[Ethereum] Sign message with Metamask and verify with ethereumjs-utils

ethereumjsmetamask

Client side:

web3.eth.sign(address, hash); // generates signature

Server side:

const ethutils = require('ethereumjs-util');

const extractAddress = function(signature, hash){ //signature and hash from the client side
  const o = ethutils.fromRpcSig(signature);
  const hashBuffer = ethutils.toBuffer(hash);
  const publicKeyBuffer = ethutils.ecrecover(hashBuffer, o.v, o.r, o.s);
  const publicKeyHex = ethutils.bufferToHex(publicKeyBuffer);
  const addressBuffer = ethutils.pubToAddress(publicKeyHex);
  const addressHex = ethutils.bufferToHex(addressBuffer);
  return addressHex;
}

Addresses don't match. The code worked before (a couple of months ago).

Relevant discussions https://github.com/ethereumjs/ethereumjs-util/pull/67

Best Answer

Old issue, but this worked for me. I'm using web3@0.20.3.

1. With personal_sign (recommended)

Client side:

web3.personal.sign(web3.fromUtf8("dinosaur"), web3.eth.coinbase, console.log);

Server side:

const msg = 'dinosaur';

const msgBuffer = ethereumJsUtil.toBuffer(msg);
const msgHash = ethereumJsUtil.hashPersonalMessage(msgBuffer);
const signatureBuffer = ethereumJsUtil.toBuffer(signature);
const signatureParams = ethereumJsUtil.fromRpcSig(signatureBuffer);
const publicKey = ethereumJsUtil.ecrecover(
  msgHash,
  signatureParams.v,
  signatureParams.r,
  signatureParams.s
);
const addressBuffer = ethereumJsUtil.publicToAddress(publicKey);
const address = ethereumJsUtil.bufferToHex(addressBuffer);

console.log(address); // Prints my initial web3.eth.coinbase

2. With eth_sign

Client side:

web3.eth.sign(web3.eth.coinbase, web3.sha3("dinosaur"), console.log);

Server side:

const msg = 'dinosaur';

const msgHash = ethereumJsUtil.sha3(msg);
// The rest is the same as above
const signatureBuffer = ethereumJsUtil.toBuffer(signature);
const signatureParams = ethereumJsUtil.fromRpcSig(signatureBuffer);
const publicKey = ethereumJsUtil.ecrecover(
  msgHash,
  signatureParams.v,
  signatureParams.r,
  signatureParams.s
);
const addressBuffer = ethereumJsUtil.publicToAddress(publicKey);
const address = ethereumJsUtil.bufferToHex(addressBuffer);

console.log(address); // Prints my initial web3.eth.coinbase

Related Solutions

Ethereumjs-utils – Getting an Address Using ethereumjs-utils ecrecover

ecrecover returns public key, you need to convert it to address with pubToAddress.

pub     = ethJsUtil.ecrecover(msg, v, r, s);
addrBuf = ethJsUtil.pubToAddress(pub);
addr    = ethJsUtil.bufferToHex(addrBuf);

Also, you can use fromRpcSig to get v, r, s

sig = web3.eth.sign(myAccount,msg)
res = ethJsUtil.fromRpcSig(sig)
pub = ethJsUtil.ecrecover(msg, res.v, res.r, res.s);

Please note that web3.eth.sign adds prefix to the message before signing it (see JSON-RPC spec).

Here is how to add it manually:

const util = require('ethereumjs-util')

const msg = new Buffer('hello');
const sig = web3.eth.sign(web3.eth.accounts[0], '0x' + msg.toString('hex'));
const res = util.fromRpcSig(sig);

const prefix = new Buffer("\x19Ethereum Signed Message:\n");
const prefixedMsg = util.sha3(
  Buffer.concat([prefix, new Buffer(String(msg.length)), msg])
);

const pubKey  = util.ecrecover(prefixedMsg, res.v, res.r, res.s);
const addrBuf = util.pubToAddress(pubKey);
const addr    = util.bufferToHex(addrBuf);

console.log(web3.eth.accounts[0],  addr);

On the other hand, testrpc (at least version 3.0.5) does not add such prefix.

Example node.js + testrpc session:

const util = require('ethereumjs-util')

const msg = web3.sha3('hello!');
const sig = web3.eth.sign(web3.eth.accounts[0], msg);
const {v, r, s} = util.fromRpcSig(sig);

const pubKey  = util.ecrecover(util.toBuffer(msg), v, r, s);
const addrBuf = util.pubToAddress(pubKey);
const addr    = util.bufferToHex(addrBuf);

console.log(web3.eth.accounts[0], addr);

[Ethereum] How to recover the address from message and signature generated with web3.personal.sign

So, after many hours, I found a solution, that works. To make it works I used method from ethereumjs-util - ecrecover. I had to add some prefixed message to signed nonce. Code looks like this:

function checkSignature(nonce, signature, res) {

  nonce = "\x19Ethereum Signed Message:\n" + nonce.length + nonce;
  nonce = util.keccak(nonce);
  const sig = signature;
  const {v, r, s} = util.fromRpcSig(sig);
  const pubKey  = util.ecrecover(util.toBuffer(nonce), v, r, s);
  const addrBuf = util.pubToAddress(pubKey);
  const addr    = util.bufferToHex(addrBuf);
  console.log(addr);

}

Best Answer

1. With personal_sign (recommended)

2. With eth_sign

Related Solutions

Ethereumjs-utils – Getting an Address Using ethereumjs-utils ecrecover

[Ethereum] How to recover the address from message and signature generated with web3.personal.sign

Related Topic