JS/TS IC Signature Verification Library

Hi everyone

I just wanted to quickly show the following JS / TS library that I made to wrap the ic-standalone-sig-verifier crate: @dfinity/standalone-sig-verifier-web - npm

It allows to verify all signature schemes supported by the IC, including canister signatures. It also takes over all the DER-key parsing to figure out the signature scheme used. The library should be compatible with all major browsers and node.

Usage example here.

However, the following caveats apply:

  1. Verifying signatures in the front-end is generally unsafe! Malicious users could modify the front-end code and bypass the signature verification. This library is intended for use in demos, prototypes, backends and other situations where the code either cannot be tampered with or the tampering does not pose a security risk.
  2. This library is built from the master branch of the ic repo rather than a proper release of the underlying library. This means that the API may change at any time.
  3. The resulting wasm module is heavy, around 400 kb gzipped. Do not use this library if you are concerned about the size of your bundle.

Still, maybe it is useful for some. :wink:
It is also open for external contributions, so feel free to open PRs if you want to improve it.

6 Likes

could be a good fit for GitHub - dfinity/awesome-internet-computer: A curated list of awesome projects and resources relating to the Internet Computer Protocol :slight_smile:

2 Likes