[Feature Request] Need a well-packaged method to verify message signatures

[alex4506]

🚀 Feature Request Description

A need for a well-packaged method or other mechanism to better verify signatures when only the public key is available.

Motivation

During the user login process, the API service relies on wallet signatures to verify the validity of addresses, but currently there is no good method to do this easily.

Although the SDK provides a method for instantiating PublicKey, It needs to know the wallet type first in order to call the correct method.(Ed25519 or Keyless).

Moreover, from a developer experience perspective, it would be best if one could perform verification directly without having to worry about the wallet type.

[gregnazario]

@cursoragent can you fix this

[cursor]

All tasks complete. Here's a summary of what was implemented:

Implemented verifySignature and verifySignatureAsync utility functions (PR #860) to address issue #641.

• verifySignature({ message, signature, publicKey }) -- synchronous verification that works with any non-Keyless public key type (Ed25519, Secp256k1, MultiEd25519, MultiKey). When an AnyPublicKey is passed with a raw inner signature, it automatically wraps it in AnySignature. Throws a clear error if a Keyless key is passed, directing the user to verifySignatureAsync.

• verifySignatureAsync({ aptosConfig, message, signature, publicKey }) -- async verification supporting all key types, including Keyless and FederatedKeyless which require network state lookups.

• 12 unit tests covering Ed25519 (legacy + SingleKey), Secp256k1, MultiEd25519, MultiKey, auto-wrapping of raw signatures, invalid signature rejection, and wrong-message rejection. All 458 unit tests pass, along with the existing e2e async signature verification tests.

• Build (pnpm build), lint (pnpm check), and format (pnpm fmt) all pass cleanly.