[gnokey] verify not functioning as intended

[leohhhn]

Description

After using gnokey sign to get a signature on a call transaction, I tried verifying the signature with the verify subcommand:

gnokey verify -docpath file.tx dev "RCtpN+oYwMQK8E4Edg+47rfINyTBTJrXip9pKmjoCdY9pZNyGiXQFLi33uQjfG/uw8yNedkwjdfiH0vsSAXSdg=="

file.tx contains the following data, signed by the dev key:

{
  "msg": [
    {
      "@type": "/vm.m_call",
      "caller": "g1zzqd6phlfx0a809vhmykg5c6m44ap9756s7cjj",
      "send": "",
      "pkg_path": "gno.land/r/demo/userbook",
      "func": "SignUp",
      "args": null
    }
  ],
  "fee": {
    "gas_wanted": "2000000",
    "gas_fee": "1000000ugnot"
  },
  "signatures": [
    {
      "pub_key": {
        "@type": "/tm.PubKeySecp256k1",
        "value": "A4vbt/RTXs3UWUQZdg7W6glviY2ighS0MzoQ/HOb53Wy"
      },
      "signature": "RCtpN+oYwMQK8E4Edg+47rfINyTBTJrXip9pKmjoCdY9pZNyGiXQFLi33uQjfG/uw8yNedkwjdfiH0vsSAXSdg=="
    }
  ],
  "memo": ""
}

gnokey errors out with encoding/hex: invalid byte: U+0052 'R'. Not sure if I am using this command wrongly or is it the parsing broken.

I tried running the command without the quotes around the signature as well, same result.
The signature is valid as the transaction goes through to the network normally.

Steps to reproduce:

1. Fetch data about your key:

gnokey query auth/accounts/<your_address> -remote "https://rpc.gno.land:443"

2. Create a transaction and save it to a file locally:

gnokey maketx call \
-pkgpath "gno.land/r/demo/userbook" \
-func "SignUp" \
-gas-fee 1000000ugnot \
-gas-wanted 2000000 \
<your_keyname> > file.tx

3. Sign the transaction with the data from the 1st step:

gnokey sign \
-tx-path file.tx \
-chainid "portal-loop" \
-account-number 468 \
-account-sequence 0 \
<your_keyname>

4. Try running gnokey verify like stated in the top of the issue.

Smells like amino? 😄

[thinhnx-var]

IDK exactly what was wrong, but the reproduce steps is miss-typed somewhere. I think it should be file.tx in step 3 instead of userbook.tx.
But the point is, the -docpath args does not effect the result, so i guess the reason does not come from the tx file.
Like this:

$ gnokey verify -docpath a.tx dev "RCtpN+oYwMQK8E4Edg+47rfINyTBTJrXip9pKmjoCdY9pZNyGiXQFLi33uQjfG/uw8yNedkwjdfiH0vsSAXSdg=="
encoding/hex: invalid byte: U+0052 'R'
$ ls
gno     thinhnx

there is no a.tx file in current dir.

Lets dive deeper into verify command 🔥

[thinhnx-var]

Just a quick look:
Hmmm why does your signature start with a "R"?
I mean the encode/hex is just able to verify a regex like ^[0-9a-fA-F]+$.

[leohhhn]

@thinhnx-var

Thanks for looking into this.

The signature is that way in the file, as you can see. Not really sure why it has an R, I'm no expert on this.

I assume this has something to do with how we use Amino to marshall & unmarshall data

[thinhnx-var]

To @leohhhn :
I think you can not use the plain text in signed.tx to verify the file because it is an Amino-encoded json.
The verify command need a hex of signature.

Like this:

$ gnokey verify -docpath file.tx testKey "447b5934f5a49358c8348c844419231b16bec495dbca20e015aa96cd0037d2992406127d3be5eb63ac139d9e83aff04ec60861efa60e9bc4da5d466876e93b69"                                                                    ✔
--= Error =--
Data: invalid signature
Msg Traces:
--= /Error =--

Since I dont know where to get that string, then I print it out from sign.go ( as logic in sign_test.go and verify_test.go) and it still not works :)

I think this is not an bug, just need to make the command usage clearer.
WDYT cc @zivkovicmilos

[zivkovicmilos]

@thinhnx-var is right, the signature needs to be hex, not a raw base64 encoding of the signature

Not an issue 👍

[Kouteki]

@leohhhn let's make sure hex is called out in the documentation, if it isn't there already.

[leohhhn]

I've added the documentation and mentioned that hex is the correct way to provide a signature based on the discussion above.