We have an API that verifies and off-chain signature using the Solana CLI. It runs the following command:
solana verify-offchain-signature #{message} #{signature} --signer #{public_key}Our test suite generates a signature using the Solana CLI like so:
solana sign-offchain-message #{message} -k #{private_key_path}=> <SIGNATURE>And everything works as expected.
Our client application is a Flutter app in which we use the solana package https://pub.dev/packages/solana. The package specifically calls out supporting the following:
- Transaction encoding and signing.
- Building and signing offline transactions, as well as convenience methods to sign and send the transaction. Also, the ability to listen for a status change on a given signature. The latter can be used to wait for a transaction to be in the confirmed or finalized state.
Our code is essentially:
Future<String> signMessage(User user, String message) async { final message = "message"; final keypair = await Ed25519HDKeyPair.fromMnemonic(user.mnemonic); final signature = await keypair.sign(message.codeUnits); return signature.toBase58();}While there is no errors in the client app, every signature send to our server is considered invalid. We've verified parity between all the inputs and variables.
Is there a known difference in the message signing between these different packages? We're a bit confused on how to proceed here and whether we'll need to invest in developing our own package for handling offchain message signing.