Translations: Japanese
Session ID and Digital Signature
VerseEngine internally manages a session ID to uniquely identify connected users.
This session ID has the following characteristics:
- A different session ID is generated for each new connection (or browser reload).
- The session ID functions as a public key, enabling data signing and verification.
- The private key is stored only in the local browser's memory.
- The ED25519 algorithm is used for digital signatures.
By generating a signature using the session ID, it is possible to securely link communication between the external server and VerseEngine users.
Create Signature
const { player } = await VerseThree.start(...);
...
const data = ...;
const signature = player.signString(data);
await fetch('...',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
'sessionID': player.sessionID,
signature,
data
})
});
Signature Verification - Web Browser
const valid = otherPerson.verifyString(signature, data);
// or
const valid = VerseThree.verifyString(otherPerson.sessionID, signature, data);
if(!valid) { throw new Error('invalid data'); }
Signature Verification - Server (rust)
use verse_session_id::*;
...
pub fn verify_string(session_id: &str, signature: &str, data: &str) -> bool {
let Ok(sid) = session_id.parse::<SessionId>() else {
return false;
};
let Ok(ss) = signature.parse::<SignatureSet>() else {
return false;
};
sid.verify(vec![data.as_bytes()], &ss).is_ok()
}