-
Notifications
You must be signed in to change notification settings - Fork 19.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signing in geth and verifying in solidity do not produce correct results #3731
Comments
I already pointed you to the commit that changes the behavior and the reason behind it: b59c839 TL;DR; Geth prepends the string The reason was that by allowing signing arbitrary data, a DApp can trick the user to sign a transaction masqueraded as some arbitrary application data. This prefix ensures that no matter what data a DApp sends Geth, it cannot be abused as a transaction. To use this mechanism for signature verification in solidity, you'll need to have your contract also do this prefixing. Alternatively, you might want to do account management client side in your application and not rely on Geth for that. The go-ethereum libraries provide the methods to sign arbitrary data, they are just not exposed by Geth due to security reasons. |
Hi there, do you have any example on how to pre-append the string on the Solidity side? What I have to sign is always a keccak-256 hash, so the size is always the same :) |
That worked for me :
|
So, is this ever going to be fixed to be compatible with TREZOR and the like? Specifically, using an ASCII message length vs. a var_int/hex length of the message: #14794 It seems no matter how I attempt to pass in a prefixed message signed from a TREZOR (using ascii length or a hex length), geth can't verify it. |
This makes claims valid only for the intended recipient and claim type. The prefix stuff here is being done to accomodate the prefixing done by web3 when signing messages, as a security measure (ethereum/go-ethereum#3731). Because this signing is most likely going to be done on servers of major claim validators rather than from end-user clients, the web3 prefix could probably be bypassed. But to keep things simple I just adjusted the solidity code to use this prefix. I think it's adequate for now.
This makes claims valid only for the intended recipient and claim type. The prefix stuff here is being done to accomodate the prefixing done by web3 when signing messages, as a security measure (ethereum/go-ethereum#3731). Because this signing is most likely going to be done on servers of major claim validators rather than from end-user clients, the web3 prefix could probably be bypassed. But to keep things simple I just adjusted the solidity code to use this prefix. I think it's adequate for now.
Something that's been bothering me is the potential for abuse with the SignTransaction method. Though it requires to be fed specific named properties in order to execute, it can still be abused by a dapp that bypasses Metamask and uses its own custom wallet handling. It can still display disinformation and provide differing values under the hood, thus having a transaction with arbitrary data signed and ready to using whatever private key the user had sitting in local storage. How does this change protect against the form of abuse I highlight here? |
Geth version:
1.5.9-stable
OS & Version: Linux
Commit hash : a07539f
I sign with personal.sign or web3.eth.sign in geth then I test with personal.ecrecover it works fine, it returns the right address, BUT when I try to verify with solidity it return a wrong address !! can you tell me why please!
The text was updated successfully, but these errors were encountered: