MasumiMasumi Identity SDK
npm
Get StartedGuidesAPI Reference

Signature verification

Prove an AID owns the signature it claims during A2A interactions.

These methods hit KERIA to resolve the current key state for an AID and validate Ed25519 signatures against it. They're the cryptographic primitive behind the "is this really Agent X?" question.

verifyAidSignature

Verify that a given AID signed a given message. Internally fetches the AID's latest key state from KERIA and validates the Ed25519 signature.

verifyAidSignature(params: VerifyAidSignatureParams): Promise<boolean>

Parameters

params.aidstringrequired

The AID that allegedly signed the message.

params.messagestringrequired

The exact plaintext that was signed. Must be byte-identical to what the signer signed — no whitespace, casing, or encoding differences.

params.signaturestringrequired

Base64url-encoded Ed25519 signature.

Returns

true if the signature is valid for the AID's current key state. false otherwise — either the signature is bad, the message is tampered, or the AID's keys have rotated past the signer.

This method hits KERIA on every call. For high-throughput verification, cache the key state via fetchKeyState and verify in-process.

Example

const ok = await identity.verifyAidSignature({
  aid: "EHpH79tPZoSl7VJZ7xMi3JWF4rH9wZ2ntGvKABd9N14z",
  message: "Proof-of-possession-nonce-abc123",
  signature: "AAB6f_7X...base64url",
});

if (!ok) {
  throw new Error("Signature did not match the AID's current key state");
}

Typical A2A flow

Agent B generates a fresh random nonce and sends it to Agent A.

Agent A's wallet signs the nonce with its AID's private key and sends back { aid, signature }.

Agent B calls verifyAidSignature({ aid, message: nonce, signature }). If it returns true, Agent A provably controls the AID right now.

fetchKeyState

Fetch current key state for an AID directly from KERIA. Use this when you want to verify multiple signatures against the same AID without repeating network calls, or when you need access to key material for a custom verification flow.

fetchKeyState(aid: string): Promise<AidKeyState>

Returns

An AidKeyState whose k field holds the current active public key (base64url-encoded Ed25519).

Example

const keyState = await identity.fetchKeyState(aid);
console.log("Current active key:", keyState.k);

Multi-sig AIDs expose multiple keys; this SDK currently surfaces only the first one.

Verifiable Credentials

Issue, fetch, validate, and format ACDC credentials.

Utilities

Pure helper functions for working with credentials — no network, no client needed.

On this page

verifyAidSignature
Parameters
Returns
Example
Typical A2A flow
fetchKeyState
Returns
Example