SignatureVerificationStrategy
Overview
The SignatureVerificationStrategy
validates Arweave transaction signatures to ensure data authenticity and ownership. This strategy provides cryptographic proof that the data was created by the claimed wallet address and hasn't been tampered with since signing.
Verification methods require that the gateway being used has the relevant transaction data indexed locally. Gateways cannot proxy out verification requests to other sources, as this would compromise the security and reliability of the verification process. If a gateway doesn't have the required data indexed, verification will fail.
How It Works
- Fetch Metadata: Retrieve transaction metadata from trusted gateways
- Reconstruct Signature Data: Build the signature data using the received content
- Verify Signature: Validate the signature matches the claimed owner's public key
- Check Ownership: Confirm the transaction was signed by the claimed wallet
- Result: Pass or fail based on signature validation
Configuration
Basic Usage
import { SignatureVerificationStrategy } from '@ar.io/wayfinder-core'
const strategy = new SignatureVerificationStrategy({
trustedGateways: [new URL('https://arweave.net')],
})
Advanced Configuration
const strategy = new SignatureVerificationStrategy({
trustedGateways: [
new URL('https://arweave.net'),
new URL('https://permagate.io'),
],
maxConcurrency: 2, // Process multiple requests concurrently
logger: customLogger, // Optional custom logger
})
Parameters
Parameter | Type | Default | Description |
---|---|---|---|
trustedGateways | URL[] | Required | Array of trusted gateway URLs for transaction metadata |
maxConcurrency | number | 1 | Maximum number of concurrent requests to gateways |
logger | Logger | defaultLogger | Custom logger instance for debugging |
classifier | DataClassifier | GqlClassifier | Data classifier to determine transaction type (ANS-104 vs regular) |
Integration Examples
With Wayfinder
import { Wayfinder, SignatureVerificationStrategy } from '@ar.io/wayfinder-core'
const wayfinder = new Wayfinder({
gatewaysProvider: gatewaysProvider,
verificationSettings: {
enabled: true,
strategy: new SignatureVerificationStrategy({
trustedGateways: [new URL('https://arweave.net')],
}),
strict: true,
},
})
// Verification happens automatically
const response = await wayfinder.request('ar://transaction-id')
const data = await response.text()
With Event Monitoring
const wayfinder = new Wayfinder({
gatewaysProvider: gatewaysProvider,
verificationSettings: {
enabled: true,
strategy: new SignatureVerificationStrategy({
trustedGateways: [new URL('https://arweave.net')],
}),
events: {
onVerificationSucceeded: (event) => {
console.log('✅ Signature verification passed:', {
txId: event.txId,
})
},
onVerificationFailed: (error) => {
console.error('❌ Signature verification failed:', {
error: error.message,
})
},
},
},
})
Standalone Usage
const strategy = new SignatureVerificationStrategy({
trustedGateways: [new URL('https://arweave.net')],
})
// Manual verification
try {
await strategy.verifyData({
data: dataBuffer,
txId: 'transaction-id',
})
console.log('Signature verification passed!')
} catch (error) {
console.error('Signature verification failed:', error.message)
}
Data Types Supported
The SignatureVerificationStrategy automatically handles two types of Arweave data:
ANS-104 Data Items
- Bundled transactions (data items within bundles)
- Uses ANS-104 signature verification
- Supports nested data items
Regular Transactions
- Standard Arweave transactions
- Uses traditional Arweave signature verification
- Direct transaction signatures
The strategy automatically classifies the transaction type and applies the appropriate verification method.
Use Cases
Content Authentication
Verify that content was created by a specific wallet:
const strategy = new SignatureVerificationStrategy({
trustedGateways: [new URL('https://arweave.net')],
})
const wayfinder = new Wayfinder({
gatewaysProvider: gatewaysProvider,
verificationSettings: {
enabled: true,
strategy,
strict: true, // Block unverified content
},
})
Document Integrity
Verify legal or important documents:
const strategy = new SignatureVerificationStrategy({
trustedGateways: [
new URL('https://arweave.net'),
new URL('https://permagate.io'),
],
maxConcurrency: 2, // Use multiple gateways for reliability
})
Development vs Production
// Development - single gateway, more logging
const devStrategy = new SignatureVerificationStrategy({
trustedGateways: [new URL('https://arweave.net')],
logger: debugLogger,
})
// Production - multiple gateways for reliability
const prodStrategy = new SignatureVerificationStrategy({
trustedGateways: [
new URL('https://arweave.net'),
new URL('https://permagate.io'),
],
maxConcurrency: 2,
})
Best Practices
- Use Multiple Trusted Gateways: Increases reliability for transaction metadata
- Set Appropriate Concurrency: Balance between performance and gateway load
- Monitor Verification Events: Track success rates and failure reasons
- Handle Network Failures: Implement proper error handling for gateway requests
- Validate Transaction Format: Ensure transaction metadata is well-formed
- Use Reputable Gateways: Choose gateways with reliable transaction indexing
Comparison with Other Strategies
Aspect | Signature Verification | Hash Verification | Data Root Verification |
---|---|---|---|
Security | Very High | High | Highest |
Performance | Fast | Fastest | Slower |
Complexity | Medium | Low | High |
Network Overhead | Medium | Low | High |
Ownership Verification | ✅ Yes | ❌ No | ❌ No |
Best For | Financial or legal documents | High-throughput applications | Production applications |
The SignatureVerificationStrategy
is ideal when you need to verify not just data integrity, but also the authenticity and ownership of the content. It provides cryptographic proof that the content was actually signed by the claimed wallet address.