u))}finally{x.free(r),x.free(s)}}function I(o,e){void 0===e&&(e=B);var a=new k(e.extensionCodec,e.maxDepth,e.initialBufferSize,e.sortKeys,e.forceFloat32);return a.encode(o,1),a.getUint8Array()}function P(t){return(0>t?"-":"")+"0x"+a(t).toString(16).padStart(2,"0")}function j(o,e){void 0===e&&(e=Z);var a=

This file has been truncated. show original

base64js was taken from https://github.com/beatgammit/base64-js

jquery and jquey_ui is taken from https://code.jquery.com

See also the source of the snippet, too:



/*
 * Input:	mnemonic, 	25 word mnemonic of account
 * Input:	message,	message to sign
 * Returns:	sig,		signed message
 *			addr,		address of account
 *			errmsg,		error message
 */
function algo_sign_message(mnemonic, message) {
	try {
		let recoveredAccount = algosdk.mnemonicToSecretKey(mnemonic);
		let arr_message=new TextEncoder("utf-8").encode(message);
		let arr_sig=algosdk.signBytes(arr_message, recoveredAccount.sk);
		let sts=algosdk.verifyBytes(arr_message, arr_sig, recoveredAccount.addr);
		let sig_str=new TextDecoder("utf-8").decode(arr_sig);
		let sig=base64js.fromByteArray(arr_sig);
		return {sig: sig, addr: recoveredAccount.addr, errmsg: ''};
	}
	catch (e) {
		console.log(e);
		return {sig: '', addr: '', errmsg: e};
	}
}

/*
 * Input:	addr,		Algorand address
 * Input:	message,	message
 * Input:	sig,		signature of message by address
 * Returns:	sig_sts		true of signature is correct, false otherwise
 *			errmsg,		error message
 */
function algo_verify_message(addr, message, sig) {
	try {
		let arr_message=new TextEncoder("utf-8").encode(message);
		let arr_sig=base64js.toByteArray(sig);	
		let sig_sts=algosdk.verifyBytes(arr_message, arr_sig, addr);
		return {sig_sts: sig_sts, errmsg: ''};
	}
	catch (e) {
		console.log(e);
		return {sig_sts: false, errmsg: e};
	}
}

This function could even be included in the Web wallet and the mobile wallet, too…
It would be useful.

debasish · March 5, 2020, 10:01am

Thanks @Maugli i was doing the same now from developer tools . Seems we both are on the same page

fabrice · March 5, 2020, 1:35pm

You can install the Algorand software (Install a node - Algorand Developer Portal) and run algokey generate

Topic		Replies	Views
Algorand - 'consumer' experience, questions General	6	935	June 5, 2020
How can I use Hash based Signatures in Algorand Transactions? AlgoSDK asa	2	654	January 12, 2020
Multisig Accounts and Inner Transactions General teal , smart-contracts	3	661	December 27, 2021
How is an Algorand's address made? General	4	2673	September 6, 2019
Is there a way to sign into a website via "sign a message" in Algorand? General	4	1532	February 11, 2022

Custody Verification in Algorand

Related topics