Verify Signature on Signed Transaction

I am working with the Go SDK. In my use case I have signed payment transaction received from the network (i.e. msgpack). After decoding the msgpack data into the Types.SignedTxn object is it possible to verify the transaction or signature are valid and correct without broadcasting the transaction (e.g. SendRawTransaction)? Specifically I want to save on submitting the transaction if it is obviously invalid, tampered with or incorrect.

// txidPrefix is prepended to a transaction when computing its txid
var txidPrefix = []byte("TX")

// RawTransactionBytesToSign returns the byte form of the tx that we actually sign
// and compute txID from.
func RawTransactionBytesToSign(tx types.Transaction) []byte {
	// Encode the transaction as msgpack
	encodedTx := msgpack.Encode(tx)

	// Prepend the hashable prefix
	msgParts := [][]byte{txidPrefix, encodedTx}
	return bytes.Join(msgParts, nil)

// VerifySignature verifies a simple signature (not a multisig or logicsig)
func VerifySignature(tx types.Transaction, pk ed25519.PublicKey, sig types.Signature) bool {
	toBeSigned := RawTransactionBytesToSign(tx)
	return ed25519.Verify(pk, toBeSigned, sig[:])

// AddrToED25519PublicKey copies an address to pk
func AddrToED25519PublicKey(a types.Address) (pk ed25519.PublicKey) {
	pk = make([]byte, len(a))
	copy(pk, a[:])

// CheckSignature verifies that stx is either a single signature
func CheckSignature(stx types.SignedTxn) error {

	if (stx.Sig != types.Signature{}) { // contains a regular signature
		// Single signature
		// Check msig is empty
		if len(stx.Msig.Subsigs) != 0 || stx.Msig.Version != 0 || stx.Msig.Threshold != 0 {
			return errors.New("tx has both a sig and msig")
		// Check lsig is empty
		if !stx.Lsig.Blank() {
			return errors.New("tx has both a sig and lsig")
		pk := AddrToED25519PublicKey(stx.Txn.Sender)
		if (stx.Sig == types.Signature{}) && !requireSigned {
			return nil
		if !VerifySignature(stx.Txn, pk, stx.Sig) {
			return errors.New("signature does not verify")
	return errors.New("msig/lsig not supported")

Excellent. That worked. Thank you!

Edit: Removed my suggested changed that was here; the “msig/lsig not supported” should be returned in the case it’s not stx.Sig. However, I do need a return nil just above this line after the signature verification check has passed.

Hoping maybe someone converted this to the Javascript SDK and can share?

Also, for reference, this is what we are trying to achieve.

I was looking for the Python way of verifying the signature of a SignedTransaction but did not found so I wrote it myself :slight_smile:
Here it is :

import base64

import algosdk
from nacl.signing import VerifyKey

def verify_signature(signed_tx: algosdk.future.transaction.SignedTransaction):
    txn = algosdk.encoding.msgpack_encode(signed_tx.transaction)
    message_to_sign = algosdk.constants.txid_prefix + base64.b64decode(txn)
    public_key = algosdk.encoding.decode_address(signed_tx.transaction.sender)
    signature = base64.b64decode(signed_tx.signature)
    verify_key = VerifyKey(public_key)
    verify_key.verify(message_to_sign, signature)

Maybe this should be added to the Python SDK in the SignedTransaction class.
This is useful when reconstructing a SignedTransaction object from a base64 provided by the front-end (not trustable) before storing the signed transaction in a database for example.