0

I have a frontend web application that creates a message and asks the user to sign it via, for example, metamask.

The user signs the message and now I have a signed message hash.

  • Is there a common/correct workflow to check this message signature from a backend service ? (like php/node/python)
  • It is possible to validate the signature by calling a contract that uses ecrecover(hash, v, r, s); , but is this the correct approach ? call from the backend a deployed contract that validates it ?
Stormsson
  • 379
  • 1
  • 13
  • the etherjs or web3js libraries has such methods. No calling smart contract to do that is not needed and also wrong because it will cost more time( it is async) and it could fail if the connection to blockchain is not working – Majd TL Oct 15 '21 at 14:09
  • Thank you @MajdTL I honestly didn't find it in ethers documentation before you pointed it... if you write the answer i'll mark it as solved – Stormsson Oct 15 '21 at 16:27
  • can u give an example of the raw message, the singed message and the private key and public key of the signer – Majd TL Oct 15 '21 at 18:09
  • Take also look here https://docs.ethers.io/v5/api/utils/signing-key/#utils-recoverPublicKey – Majd TL Oct 15 '21 at 18:11
  • @MajdTL why all those data? I'm using https://ethereum.stackexchange.com/questions/1777/workflow-on-signing-a-string-with-private-key-followed-by-signature-verificatio as a reference for the frontend part, so I would expect to do something similar in the backend ? – Stormsson Oct 17 '21 at 08:17
  • so I can see if I can’t write a script example for u. To sign u need raw message and private key and to verify u need a signed message and the public key of the signer – Majd TL Oct 17 '21 at 08:36
  • Sorry for being late; I don't need to sign a message on the server side, I just need to verify that a signed message is really signed by a specific address so you actualy answererd with the first comment: I should be able to use on the server side ethers.utils.verifyMessage(message,signature) – Stormsson Oct 19 '21 at 08:42
  • yes, this method will give you the address of the signer. – Majd TL Oct 19 '21 at 10:57

0 Answers0