[英]web3j - Get transaction details (amount, gas price, gas limit) from signed transaction
I have a frontend in javascript and a backend in Java. 我在javascript中有一个前端,在Java中有一个后端。 I let the user sign a raw transaction with his private key in the frontend with web3js.
我让用户使用web3js在前端使用其私钥签署原始交易。 Afterwards the signed transaction is returned to the Java backend and the backend broadcasts the transaction via a parity instance.
之后,已签名的事务将返回到Java后端,并且后端通过奇偶校验实例广播该事务。
My question: I am afraid of hackers, who can manipulate the raw transaction within their browser in javascript, before signing it. 我的问题:我怕黑客在签名之前可以在浏览器中使用javascript操纵原始交易。 In this way they could change the amount that is being sent.
这样,他们可以更改发送的金额。 Is there a way to extract the amount which will be sent from a signed transaction with web3j?
有没有办法提取将使用web3j从已签名的交易中发送的金额? If yes, I could check that value again before broadcasting the signed transaction.
如果是,我可以在广播已签名的交易之前再次检查该值。
BTW: If its important somehow, it is a token transaction, not an ETH transaction. 顺便说一句:如果它很重要,那是令牌交易,而不是ETH交易。
Thanks! 谢谢!
Well this requires a bit of cryptography understanding. 好吧,这需要对密码学有所了解。
In private / public key pair cryptography, "signing" is basically the only case where you encrypt with the private key and you decrypt with the pub key. 在私钥/公钥对加密中,“签名”基本上是唯一使用私钥加密并使用pub密钥解密的情况。 If you manage to decrypt it means the signature is valid because whoever that pub key belongs too, it's definitely who signed the content.
如果您设法解密,则意味着签名是有效的,因为该发布密钥也属于谁,肯定是对内容进行签名的人。
So, if you have the pub key you can decrypt a "signed" transaction. 因此,如果您具有发布密钥,则可以解密“签名”交易。
Now, if you are worried about hackers and security, holding keys on the client side and in memory is not good practice. 现在,如果您担心黑客和安全性,那么在客户端和内存中持有密钥并不是一个好习惯。 So if this is a serious project you might want to revisit your approach.
因此,如果这是一个认真的项目,则可能需要重新考虑您的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.