Posts

Hey, looking for help validating a Hive signature in PHP

avatar of @innerwebbp
25
innerwebbp
@innerwebbp
·
0 views
·
3 min read

Hey, I’m following @brianoflondon ’s example and posting for some help. I’m trying to do almost exactly what he did in Python, but validate a Hive signature using PHP.

Brian did it here in Python, using the beempy library:

https://stemgeeks.net/@brianoflondon/looking-for-help-how-to-verify-if-a-hive-message-is-signed-correctly-in-python-beem

I’m building some new WordPress plugins that interact with Hive for a new project, InnerWebBlueprint.com (IWB for short). I’ll write some more about that when it’s a bit more complete… In the meantime,.

This first plugin is a Single Sign On (SSO) plugin that allows a user to login to WordPress with just their Hive account.

It's actually working!!! You can try it out here: https://www.innerwebblueprint.com/wp-login.php

Code here: https://www.innerwebblueprint.com/go/github/github-iwb-hive-wp-sso/ direct: https://github.com/innerwebblueprint/iwb-hive-wp-sso

But... I’m having to do the signature verification in python which requires a specific python library, beempy. I haven’t figured out how to do it in PHP yet, so this plugin, as it is, won’t work without python and that python library.

Obviously this is not ideal for ‘general use’ as installing python libraries is not a trivial task for most people who run a WordPress site. It’s highly unlikely that any general hosting will have these libraries available.

I’d really like to be able to verify this signature in PHP, so this WordPress plugin can be used more widely, without having to use python and the beempy library.

Elliptic curve stuff is like level 9+ nerd, and I’m still only level 4 and I’m having trouble figuring out how to do it! I’ve pulled some examples from other plugins that do this kind of thing with ETH, but I’m still kinda lost.

These two functions look like they are doing what I want to do, but it’s honestly still a little ‘greek’ to me. Hoping for some help. I’m not even sure I’m barking up the right tree here? I’ve been told by some that it currently can’t be done? That doesn’t seem right to me though.

function verify_signature($message, $signature, $address) { 
   $msglen = strlen($message); 
   $hash   = Keccak::hash("\x19Ethereum Signed Message:\n{$msglen}{$message}", 256); 
   $sign   = ["r" => substr($signature, 2, 64), 
             "s" => substr($signature, 66, 64)]; 
   $recid  = ord(hex2bin(substr($signature, 130, 2))) - 27; 
   if ($recid != ($recid & 1)){ 
     return 0; 
   } 
  
   $ec = new EC('secp256k1'); 
   $pubkey = $ec->recoverPubKey($hash, $sign, $recid); 
    return $address == $this->pub_key_to_address($pubkey); 
 } 
 
 
function pub_key_to_address($pubkey) { 
   return "0x" . substr(Keccak::hash(substr(hex2bin($pubkey->encode("hex")), 1), 256), 24); 
 }

Any experts out there that can lend some examples? Or point me in the right direction? The one plugin I found includes the Elliptic and Keccak libraries

https://github.com/simplito/elliptic-php https://github.com/kornrunner/php-keccak

use Elliptic\EC; 
use kornrunner\Keccak;

But I’ve still got lots to learn. I’m really lost on the hashing, encoding, hexing, helixifying, and how to work with all that stuff. I have lots to learn when it comes to all that kind of stuff. It makes my brain hurt LOL!

I sorta settled with the python route to get this plugin working for now, because beempy is super easy to work with, and this plugin is originally designed to be used with a Docker image for my IWB project that already includes everything required.

I’m building this for a specific use case for my IWB project to connect a bunch of self hosted wordpress websites together using Hive as a shared reference point (user accounts in this case).

But if I can verify the signature in php with libraries I can just include, this plugin can be much more widely available, and used by any self hosted WordPress website. Not really sure how many people would be interested in that? But it seemed like a good thing.

Any direction, help, or examples you can throw my way would be great! Even if that’s just a good recommendation for books or courses on understanding all this elliptic curve stuff!

Thanks!

Oh, p.s. @brianoflondo thanks again for showing your work online, it’s been very helpful, very much appreciate it.