1

If you were writing some instructions and one of them was:

Provide the Ethereum ECDSA signature of the file using the person's Ethereum address.

Would the above instruction have a consistent meaning (i.e. always produces the same output for a given file and address)? I ask because there appears to be subtly different implementations.

If not, what wording could you use to give it a consistent meaning? Perhaps with reference to EIPs...

Lee
  • 8,548
  • 6
  • 46
  • 80
  • https://medium.com/dac-technology-blog/ethereum-signatures-and-transactions-using-a-hardware-wallet-10a88f344caf – Lee Jul 09 '20 at 15:03
  • 1
    Until I can write a better answer, that Medium article has a big hole by not describing the prefix "\x19Ethereum Signed Message" (EIP 191). The prefix is critical, for example https://github.com/ethers-io/ethers.js/issues/555 Ethereum users should not be signing anything without the prefix. – eth Jul 12 '20 at 10:06
  • https://github.com/danfinlay/js-eth-personal-sign-examples/blob/master/index.js – Lee Jul 24 '20 at 20:26

1 Answers1

1

I used:

Provide the prefixed Ethereum ECDSA signature* of the hex encoded file using the person's Ethereum address.

*As per sign(keccak256("\x19Ethereum Signed Message:\n" + dataToSign.length + dataToSign))) (e.g. web3.personal.sign)

I think just using "Ethereum ECDSA signature" leaves ambiguity between above and the un-prefixed signature which is considered risky (for reasons I'm unsure of atm).

Lee
  • 8,548
  • 6
  • 46
  • 80
  • 1
    Yes, those additional details you provided is much better. Also, welcome back! (Did not recognize your username immediately.) – eth Aug 11 '20 at 01:53