1

I want to check the TON proof using php. Following the documentation, I see the verification scheme:

message = utf8_encode("ton-proof-item-v2/") ++ 
          Address ++
          AppDomain ++
          Timestamp ++  
          Payload 
signature = Ed25519Sign(privkey, sha256(0xffff ++ utf8_encode("ton-connect") ++ sha256(message)))

where:

  • Address is the wallet address encoded as a sequence:
    • workchain: 32-bit signed integer big endian;
    • hash: 256-bit unsigned integer big endian;
  • AppDomain is Length ++ EncodedDomainName
    • Length is 32-bit value of utf-8 encoded app domain name length in bytes
    • EncodedDomainName id Length-byte utf-8 encoded app domain name
  • Timestamp 64-bit unix epoch time of the signing operation
  • Payload is a variable-length binary string.

I do this:

$pubKey = "05264d80c7ad5a953cf56cdecf68ec******";
        $address = "0:312ed56825e7455a7948c34677e418e6c371d263c0fd7*****";
        $payload = "d0143e296879ed8f0000000064e328d8d751ea7c3c44827c8b6fcd5c83efcbfa";
        $domainLengthBytes = 21;
        $domainValue = "ton-connect.github.io";
        $timestamp = 1692608455;
        $message = utf8_encode("ton-proof-item-v2/").$address.$domainLengthBytes.$domainValue.$timestamp.$payload;
        $signature = sodium_crypto_sign_detached($message,$pubKey);
        print_r($message);

But I get the wrong signature. How can I do this in php?

Anton Bogomolov
  • 79
  • 3
  • 10
  • 1
    I would say the message is not the same. The PHP composing looks different. For example adding the `$domainLengthBytes` would add the string '21' and not a 32-bit integer. – Markus Zeller Aug 21 '23 at 11:19

0 Answers0