A signature helps us to verify that a piece of data was signed by a specific wallet account. There are two types of signatures used in Gluwa API:
Address Signature
Transaction Signature
Address Signature
Address signature is used to verify the ownership of a cryptocurrency (e.g., Bitcoin or Ethereum) wallet. A cryptocurrency wallet is a set of a private key and a public key. To generate a signature, you sign a message (or a piece of data) with your private key, and then anyone with your public key can verify the integrity of your signature. To prevent the same signature used over and over again, our APIs mandates the users to use Unix timestamp as the message. The server will check if the timestamp was created no more than 10 minutes ago, and if it has been over 10 minutes, it will deny the request.
Generating Address Signature for Gluwacoins (USD-G, KRW-G, NGN-G)
Since Gluwacoins, such as USD-G, KRW-G and NGN-G, are ERC20 tokens, you can sign a message just like you would on any Ethereum based address. There are libraries out there that can help you create signatures. Some examples include:
var Web3 =require('web3');...// replace with your own message and privakeyvar message ="1587674497";var privateKey ="0x18cffe0cd4eb63809d0e55ed8dd1aa29e3ac660088e82f7a82977c458f334d8b";var web3 =newWeb3(Web3.givenProvider);var obj =web3.eth.accounts.sign(message , privateKey);// signature: 0x96322ca1b963c98e33fe1296b504d3c7adfcfd4e8473bf92f6ee24b560497d16390404a4f9f241d9efdd02cf1fea79d0ebf45d4aa2ef47a4c97fa06750e242301cvar signature =obj.signature;
usingNethereum.Signer;...// replace with your own message and privakeystring message ="1587674497";string privateKey ="0x18cffe0cd4eb63809d0e55ed8dd1aa29e3ac660088e82f7a82977c458f334d8b";EthereumMessageSigner signer =newEthereumMessageSigner();// signature: 0x96322ca1b963c98e33fe1296b504d3c7adfcfd4e8473bf92f6ee24b560497d16390404a4f9f241d9efdd02cf1fea79d0ebf45d4aa2ef47a4c97fa06750e242301cstring signature =signer.EncodeUTF8AndSign(message,newEthECKey(privateKey));
In production environment, your private key should never be hard coded like above. Private keys must be kept secret and be handled with utmost care.
Generating Address Signature for Bitcoin
There are unofficial Bitcoin libraries you can use to create the signature. Some examples include:
var bitcoin =require('bitcoinjs-lib');var bitcoinMessage =require('bitcoinjs-message');...// replace with your own message and privakeyvar network =bitcoin.networks.bitcoin;var message ="1587674497";var privateKeyString ="KwJfd6xHiqtEFBawy8tKPyJ9TFKQCqHpMr8DQVJ9LbUBj21jqFjE";var keyPair =bitcoin.ECPair.fromWIF(privateKeyString, network);var privateKey =keyPair.privateKey;// signature: H8Gc4g7/X+JsHZyV/qjQSMg9ivoopMztzx9efeV+a+eAJ7Y45OnEi3qmhVWaL743jofge4gQVapzAVsHFSSpBSk=var signature = bitcoinMessage.sign(message, privateKey,keyPair.compressed).toString('base64');
usingNBitcoin;...// replace with your own message and privakeystring message ="1587674497";string privateKey ="KwJfd6xHiqtEFBawy8tKPyJ9TFKQCqHpMr8DQVJ9LbUBj21jqFjE";BitcoinSecret secret =Network.Main.CreateBitcoinSecret(privateKey);// signature: H1iG0zN+TmigcsHDUw2XQo0Wd0LKXbDVG8yr104I0g64cB1kq6WUPKUiI1oNc9Uo9hCRFlfZ3UcALJZNCSy1ZjY=string signature =secret.PrivateKey.SignMessage(message);// OR you don't have to force low R. Both format is accepted// signature: H8Gc4g7/X+JsHZyV/qjQSMg9ivoopMztzx9efeV+a+eAJ7Y45OnEi3qmhVWaL743jofge4gQVapzAVsHFSSpBSk=signature =secret.PrivateKey.SignMessage(Encoding.UTF8.GetBytes(message),false);
Transaction Signature
To create a transaction, you must create a signature of the transfer information so that Gluwa can submit it to the blockchain as a proof-of-intention. Think of signature as a signed contract. You send the contract to Gluwa to submit it to the blockchain for you. The authority (Gluwacoin smart contract or Bitcoin blockchain in this case) can verify that the information in the contract is genuine with your signature.
Generating Transaction Signature for Gluwacoins (USD-G, KRW-G, NGN-G)
Gluwacoin is an ERC-20 token. Users can transfer Gluwacoin as they would transfer any other ERC-20 token. To move tokens on the blockchain, you would normally have to spend Ether to cover the gas for the transaction. However, Gluwacoin allows you to move the coins by paying gas in Gluwacoin instead of Ether. We call this ETHless transfer.
You are going to need the contract addresses to make a transaction signature. Use the following addresses.
Note that when you generate the transaction signature, you must multiply the amount and the fee by 10^18 (1,000,000,000,000,000,000). For example, if you want to transfer 10 USD-G, the value for the amount when you create transaction signature must be 10,000,000,000,000,000,000. However, the amount in the transaction request body must be 10.
Generating Transaction Signature for Bitcoin
Create and sign Bitcoin transaction like you normally would. You can use well known libraries like BitcoinJS or NBitcoin.
var bitcoin =require('bitcoinjs-lib');var bitcoinMessage =require('bitcoinjs-message');...var btcToSatoshi =100000000;// replace the values below with your own valuesvar network =bitcoin.networks.bitcoin;var sourceAddressString ="12koEsMzrdxuZ71ATU1a5jgZyUYtf3debA";var sourceAddressPrivateKey ="KwJfd6xHiqtEFBawy8tKPyJ9TFKQCqHpMr8DQVJ9LbUBj21jqFjE";var targetAddressString ="14NYL22gWLrVPEdjM6W5oJXcWyu496kZCQ";var amountToSend =0.001;var fee =0.00006;var previousTxnHash ="e52fd66f35c48e690d8caada1a881ebb11912c479783f51f839a8827a9afcad4";var unspentOutputAmount =0.03800757;var unspentOutputIndex =1;var keyPair =bitcoin.ECPair.fromWIF(sourceAddressPrivateKey, network);var txnBuilder =newbitcoin.TransactionBuilder(network);txnBuilder.addInput(previousTxnHash, unspentOutputIndex);txnBuilder.addOutput(sourceAddressString, (unspentOutputAmount - amountToSend - fee) * btcToSatoshi);txnBuilder.addOutput(targetAddressString, amountToSend * btcToSatoshi);txnBuilder.sign(0, keyPair);var txn =txnBuilder.build();// signature: 0200000001d4caafa927889a831ff58397472c9111bb1e881adaaa8c0d698ec4356fd62fe5010000006b483045022100f5e8970b5cb154e96d5696f8fa2c36fabb3e86caf2cd681490448b38403ee92b0220797a0f61f869173d4dbf65894b772cb953349defe2b6275872f0a0b3bc01b86a0121034274d104b6d68ebf109ae3cd35cd53e8b8cd359bedf5598a92033292ae7f76a4ffffffff02a5603800000000001976a91413409c509b056480b21e54d0c5d2b87965eff65188aca0860100000000001976a91424fb438587b31ffd7612f4fbf6d67e21f4bb3ec788ac00000000
var signature =txn.toHex();
Note that the above is just an example. The number of inputs and outputs may differ for each transaction so you may have to rearrange inputs and outputs accordingly.
Reserve Signature
When a market consumer and a market provider agree to exchange currencies, they need to lock the amount that they promised to send to each other so that those funds are available when the exchange actually happens. This process is called “Reserving.”
Since we don’t save the private keys of any user in our system, the user has to give us the txn signature for the reserving funds. There are two types of reservation: