Looking for a way to verify ownership of a principal off-chain.
In Metamask this can be done with eth_sign (or other methods). Once the message is signed you can do secp256k1.recover to verify ownership of a public key (and the address).
Docs: Signing Data | MetaMask Docs
Note that you often work with delegated session keys on the IC where the principal, i.e. the persistent identity, is related to the key (often a canister sig public key) that issued/signed the delegation.
This works for identities/principals that are directly derived from a key pair (as in the example code above) but doesn’t work for delegated identities like Internet Identity. My note was just, that if you have a session key with a delegation then you need to verify the delegation as well and the identity needs to be derived from the delegation and not from the session key.
No, currently you can’t ask the Internet Identity canister to sign arbitrary messages. It only signs delegations.
I’m currently looking for a way to ask an IID to sign some data, and then be able to later verify this signature against a IID / Principal.
I found this method : https://agent-js.icp.xyz/agent/classes/SignIdentity.html#sign