Translations: Japanese

Session ID and Digital Signature

VerseEngine internally manages a session ID to uniquely identify connected users.

This session ID has the following characteristics:

• A different session ID is generated for each new connection (or browser reload).
• The session ID functions as a public key, enabling data signing and verification.
  • The private key is stored only in the local browser's memory.
  • The ED25519 algorithm is used for digital signatures.

By generating a signature using the session ID, it is possible to securely link communication between the external server and VerseEngine users.

Create Signature

const { player } = await VerseThree.start(...);
...
const data = ...;
const signature = player.signString(data);
await fetch('...',
  headers: {
	    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    'sessionID': player.sessionID,
    signature,
    data
  })
});

Signature Verification - Web Browser

const valid = otherPerson.verifyString(signature, data);
// or
const valid = VerseThree.verifyString(otherPerson.sessionID, signature, data);
if(!valid) { throw new Error('invalid data'); }

Signature Verification - Server (rust)

use verse_session_id::*;

...
pub fn verify_string(session_id: &str, signature: &str, data: &str) -> bool {
    let Ok(sid) = session_id.parse::<SessionId>() else {
        return false;
    };
    let Ok(ss) = signature.parse::<SignatureSet>() else {
        return false;
    };

    sid.verify(vec![data.as_bytes()], &ss).is_ok()
}

Related Links

• verse-three - Signature Creation Reference
• verse-core - Signature Creation Reference
• verse-session-id - crates.io