I need to sign a message on behalf of the owner and allow the user to deliver my signed message to the contract. I read the metamask documentation, sample signatures, and many different source code examples.
https://metamask.github.io/metamask-docs/API_Reference/Signing_Data/Personal_Sign
Eth Sign Signatures are not secure. And I don’t need such complex signatures as Sign Typed Data V3. But is it safe to use Personal_Sign? My key can't be stolen? Is it difficult to forge this signature?
Best Answer
The security concern around
eth_signis not that the signature could be forged or the key be stolen, but rather a malicious website could trick a user into signing a message that is actually a valid transaction, and use it to steal ether or tokens.personal_signprefixes the message, preventing it from being a valid transaction. Because of this, it is safer for users.