Ether – How to Send Signed Data to Backend and Verify It

etherjavascriptsignaturetimestamp

On a web page I have some 3 fields, name, age and height, which a user authenticated via MetaMask sends to backend along with his wallet address. In JSON.

In order to ensure that data that's sent hasn't been tampered and his wallet address indeed belongs to him, I'll have to ask a user to sign data, right? I'm aware of how to do it:

 let mySigData = await this.mySigner.signMessage(ethers.utils.arrayify("some data"));

I'll also include a timestamp in data to prevent re-usage of a signature.

However, what is it what I actually will have to send from a client to then send to backend? What will all the data (data + payload) look like?

And how will I then deconstract it on a server properly?

Option #1

{
  name: "name1",
  age: 367,
  height: 188, 
  sig: "fdsafdsafdsafds$$2fds####",
  timestamp: 1236366
}

Option #2

{
  sig: "#6$$,,##$$-safd8543gfds", //name, age and height have somehow been embeded here 
  timestamp: 1236366
}

I'm aware how to verify a signature itself in ether.js but I mean the whole data itself.

On a server I'll then call …. what?

  const verify = ethers.utils.verifyMessage("???", params["sig"])

Best Answer

As an example, your data structure could be:

let user = {
    data: {
        name: 'name1',
        age: 367,
        height: 188, 
        timestamp: 1236366,
    },
    address: '0x<UserAddress>',
    sig: '...'
}

Signing

To sign the data you must serialize it and the most simple serialization would be to use JSON.stringify

let message = utils.arrayify(JSON.stringify(user.data);
user.address = await this.mySigner.getAddress();
user.sig = await this.mySigner.signMessage(message);

Recover Address

On the backend side, after receiving the user object, you should serialize the data in the same manner and recover the address with the signature:

let message = utils.arrayify(JSON.stringify(params.data);
let address = utils.verifyMessage(message, params.sig);

Depending on your further logic you can check:

if params.address is equal to the recovered address
if the address is allowed to submit data
...

The most important key point here, regardless of the data structure you choose, is that it depends on your business logic. The serialization of the data takes place on the front end for signing. Subsequently, the raw data along with the signature is sent to the backend. The backend serializes the data in the same way and verifies if it can be retrieved for the expected address using the provided signature.

Related Solutions

Signature Parameters – How to Get Signature Parameters From a Transaction

In the transaction object returned by eth_getTransaction to my geth instance does include the ECDSA parameters:

curl -X POST --data '{"jsonrpc":"2.0","method":"eth_getTransactionByHash","params": ["0x47ced780ecca7c273243dded62c6a240f3ba4332ab067345909a304d7294cfda"],"id":1}' localhost:8545

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "blockHash": "0x7126318b5736f655049fcb7c3f6ef02d0986a5553cb1b1fbc0ca188543b1e60a",
    "blockNumber": "0x339d04",
    "from": "0xea674fdde714fd979de3edf0f56aa9716b898ec8",
    "gas": "0x15f90",
    "gasPrice": "0x4a817c800",
    "hash": "0x47ced780ecca7c273243dded62c6a240f3ba4332ab067345909a304d7294cfda",
    "input": "0x",
    "nonce": "0x15dcf8",
    "to": "0xf34a762291e2578b79646cbf296abf4f5a242b3d",
    "transactionIndex": "0x0",
    "value": "0x16978c7c04171dc",
    "v": "0x26",
    "r": "0xe448b291661c63d8add23a8be2eb726e92ace5c100e902ee75a6396f8df8d221",
    "s": "0x197fb2e88dc2d4e8f606faf6abdb8012d21b024939756ceaf2d39b4bef619fa4"
  }
}

Note the v, r, and s parameters: these are what you need to verify the signature. I'm not sure why these aren't in the official RPC spec, but they are available if you need them

Dapp Design – How to Verify a Signed Message and Ensure It Hasn’t Been Reused or Tampered

1st sign the message. The message has to have to signer address in it. We will parse this message and get the signer address and compare it to the one we get from decoding the signed message. If they match then the message is authentic and has not been tampered with.

2nd. In the message we also need to include a nonce that we will save in a db use it to make sure messages are not reused.

Front end code:

// Front end code
async signMessageAnsSendToServer() {
    const nonce = new Date().getTime()
    const message = `
        Message:
 
            Wallet address:
                ${this.connectedAddress}

            Nonce:
                ${nonce}
`
    this.web3 = new ethers.providers.Web3Provider(this.provider)// create web3 instance
    this.signer = this.web3.getSigner();
    const signedMessage = await this.signer.signMessage(message);
    // send signed message to server

}

Backend code:

// Backend code
async function getSignerAddressAndNonce(message, signedMessage){
    const signerAddress = ethers.utils.verifyMessage(message, signedMessage);

    const addressFromMessage = message.replace(/\n|\r/g, "").split("Wallet address:").pop().split("Nonce:")[0].trim();

    const nonce = message.split("Nonce:").pop().trim();
  
    if(signerAddressA !== signerAddressB){
        // this means that the message was not signed
    }

    return {address: signerAddressA, nonce: Number(nonce)}
}