Verifying an Ethereum signature on the server - PHP (2)
I was asked on Twitter for more details on my solution for verifying the authenticity of a message signed with an Ethereum private key. This was discussed in this blog post which provides an overview of what I was trying to do and how i conceptually achieved it. It is worth reading that post first for context.
There is a Stack Exchange question on this topic too: How can I sign a piece of data with the private key of an Ethereum address?
You can hash a message using hashPersonalMessage.
//Hash a known message const message = "Known message"; const messageBuffer = Buffer.from(message); const messageHashBuffer = utils.hashPersonalMessage(messageBuffer);
You can sign this message with a private key and the ecsign method.
const privateKeyBuffer = new Buffer(privateKey, 'hex'); const signature = utils.ecsign(messageHashBuffer, privateKeyBuffer);
The signature contains the
signature.r.toString('hex'), signature.s.toString('hex'), signature.v
For further explanation of these values it is worth reading this post ECDSA: (v, r, s), what is v?.
Verifying a message (PHP)
For this I used the Signature class from the CryptoCurrencyPHP library.
hex2bin are outlined in the original post. The GMP functions I found in the Signature class and then read up on. They are for doing complex maths.
As mentioned in the initial post, a lot of this was trial and error. Learning my doing, and playing until I got the answers that I expected.
Elliptical curve cryptography is inherently hard. Thanks to some awesome opens source library developers producing this was significantly easier than it good have been.
Also worth noting that as of yet no-one can really agree on a standard for Ethereum message signing.