Hi, how do i verify signature? at the front end im sending this
authenticate({ signingMessage: message })
i cant even get it to work here
https://etherscan.io/verifySig
my whole idea is to verify the signature at my server side
Hi, how do i verify signature? at the front end im sending this
authenticate({ signingMessage: message })
i cant even get it to work here
https://etherscan.io/verifySig
my whole idea is to verify the signature at my server side
What signature you want to verify?
You can search on this forum and you may find the answer in other similar thread.
Ive searched everywhere, no lead so far.
Everytime we connect to the wallet, we should receive the signature right. Im able to get the signature value from User data. Currently im sending this signature to my backend (PHP) together with wallet address and signingMessage. At my backend i want to verify the signature whether it signed by same wallet address.
ok, so you have the signature, the wallet address and the signed message.
What did you try to do with those parameters? like what is the code that you tried
Moralis does this for you. The signature that you sign gets verified by their backend. Thats the whole point of the one line auth message. Its saves what would typically be a couple of 100 lines of code to the same from scratch. So you dont have to worrry
however if ypur tiying to implement your own own version of tihis or do βaβ verification yourself thren you can use the below
const { recoverPersonalSignature } = require("eth-sig-util");
const { bufferToHex, Address } = require("ethereumjs-util");
const msg = `onboadring message ${nonce}`;
const msgBufferHex = bufferToHex(Buffer.from(msg, 'utf8'));
const address = recoverPersonalSignature({data: msgBufferHex, sig: signature.signature});
usually the message will have a random nonce uniquely generated for each user each time they login thus makes the signature much more difficult to hack. so together with the message you make the user sign and the actualy return value of web3.eth.personal_sign()
(which is the signature in this case) we can use this ethereum function recoverpersonalSignature()
which takes the exact message the user signed and also the signature. from this it does some cryptographic magic (lol) to verify the person who signed it really was he wallet owner. so what this will do is the result of recoverpersonalSignature()
will output the address of the signer, then in you backed if you compare the address of thid with the actual wallet of the person who signed the message and their the same then boom you have verified their ownership
this is a snipppet from one similiar i did in node.js not sure how you would do so if your using php
Yes exactly - you donβt have to verify anything
When the user signs the message itβs sent to Moralis for verification and moralis sets up a User row in your database if the signature is correct
Is it possible for me to use recoverpersonalSignature() with the signature created by moralis instead of my own?
Puting aside the php, https://etherscan.io/verifySig i supposed this website should at least able to recover it. But still unable to do so. Am I missing something? Im using the authData (id, message, signature) from the moralis db
It should work, there are two types of signatures, signing a message is not same thing as signing a transaction. The verification is also different in those two cases.