Verify Signature
In this guide, we will verify a signature using the @joyid/ckb SDK verifySignature() function.
After signing a challenge with signChallenge(), a JSON object is returned which includes the properties challenge, message and signature. This JSON object can be used to verify the signature using verifySignature().
Understanding the difference between a challenge and a message.
A challenge is what you as a developer need JoyID to sign.
A message is the piece of data that JoyID actually signs. A message is a combination of a challenge and some other data needed to complete the process, such as authenticator data, etc. The challenge is always included within the message.
For more information, you can check out the WebAuthn Spec (opens in a new tab).
There are two steps to verify a signature:
- Verify the message that contains the challenge that you requested to sign.
- Verify the signature that is signed by the credential.
import { signChallenge } from '@joyid/ckb';
import { verifySignature } from '@joyid/core';
const data = await signChallenge(quest);
const result = await verifySignature(data);
alert(result); // true or false