Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ethereum message signing hex preview incorrect #2

Closed
fabioberger opened this issue Aug 9, 2017 · 7 comments
Closed

Ethereum message signing hex preview incorrect #2

fabioberger opened this issue Aug 9, 2017 · 7 comments

Comments

@fabioberger
Copy link

When signing this message on a Ledger Nano S:

0x21c78f55e3f54ab5d872bfea03ad05d7bfb3d35dc1a537fd3ae731cdbb9bea21

which is the result of running:

0x3bd03be584f9df8a79ed49d8502c63d5fcff148157544242ffdbcc2b64321b1e

through:

keccak256("\x19Ethereum Signed Message:\n" + len(message) + message))

I am shown the following "message hash" on the Ledger Nano S display when prompted to confirm the signing:

1DAO...8EEE

When I'd expect to be shown:

21C7...EA21

If I disregard this discrepancy and sign the message anyway and verify the v, r, s values with the message I sent to the Ledger, I can verify that it is in-fact the message that was signed. The signature is valid for the expected value.

Why is this other "message hash" being presented to the user? Where does it come from? Any clarity on this would be great since we want our users to be able to confirm that they are signing the exact message they think they are signing.
@fabioberger fabioberger mentioned this issue Aug 9, 2017
Closed
@btchip
Copy link

btchip commented Aug 9, 2017

This other hash is the sha256 hash of the message you're signing - it has been implemented this way so the user can verify it using a third party hashing solution not aware of specific Ethereum rules if the message is long

@fabioberger
Copy link
Author

Thanks for the reply @btchip, applying the sha256 to:

0x21c78f55e3f54ab5d872bfea03ad05d7bfb3d35dc1a537fd3ae731cdbb9bea21

returns:

C234EDC89887D503823DA1AFE86C669F4B7FCFC2DC2D44334B4B02E7ECB5F019

With the 0x prefix and:

C8A9EF7D671BBB549D7736780819BF6D383A42EE7B7F2A59DC173F8FE701CFFF

Without it.

Neither matches:

1DAO...8EEE

Can you show an example and which implementation of sha256 is being used?

@pollastri-pierre
Copy link
Member

pollastri-pierre commented Aug 9, 2017 via email

@fabioberger
Copy link
Author

@pollastri-pierre could you perhaps post an example?

@btchip
Copy link

btchip commented Aug 9, 2017

here's a Python example

>>> x = "3bd03be584f9df8a79ed49d8502c63d5fcff148157544242ffdbcc2b64321b1e".decode('hex')
>>> import hashlib
>>> h = hashlib.sha256()
>>> h.update(x)
>>> h.digest().encode('hex')
'1da0d1ce808a922fd381994f85fb8da16f464e4078cc6a20899bbd9956ff8eee'

@fabioberger
Copy link
Author

Ah thank you so much! That was really helpful! Now look at how nice our message signing explanation dialog will look for all the wonderful Ledger users out there 💃

screenshot 2017-08-09 04 30 28

@btchip
Copy link

btchip commented Aug 9, 2017

Looking great 👍 so closing that one

@btchip btchip closed this as completed Aug 9, 2017
pollastri-pierre pushed a commit that referenced this issue Apr 27, 2018
@KhalilBellakrid
Merge pull request #2 from meriadec/develop
7f78267 
Sample create wallet, account and transaction builder
hadronized pushed a commit that referenced this issue Dec 17, 2018
@teams2ua
Merge pull request #2 from phaazon/fix/db_abstraction-c++-permissive
30fd1ec 
Fix/db abstraction c++ permissive
@alekece alekece mentioned this issue Jul 7, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fabioberger @pollastri-pierre @btchip