Heyya, this is my implementation of public key signatures for Week 1 Project in Alchemy University Ethereum Developer Bootcamp. I will be describing my implementation here in brief.
Continuing from the video, I've formatted the public addresses to follow the Ethereum style of formatting, using the last 20 digits of the keccak hash.
generate.js
in server will output a connect signature that will be used to find the public key when interacting with the client. For simplicity sake, the recovery bit is concatenated with the hex signature. The server will then slice them back, convert the hex signature back into Uint8Array and run the recoverPublicKey
function to find the respective public address.
In the same directory as generate.js
, I've written another script called signTx.js
that accepts a message hash and a private key as arguments. The script will return a signature in hex format.
Example: node scripts/signTx.js c5a3a0b0c49dc1006b2598fea3df5e6b94959d21235d4599194bd06f49378d39 50c4b3abc520687ccb051e094f17f396d0ef2fcc16c07970dacfaec1cdf6bd18
After connecting your wallet and inputting the amount and recipient, a message hash is generated for that particular transaction. In order to execute the transaction, the owner of the wallet must sign the message hash using their private key and input the signature.
The generated message hash for the transaction is appended with a timestamp so it produces a unique hash every time. Client and server keeps track of the last time a hash is produced. The user signs the hash with their private key and the server verifies the signature by reproducing and comparing the message with the timestamp. If the verification is successful, the transaction is executed and the signature is stored in an array of expired signatures. Therefore, the user or an adversary cannot use the same signature again and must generate a new hash with a new timestamp.
This project is an example of using a client and server to facilitate transfers between different addresses. Since there is just a single server on the back-end handling transfers, this is clearly very centralized. We won't worry about distributed consensus for this project.
However, something that we would like to incoporate is Public Key Cryptography. By using Elliptic Curve Digital Signatures we can make it so the server only allows transfers that have been signed for by the person who owns the associated address.
For an overview of this project as well as getting started instructions, check out the following video:
https://www.loom.com/share/0d3c74890b8e44a5918c4cacb3f646c4
The client folder contains a react app using vite. To get started, follow these steps:
- Open up a terminal in the
/client
folder - Run
npm install
to install all the depedencies - Run
npm run dev
to start the application - Now you should be able to visit the app at http://127.0.0.1:5173/
The server folder contains a node.js server using express. To run the server, follow these steps:
- Open a terminal within the
/server
folder - Run
npm install
to install all the depedencies - Run
node index
to start the server
The application should connect to the default server port (3042) automatically!
Hint - Use nodemon instead of node
to automatically restart the server on any changes.