Document signatures in FAQ

[gsmachado]

No description provided.

[mialbu]

@gsmachado, we should add a question about singing and verifying messages with NeoLine. NeoLine implements some modifications to the message before signing in order to support Ledger (as of now Ledger only supports signing transactions for N3).
This means that all messages signed with NeoLine will undergo these modifications (including those not signing with Ledger).

The steps are shown in the example comment here:

So, if you want to sign the message neow3j is awesome!, the message that will be signed by NeoLine will be:
"010001f0" + "12" + "6e656f77336a20697320617765736f6d6521" + "0000"
= "010001f0126e656f77336a20697320617765736f6d65210000"

6e656f77336a20697320617765736f6d6521* -> hex of neow3j is awesome!
12 = hexadecimal for decimal 18 (# of hex values of the message's hex representation above (*))
010001f0 and 0000 are specific values needed to enable signing with ledger.

[gsmachado]

010001f0 and 0000 are specific values needed to enable signing with ledger.

I understand that 010001f0 (prefix) and 0000 (suffix) are fixed values. But do you know (or can ask) more info on what's exactly that for Ledger?

[mialbu]

Asked, will come back to you.

[mialbu]

Do you know what exactly the constant values 010001f0 and 0000 stand for? Is this for tricking Ledger into believing this message is a transaction?

Yes

[gsmachado]

it would be good to know WHAT are these hex values... like, transaction type? chain id? what?

[gsmachado]

Or, maybe, is this something specific to the Neo app for Ledger, and not Ledger itself?!

[gsmachado]

just FYI: https://github.com/LedgerHQ/app-neo3

[mialbu]

Or, maybe, is this something specific to the Neo app for Ledger, and not Ledger itself?!

I assume this is the case, yes. Can't confirm it though.

[gsmachado]

I understand that 010001f0 (prefix) and 0000 (suffix) are fixed values. But do you know (or can ask) more info on what's exactly that for Ledger?

@hacfox maybe can you clarify these questions? ☝️

We'd like to know what 010001f0 (prefix) and 0000 (suffix) are, and where is this required (NeoLine? Ledger? which component is requiring this and for what purpose)

[hacfox]

@gsmachado @mialbu Yes
So first of all, The Ledger only supports transaction signing for Neo Legacy and N3.
For Neo Legacy, In order to enable Ledger to sign regular messages, we had to construct the message as a transaction and then have it signed.

Look into this part ➡️ serialize from neon-js

1. We construct the message as a IssueTransaction transaction(the transaction type is 0x01)
2. the serializeExclusive() is "", Why empty here?
3. 01 -> attributes length, f0 -> usage's hex of 240, concatenatedString -> data
   

[hacfox]

Furthermore, using the same approach for signmessage on N3 as on Neo Legacy doesn't make sense. Initially, we wanted to ensure compatibility with N3 Ledger, but the transaction construction has changed, so we didn't proceed and opened an issue here.

[csmuller]

@hacfox, So that means that signing a message with NeoLine using Ledger on N3 is not possible at the moment?

AFAIK, transaction signing of N3 transactions is possible with the Neo Ledger app. Thus, I conclude with a different prefix/suffix as the signmessage NeoLine is using for Neo Legacy it should be possible to do the same for N3, no?

[hacfox]

@csmuller Whether it can be done or not is one thing, but first, consider this: for developers, they are more inclined to perform actions like:

data = crypto.sign(message, privatekey);  // message = neow3j is awesome!

and

crypto.verify(data, publickey);

Rather than the current situation where rules and strings are added before and after, causing confusion among developers.

[hacfox]

@csmuller And...
As you mentioned, For N3, we construct the message in a transaction-like format for the Ledger to sign (without sending it to nodes). This is indeed feasible, and we have actually accomplished this quite early on. However, we have been weighing the pros and cons of this approach and haven't integrated it into the existing code yet. You won't find it in any branch on GitHub either. If you need, I can provide something, FYI. 👇

const message = 'hello world';
const parameterHexString = Buffer.from(message).toString('hex');
const lengthHex = u.num2VarInt(parameterHexString.length / 2);
const concatenatedString = lengthHex + parameterHexString;
const prefix =  000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000;
const messageHex = prefix + concatenatedString;
const signHex = u.num2hexstring(0, 4, true) + u.sha256(messageHex); // u.num2hexstring(0, 4, true) is MagicNumber, set 0 here

const signData = wallet.sign(signHex, privateKey); 
const result = wallet.verify(signHex, signData, publicKey); 

prefix:
00  verison
00000000  nonce
0000000000000000  systemFee
0000000000000000  networkFee
00000000  validUntilBlock
01 0000000000000000000000000000000000000000 00 signers: length is 1|account|scope
00 attributes: length is 0

Why prefix? Only for transaction-like format!