Invalid signature from replica

After upgrading my dfx version to 0.15.1 I get the following:

Error: Invalid certificate: Invalid signature from replica c5enb-oeksj-2mllz-xjfzr-jjndo-hcwcu-msrfy-pb57s-6f3gq-6pjri-6qe signed query.

Any help appreciated.

2 Likes

Ok this was solved by upgrading to 0.15.2.beta

Not sure if that is the solution or just upgrading to another version has fixed something.

1 Like

The replica bundled in 0.15.1 did not support replica signed queries yet

2 Likes

In simpler terms, agent-js v0.20.0 introduced a breaking change that now requires its usage with dfx v0.15.2 or higher.

Update: … unless you set a flag called verifyQuerySignatures to false when you create the HTTP agent.

2 Likes

Sorry to interrupt, but in which file should we change the setting of http agent and replaces the package tweetnacl with @noble/curves ? I come across the same problem. Thanks!

Asking me? Not sure what you mean. The local issue discussed here has to do with a breaking change and a flag verifyQuerySignatures which should (or not) been turned on according the dfx version.

I’m sorry, I didn’t explain clearly. I’m studying an online web development course now. The teacher updated her course around 2022? I need to use the same dfx version(0.9.3) as hers. Then I come across this error:

I have done some digging in the forum and guess the solution is this:

But I don’t know in which file should we change the setting of http agent and replaces the package tweetnacl with @noble/curves. Need help. :pray:

Thanks for the explanation. Unfortunately I’m not sure I can be of any help. I’m guessing you are using some default settings and patterns of dfx/agent-js which I rarely use. I’ll forward your msg to the team.

I don’t think that tweetnacl has anything to do with this error. The problem is that the HttpAgent now checks for signatures on queries by default, matching the behavior on mainnet. If you are using an older version of dfx that doesn’t have this feature, you should go to wherever in your code the new HttpAgent() constructor is called, and pass in the verifyQuerySignatures: false setting. If you are using generated declarations, you could either edit the canister declaration, or use the createActor export to generate your own.

That would look like:

const actor = createActor(canisterId, { 
  agentOptions: {
    verifyQuerySignatures: false
  }
});

I’d probably also recommend configuring the dfx.json to avoid generating the default actor if you’re getting this error. That would have you edit the canister config to include

"declarations": {
    "node_compatibility": true
},

Thank you for your help!

I took the shortcut by downgrading dfx agent version, but I will share this with my classmates. Thank you!