namespace-identifier | title | author | discussions-to | status | type | created | updated | requires | |||
---|---|---|---|---|---|---|---|---|---|---|---|
solana-caip122 |
Solana Namespace - SIWx |
Haardik (@haardikk21) |
Draft |
Standard |
2022-07-06 |
2022-07-06 |
|
For context, see the CAIP-122 specification.
In Solana, signatures can only be made over raw bytes, Uint8Arrays
in Javascript. This specification provides the signing algorithm to use, the type
of the signing algorithm to identify it, and a method for signature creation and verification as required by CAIP-122.
Solana uses the Ed25519 signing algorithm for signing and verifying messages. Solana keypairs are also just Ed25519 public/private keypairs.
We propose using the signature type solana:ed25519
to refer to the chain and algorithm used uniquely.
The abstract data model must be converted into a string representation in an unambigious format, and then the string converted to a byte array to be signed over.
We propose the following string format, inspired by EIP-4361.
${domain} wants you to sign in with your Solana account:
${address}
${statement}
URI: ${uri}
Version: ${version}
Chain ID: ${chain-id}
Nonce: ${nonce}
Issued At: ${issued-at}
Expiration Time: ${expiration-time}
Not Before: ${not-before}
Request ID: ${request-id}
Resources:
- ${resources[0]}
- ${resources[1]}
...
- ${resources[n]}
For example,
service.org wants you to sign in with your Solana account:
GwAF45zjfyGzUbd3i3hXxzGeuchzEZXwpRYHZM5912F1
I accept the ServiceOrg Terms of Service: https://service.org/tos
URI: https://service.org/login
Version: 1
Chain ID: 1
Nonce: 32891757
Issued At: 2021-09-30T16:25:24.000Z
Resources:
- ipfs://Qme7ss3ARVgxv6rXqVPiikMJ8u2NLgmgszg13pYrDKEoiu
- https://example.com/my-web2-claim.json
which should then be converted into raw bytes (encoded as base64url for brevity).
c2VydmljZS5vcmcgd2FudHMgeW91IHRvIHNpZ24gaW4gd2l0aCB5b3VyIFNvbGFuYSBhY2NvdW50OgpHd0FGNDV6amZ5R3pVYmQzaTNoWHh6R2V1Y2h6RVpYd3BSWUhaTTU5MTJGMQoKSSBhY2NlcHQgdGhlIFNlcnZpY2VPcmcgVGVybXMgb2YgU2VydmljZTogaHR0cHM6Ly9zZXJ2aWNlLm9yZy90b3MKClVSSTogaHR0cHM6Ly9zZXJ2aWNlLm9yZy9sb2dpbgpWZXJzaW9uOiAxCkNoYWluIElEOiAxCk5vbmNlOiAzMjg5MTc1NwpJc3N1ZWQgQXQ6IDIwMjEtMDktMzBUMTY6MjU6MjQuMDAwWgpSZXNvdXJjZXM6Ci0gaXBmczovL1FtZTdzczNBUlZneHY2clhxVlBpaWtNSjh1Mk5MZ21nc3pnMTNwWXJES0VvaXUKLSBodHRwczovL2V4YW1wbGUuY29tL215LXdlYjItY2xhaW0uanNvbg
Depending on the method used for signatures, this conversion may or may not happen automatically. For example, when using Phantom Wallet client-side, it performs the conversion automatically. However, if doing something server-side, you likely need to do this conversion yourself.
Signature verification behaves similarly. We can use standard Ed25519 signature verification. We convert the input message to a bytes representation of the string format, then verify the signature over that. The verification public key should be the Solana wallet address, which is just a base58
encoded Ed25519 public key.