[Ethereum] MetaMask verification on a server with web3.personal.sign


How to verify MetaMask account holder is the real owner of the address?

I recently saw this post and tried it immediately, unfortunately, I am not getting the right result from the server. I think it has something to do with the hashing algorithm sha3, but I am not sure. Could anyone please update the solution? Thank you!

Best Answer

I think this is what you are asking for...

Using Web3.js 1.0 and Metamask:

Create a signature for a message:

var message = "Some string"
var hash = web3.utils.sha3(message)
var accounts = await web3.eth.getAccounts()
var signature = await web3.eth.personal.sign(hash, accounts[0])

Recover the address for a message + signature:

var hash = web3.utils.sha3(message)
var signing_address = await web3.eth.personal.ecRecover(hash, signature)

You should see that signing_address will match accounts[0] if you are using the same message and signature across the board.

Related Topic