Web3js Signature – web3.eth.sign Not Returning Valid Signature

ecrecoverethereumjsgo-ethereumparitysignature

EDIT: Problem Solved; working example of login below

I use the sha3 of a message I want to sign with eth.sign
m = web3.sha3("Please work.")

I then runeth.sign(eth.coinbase, m)

And it returns me: 0x1c28d6720234343026c24718728cf0c251b0d09c87c32a6e380396a3360065290d0e7ec99a48e547e36645cecc11fd8d09742955c3d16c32eb75d9b24dd158d754

Theoretically, I would be able to derive the validity of the signature from this.

r = 0x1c28d6720234343026c24718728cf0c251b0d09c87c32a6e380396a336006529

s = 0x0d0e7ec99a48e547e36645cecc11fd8d09742955c3d16c32eb75d9b24dd158d7

v = 54?! ( I was under the impression this would be a 0 or 1. For ecrecover I tried 27 and 28 )

Now I plug these into ecrecover(m, v, r, s) and I get…

With 27: 0x8c6c953abf2957f7fec4c689f8fe2ff09b81b245

With 28: 0xb8feaa9b9bfd7f10caefdc6d7baa1f74c37cedef

What in the world is going on? I'm trying to implement a login for my application using web3 and this is a major roadblock. I'm hoping you geniuses can correct me where I'm wrong.

Thanks.

Best Answer

I came across the answer myself, See working code below. I was following this guide which I would not recommend!.

I was also using parity in geth mode to sign the data, which I also would not recommend. Switching to plain old geth RPC gave me more sane results.

That being said, beware of v!. There is a bug between implementations of geth which will return either 00/01 or 1b/1c for v. I solved my problem by using ethereumjs-util's fromRpcSig method, which accounts for the bug. If the following doesn't work try importing web3 and using its sha3 method with ethUtils toBuffer.

Here's a complete snippet of code client side and server side which implement login:

CLIENT

function login() {
  let data = web3.sha3('hello world');
  web3.eth.sign(web3.eth.defaultAccount, data, (err, result) => {
    if (!err) {
      axios.post(url + '/login', {
        addr: web3.eth.defaultAccount,
        sig: result
      }).then((res) => {
        console.log(res);
      });

    }
  });
}

SERVER

var ethUtils = require('ethereumjs-util');

let addr = req.body.addr;
let sig = req.body.sig;

let signature = ethUtils.fromRpcSig(sig);

let data = 'hello world';

let pubKey = ethUtils.ecrecover(
  ethUtils.sha3(data),
  signature.v,
  signature.r,
  signature.s);

let foundAddr = '0x' + ethUtils.pubToAddress(pubKey).toString('hex');

if (foundAddr === addr) {
  // Hooray! The user's signature proves they are who they say they are!
} else {
  // Not authenticated successfully
}

Related Solutions

Ethereumjs-utils – Getting an Address Using ethereumjs-utils ecrecover

ecrecover returns public key, you need to convert it to address with pubToAddress.

pub     = ethJsUtil.ecrecover(msg, v, r, s);
addrBuf = ethJsUtil.pubToAddress(pub);
addr    = ethJsUtil.bufferToHex(addrBuf);

Also, you can use fromRpcSig to get v, r, s

sig = web3.eth.sign(myAccount,msg)
res = ethJsUtil.fromRpcSig(sig)
pub = ethJsUtil.ecrecover(msg, res.v, res.r, res.s);

Please note that web3.eth.sign adds prefix to the message before signing it (see JSON-RPC spec).

Here is how to add it manually:

const util = require('ethereumjs-util')

const msg = new Buffer('hello');
const sig = web3.eth.sign(web3.eth.accounts[0], '0x' + msg.toString('hex'));
const res = util.fromRpcSig(sig);

const prefix = new Buffer("\x19Ethereum Signed Message:\n");
const prefixedMsg = util.sha3(
  Buffer.concat([prefix, new Buffer(String(msg.length)), msg])
);

const pubKey  = util.ecrecover(prefixedMsg, res.v, res.r, res.s);
const addrBuf = util.pubToAddress(pubKey);
const addr    = util.bufferToHex(addrBuf);

console.log(web3.eth.accounts[0],  addr);

On the other hand, testrpc (at least version 3.0.5) does not add such prefix.

Example node.js + testrpc session:

const util = require('ethereumjs-util')

const msg = web3.sha3('hello!');
const sig = web3.eth.sign(web3.eth.accounts[0], msg);
const {v, r, s} = util.fromRpcSig(sig);

const pubKey  = util.ecrecover(util.toBuffer(msg), v, r, s);
const addrBuf = util.pubToAddress(pubKey);
const addr    = util.bufferToHex(addrBuf);

console.log(web3.eth.accounts[0], addr);

[Ethereum] using solidity to verify ECDSA signature from external key pair

Since you mention it's an ECDSA key, I assume you're talking about using the same crypto that Ethereum uses for signatures. If you want to do this in Solidity, the simplest and most efficient thing will still be to use ecrecover.

As you say ecrecover returns an address, not a public key. But an Ethereum address is derived from the public key, so if you want to check the signed data was signed with a given public key inside the contract, you can recreate the address from the public key, then use ecrecover to get the address, and make sure they match. This answer tells you how you could derive an address from a public key in Solidity: https://ethereum.stackexchange.com/a/15190/774

However, addresses are shorter and easier to handle than public keys, so this derivation is more commonly done outside solidity, with a design that only requires the contracts to manage addresses.

Best Answer

Related Solutions

Ethereumjs-utils – Getting an Address Using ethereumjs-utils ecrecover

[Ethereum] using solidity to verify ECDSA signature from external key pair

Related Topic