aip-identity

Instructions

Implementation Reference

• aip_mcp_server/server.py:138-177 (handler)

  The implementation of the `aip_verify_signature` tool, which verifies a signature using either `pynacl` or `cryptography` libraries after fetching the public key from the identity service.

  @mcp.tool()
  def aip_verify_signature(content: str, signature: str, did: str) -> dict:
      """Verify a cryptographic signature against a DID's public key.
  
      Args:
          content: The original content that was signed
          signature: The base64-encoded signature to verify
          did: The DID of the agent who allegedly signed it
      """
      import requests
  
      client = _load_client()
      # Fetch the signer's public key
      resp = requests.get(f"{client.service_url}/admin/registrations/{did}", timeout=10)
      if not resp.ok:
          return {"verified": False, "error": f"Could not find DID: {did}"}
  
      pub_key_b64 = resp.json()["registration"]["public_key"]
  
      try:
          from nacl.signing import VerifyKey
  
          vk = VerifyKey(base64.b64decode(pub_key_b64))
          sig_bytes = base64.b64decode(signature)
          vk.verify(content.encode(), sig_bytes)
          return {"verified": True, "did": did, "content": content}
      except ImportError:
          try:
              from cryptography.hazmat.primitives.asymmetric.ed25519 import (
                  Ed25519PublicKey,
              )
  
              pk = Ed25519PublicKey.from_public_bytes(base64.b64decode(pub_key_b64))
              pk.verify(base64.b64decode(signature), content.encode())
              return {"verified": True, "did": did, "content": content}
          except ImportError:
              return {"verified": False, "error": "No crypto library available (install pynacl or cryptography)"}
      except Exception as e:
          return {"verified": False, "error": str(e)}