Skip to content

Instantly share code, notes, and snippets.

@d-smith

d-smith/sign-auth-details.md

Created July 28, 2023 18:23
Show Gist options
  • Save d-smith/af3ad9d5e7a0c628dea0eb6a57f42461 to your computer and use it in GitHub Desktop.
Save d-smith/af3ad9d5e7a0c628dea0eb6a57f42461 to your computer and use it in GitHub Desktop.
Download ZIP
Details related to attempting to validate web3auth signed message
Raw
sign-auth-details.md

Here's the message signed in the web3auth example (modified):

const signMessage = async (): Promise<any> => {
    if (!provider) {
      console.log("provider not initialized yet");
      return;
    }
    const web3 = new Web3(provider);
    const fromAddress = (await web3.eth.getAccounts())[0];
    
    const originalMessage = [
      {
        type: 'string',
        name: 'Message',
        value: 'Hi, Alice!',
      },
      {
        type: 'uint32',
        name: 'A number',
        value: '1337',
      },
    ];
    const params = [originalMessage, fromAddress];
    const method = "eth_signTypedData";
    const signedMessage = await (web3.currentProvider as any)?.sendAsync({
      id: 1,
      method,
      params,
      fromAddress,
    });

    uiConsole(signedMessage);
  };

One of the signatures yielded by the application is 0x28ae09bd40c68fb1f403bce570e4aa3e565807e5292b8af42767f3d3ed2c32f578b1bba5e9a33b638fc45805e54e202cd29091933d77893d65470ca9ef15c7e31

Metamask has a live sample here

I can sign the exact same typed message using metamask (chain id 5) and get the following signature back: 0xcff43a27afe8f2f4f7a593ce8a6500830d2ddf1f52795a596d1341f7f6f61ebc6bb796f308390d7e59d2fcd76e4bd37e7b14bbaaf01b3d1f990b86ec255a8a731b

The metamask example source has the same message as above:

const msgParams = [
      {
        type: 'string',
        name: 'Message',
        value: 'Hi, Alice!',
      },
      {
        type: 'uint32',
        name: 'A number',
        value: '1337',
      },
    ];

Using eth-sig-utils I can recover the signature from the live dapp sample, but not the web3auth signature.

Here is the program I use to recover the sigs:

import {
    recoverTypedSignatureLegacy
} from 'eth-sig-util';

const doRecover = async (s) => {

    const originalMessage = [
        {
          type: 'string',
          name: 'Message',
          value: 'Hi, Alice!',
        },
        {
          type: 'uint32',
          name: 'A number',
          value: '1337',
        },
      ];

    const recoveredAddr = await recoverTypedSignatureLegacy({
        data: originalMessage,
        sig: s,
      });

      console.log(recoveredAddr);
    
}



await doRecover("0xcff43a27afe8f2f4f7a593ce8a6500830d2ddf1f52795a596d1341f7f6f61ebc6bb796f308390d7e59d2fcd76e4bd37e7b14bbaaf01b3d1f990b86ec255a8a731b")
await doRecover("0x28ae09bd40c68fb1f403bce570e4aa3e565807e5292b8af42767f3d3ed2c32f578b1bba5e9a33b638fc45805e54e202cd29091933d77893d65470ca9ef15c7e31")

Here is the output:

$ node recover.js 
0xa30df2957194f42d5d684fc85d5885e38afce685
/home/dsmith/code/w3a-sample/sigrec/node_modules/ethereumjs-util/dist/index.js:429
    throw new Error('Invalid signature v value');
          ^

Error: Invalid signature v value
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment