Skip to content

SignatureEnvelope.verify

Verifies a signature envelope against a digest/payload.

Supports secp256k1, p256, and webAuthn signature types.

:::warning keychain signatures are not supported and will throw an error. :::

Imports

Named
import { SignatureEnvelope } from 'ox/tempo'

Examples

Secp256k1

import { SignatureEnvelope } from 'ox/tempo'
import { Secp256k1 } from 'ox'
 
const privateKey = Secp256k1.randomPrivateKey()
const publicKey = Secp256k1.getPublicKey({ privateKey })
const payload = '0xdeadbeef'
 
const signature = Secp256k1.sign({ payload, privateKey })
const envelope = SignatureEnvelope.from(signature)
 
const valid = SignatureEnvelope.verify(envelope, {
  payload,
  publicKey,
})

true

P256

For P256 signatures, the address or publicKey must match the embedded public key in the signature envelope.

import { SignatureEnvelope } from 'ox/tempo'
import { P256 } from 'ox'
 
const privateKey = P256.randomPrivateKey()
const publicKey = P256.getPublicKey({ privateKey })
const payload = '0xdeadbeef'
 
const signature = P256.sign({ payload, privateKey })
const envelope = SignatureEnvelope.from({ prehash: false, publicKey, signature })
 
const valid = SignatureEnvelope.verify(envelope, {
  payload,
  publicKey,
})

true

WebCryptoP256

import { SignatureEnvelope } from 'ox/tempo'
import { WebCryptoP256 } from 'ox'
 
const { privateKey, publicKey } = await WebCryptoP256.createKeyPair()
const payload = '0xdeadbeef'
 
const signature = await WebCryptoP256.sign({ payload, privateKey })
const envelope = SignatureEnvelope.from({ prehash: true, publicKey, signature })
 
const valid = SignatureEnvelope.verify(envelope, {
  payload,
  publicKey,
})

true

WebAuthnP256

import { SignatureEnvelope } from 'ox/tempo'
import { WebAuthnP256 } from 'ox'
 
const credential = await WebAuthnP256.createCredential({ name: 'Example' })
const payload = '0xdeadbeef'
 
const { metadata, signature } = await WebAuthnP256.sign({
  challenge: payload,
  credentialId: credential.id,
})
const envelope = SignatureEnvelope.from({
  metadata,
  signature,
  publicKey: credential.publicKey,
})
 
const valid = SignatureEnvelope.verify(envelope, {
  payload,
  publicKey: credential.publicKey,
})

true

Definition

function verify(
  signature: SignatureEnvelope,
  parameters: verify.Parameters,
): boolean

Source: src/tempo/SignatureEnvelope.ts

Parameters

signature

  • Type: SignatureEnvelope

signature.inner

  • Type: SignatureEnvelope

The actual signature from the access key (can be Secp256k1, P256, or WebAuthn)

signature.metadata

  • Type: Pick

signature.prehash

  • Type: boolean

signature.publicKey

  • Type: { prefix: number; x: bigint; y: bigint; }

signature.signature

  • Type: { r: bigintType; s: bigintType; yParity?: numberType; }

signature.type

  • Type: "keychain"

signature.userAddress

  • Type: abitype_Address

Root account address that this transaction is being executed for

parameters

  • Type: verify.Parameters

Verification parameters.

parameters.address

  • Type: abitype_Address

Address that signed the payload.

parameters.payload

  • Type: 0x${string} | Uint8Array

Payload that was signed.

parameters.publicKey

  • Type: { prefix: number; x: bigint; y: bigint; }

Public key that signed the payload.

Return Type

true if the signature is valid, false otherwise.

boolean