Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Signing and Verifying messages in Ethereum

The guide will introduce you to sending an offline signed message to a smart contract via the EthVigil API endpoints. The signing method used to demonstrate this example is the legacy eth_sign

The verification happens on contract and we monitor corresponding events for that in a webhook integration.

These steps are also packaged into a CLI tool designed in Python for you to play around with a pre-supplied contract.

Please refer to this doc for a walkthrough.

Populate settings.json

Rename settings.example.json to settings.json

These are the initial contents of the file:

  "development": {
    "privatekey": "",
    "contractAddress": "",
    "ETHVIGIL_USER_ADDRESS": "0xaddr",
    "ETHVIGIL_API_KEY": "1212-1212-12-12"

Enter the appropriate values for the following keys

  • privatekey
  • ETHVIGIL_USER_ADDRESS -- associated with the above private key
  • ETHVIGIL_API_KEY -- a token passed in HTTP request headers to authenticate POST calls. Works with GET calls too.

Hint: If you have ev-cli installed, you can use dumpsettings to recover your EthVigil credentials

Leave the contractAddress field as it is. Fill it up once you deploy the ERC20Mintable.sol contract through the python script.

Setting up webhook listener server


Interacting with the smart contract

Work directly with the CLI script

Install the package requirements

pip install -r requirements.txt

python deploy


Install as an executable

~/workspace/api-usage-examples/eth_sign$ pip install -e .

If everything goes well,

ethsign-cli deploy

Setting up the contract

Deploy the contract

$ python deploy 
$ ethsign-cli deploy

Contract address was not supplied in configuration
Deployed contract results
    'success': True, 
    'data': {
        'contract': '0xbfd6eabcb94eb1dea59d8a8a5019699c18681cb0', 
        'gas': '145790', 
        'txhash': '0x198c9fcf9a0dcd12502e8db78f87ebc53b0e9198ef7f628271ef6081e0d35847', 
        'hash': '0x198c9fcf9a0dcd12502e8db78f87ebc53b0e9198ef7f628271ef6081e0d35847'

Copy the contract address into settings.json

Register the webhook listening endpoint with the EthVigil platform

  1. python

  2. ./ngrok http 5554

$ python registerhook

Succeeded in registering webhook with Ethvigil API...
EthVigil Hook ID: 24

Refer back to the CLI tool guide or web UI guide to learn how to add webhook integrations on EthVigil beta

Subscribe to all events emitted from this contract

$ python addhooktoevent 24 '*'

Registering | hook ID: 24 | events: ['*'] | contract: 0xee07ee1a2e1dfbf307de512ce57bd9db7d824755
Succeeded in adding hook

Send a signed message to the contract

The command format is submitconfirmation <unique sequence ID/nonce> <private key used to sign the message>

$ python submitconfirmation 1 0x080a12470a639f95139e5e2d9fc7ca597869a42de9bfab4969a3a57a89b0c84a

Signing data with settlementid, contractaddr...
Signed message hash: 0xd093bf19f8e5d7526953f63b7721628b95820e94cf42298f97cd4502b61ff392024b4030ee7db3f74690e721289b287583d72ccd8ad297e69c822eb4f1f87c2a1b
{"success": true, "data": [{"txHash": "0x34d95ba2cdfdc4abbcc9b2627a8956c16753023903e14a4a8f0d2cef42a614fe"}]}

The public Ethereum address corresponding to the private key 0x080a12470a639f95139e5e2d9fc7ca597869a42de9bfab4969a3a57a89b0c84a is 0x774246187E1E2205C5920898eEde0945016080Df

Verify if the recovered signer address on the contract is the same as expected

The webhook listening endpoint receives the following update

========New event received========


---JSON Payload delivered-----

    'txHash': '0x34d95ba2cdfdc4abbcc9b2627a8956c16753023903e14a4a8f0d2cef42a614fe', 
    'logIndex': 1, 
    'blockNumber': 1303866, 
    'transactionIndex': 0, 
    'contract': '0xbfd6eabcb94eb1dea59d8a8a5019699c18681cb0', 
    'event_name': 'ConfirmationSigRecieved', 
        {'signer': '0x774246187e1e2205c5920898eede0945016080df', 'uniqueID': 1}, 
    'ethvigil_event_id': 104, 
    'ctime': 1568576475

As expected, the retrieved signer in the event data is the same: 0x774246187e1e2205c5920898eede0945016080df

You can’t perform that action at this time.