How to check value returned by ic-certified-map

qwertytrewq · October 4, 2025, 7:53pm

ic-certified-map allows to certify whether a given key is present in a map in a Rust canister. So far, so good.

But I have some hardship to understand, how to verify it by ic/rs/crypto/standalone-sig-verifier/src/lib.rs at master · dfinity/ic · GitHub.

It is unclear whether to use verify_basic_sig_by_public_key or verify_canister_sig.
Which parameter corresponds to which? (certificate is apparently signature; pubic_key is the canister’s public key, isn’t it? If msg is the key in the certified tree, then where is the witness?)

I also opened an issue about this question: Document `ic-certified-map` verification · Issue #667 · dfinity/cdk-rs · GitHub

qwertytrewq · October 4, 2025, 8:03pm

Oh, it seems, I understood: message is witness and signature is certificate. The message itself is verified match the certificate by the backend in addition to pubkey verification by verify_basic_sig_by_public_key or verify_canister_sig. But which of these two functions to use?

Topic		Replies	Views
How to sign a message on client, Prove challenge in ICP canister Developers	8	186	February 27, 2025
Ic-canister-sig-creation: labeled_hash not exported, certified_data formula unclear Developers	4	112	February 11, 2026
How to certify a map? Language Support	1	52	October 1, 2025
Canister signatures available to canisters on all subnets Developers	36	4368	May 13, 2024
How can I validate subnet "signatures" on-chain? Developers	6	584	June 7, 2023

How to check value returned by ic-certified-map

Related topics