"Signature does not belong to issuer" error

I am using a ceramic client instance using “https://ceramic-clay.3boxlabs.com” gateway as follows:

const ceramic = new CeramicClient(“https://ceramic-clay.3boxlabs.com”);

When I create new account in Metamask and authenticate it with ceramic, and then try to add information in Ceramic Network using datastore.set, it throws an error:

Error: HTTP request to ‘https://ceramic-clay.3boxlabs.com/api/v0/commits’ failed with status ‘Internal Server Error’: {“error”:"Can not verify signature for commit : Signature does not belong to issuer

Does anybody know what could be the reason? I could provide you more details if needed.

Thanks in advance!

Hi @Eloy, welcome to the forum.

@ukstv has been looking into this, please stay tuned for updates.

1 Like

Few weeks ago we recognised that SIWE prompt cacao library uses is not really compatible with EIP-4361 “Sign in with Ethereum”. We made it compatible. The change is “Chain ID” field in the signed string (see “Example message” in EIP-4361: Sign-In with Ethereum). It should be after “Version” field, as per standard. We had set the threshold date for the change. CACAOs generated after certain date (2022-09-20) are expected to comply with EIP-4361. CACAOs generated before the date are treated as they can be both in “new”=EIP-4361 and “old” (erroneous) format. Now, after the threshold date the UI part asks the user to sign the old erroneous format. The error from the server is a result of enforcing a fully EIP-4361 compliant SIWE message. If you upgrade ceramic-cacao library on UI (as part of dids package or otherwise), it should stop the errors.

UPD: Make sure your node also uses latest ceramic-cacao (1.4.0 at the time of the writing).

The expectation was that one month is enough for everyone to upgrade, so that the change goes unnoticed. Yet, apparently, one month is not enough for an upgrade path.

So, please, make sure you use the latest ceramic-cacao library.

1 Like

Hello Sergey, thanks for the reply and all the information!

So I updated ceramic-cacao to 1.4.0 and dids to 3.3.0, but still having same issue.

I could provide you the different versions that I have installed for ceramic:
@ceramicnetwork/blockchain-utils-linking”: “2.0.11”,
@ceramicnetwork/http-client”: “2.3.4”,
“did-session”: “^0.1.1”,
“dids”: “3.3.0”,
“key-did-provider-ed25519”: “^2.0.1”,
“key-did-resolver”: “2.1.1”,
“ceramic-cacao”: “1.4.0”,
@glazed/datamodel”: “0.3.1”,
@glazed/did-datastore”: “0.3.2”,
@glazed/did-session”: “^0.1.1”,
@glazed/tile-loader”: “0.2.1”,
@ceramicnetwork/stream-tile”: “2.4.3”,

I am using DIDSession and EthereumAuthProvider, just in case this information was useful, and the error only happens when I try to set information in the datastore:

datastore.set(“definitionName”, {record: …});

Thanks again!

Let me guess. Despite all of that, the package manager (in yarn.lock, package-lock.json, or ppm-lock.yaml) still uses old ceramic-cacao.

1 Like

If that is the case, please, make your package manager hoist the latest version, maybe by removing the lockfile.

Ding ding ding! You were right! That was the issue.

Working now!

Thanks a lot!

I am still getting the error. I removed yarn.lock and node_modules then reinstalled packages. Here are the versions I am using:

  "@3id/did-provider": "^0.4.1",
  "@ceramicnetwork/3id-did-resolver": "^2.1.7",
  "@ceramicnetwork/http-client": "^2.3.4",
  "@composedb/cli": "^0.2.4",
  "@glazed/cli": "^0.2.2",
  "@glazed/did-session": "^0.1.1",

I confirmed creating a composite is working with threeID with a secret, but when I use DIDSession with EthereumAuthProvider, the ‘Signature does not belong to issuer’ error occurs.

I dont know if this could work, but use did-session, installing it by using:
yarn add did-session, and import that one, not @glazed/did-session. I realized that these are kind of different packages

After replacing @glazed/did-session with did-session and refactoring the DIDSession.authorize function, I’m now receiving this error when calling createComposite():

Capability does not have appropriate permissions to update this Stream

This issue has not been resolved for me after following the instructions to the best of my ability. I have installed and updated every relevant package as a sanity check. The only version of ceramic-cacao in my yarn.lock is ^1.4.0

“dependencies”: {
@ceramicnetwork/3id-did-resolver”: “2.1.8”,
@ceramicnetwork/blockchain-utils-linking”: “2.0.12”,
@ceramicnetwork/blockchain-utils-validation”: “2.0.13”,
@ceramicnetwork/common”: “2.7.0”,
@ceramicnetwork/core”: “2.10.0”,
@ceramicnetwork/http-client”: “2.4.0”,
@ceramicnetwork/stream-caip10-link”: “2.2.4”,
@ceramicnetwork/stream-caip10-link-handler”: “2.1.5”,
@ceramicnetwork/stream-model”: “0.6.0”,
@ceramicnetwork/stream-model-handler”: “0.6.0”,
@ceramicnetwork/stream-model-instance”: “0.4.2”,
@ceramicnetwork/stream-model-instance-handler”: “0.7.0”,
@ceramicnetwork/stream-tile”: “2.4.4”,
@ceramicnetwork/stream-tile-handler”: “2.2.8”,
@ceramicnetwork/streamid”: “2.3.4”,
“ceramic-cacao”: “^1.4.0”,
“cids”: “^1.1.9”,
“did-session”: “^0.1.3”,
“dids”: “^3.3.1”,
“key-did-provider-ed25519”: “^2.0.1”,
“key-did-resolver”: “^2.1.0”,
“pkh-did-resolver”: “1.0.9”,
},

I’ve cleared my next.js cache for a fresh compile, cleared my browser cache, cleared active logins, and logged in fresh with the updated packages installed. I still receive the error.

Is there any other relevant information that can be shared to help me debug this?

Solved it by updating my ceramic node with the updated version of @ceramicnetwork/cli@2.7.0

Users who are running the daemon from the cli probably need to update this as well, not just the UI as indicated in "Signature does not belong to issuer" error - #3 by ukstv

3 Likes