Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support metamask signatures #6

Open
veqtor opened this issue Mar 22, 2018 · 2 comments
Open

Support metamask signatures #6

veqtor opened this issue Mar 22, 2018 · 2 comments

Comments

@veqtor
Copy link

veqtor commented Mar 22, 2018
edited

Using metamask ethereum accounts and signatures will be a good form of convenience to accelerate adoption. Metamask has created an arbitrary signature scheme for signing messages, the details are a bit fuzzy for me, but given a lotion light-client app embedded in a browser, it would be convenient to support signatures from metamask. Perhaps this should be a special account type

It seems the signature is a normal secp256k1 signature of the keccak256 hash of the message which is an array of parameters. This seems quite close to the current signature scheme, or?

Details:
https://medium.com/metamask/scaling-web3-with-signtypeddata-91d6efc8b290
https://medium.com/metamask/the-new-secure-way-to-sign-data-in-your-browser-6af9dd2a1527
ethereum/go-ethereum#2940
@veqtor
Copy link
Author

veqtor commented Mar 22, 2018
edited

With this scheme, signing a transfer would then be as simple as:


 var msgParams = [
  {
    type: 'string',
    name: 'Method',
    value: 'coins-transfer' //Here I'm thinking module name and function name
 },
 {   
   type: 'address',
      name: 'from',
      value: '0x0'
  },
 {   
   type: 'address',
      name: 'to',
      value: '0x1'
  },
 {   
   type: 'uint32',
      name: 'value',
      value: '10'
  },
 {   
   type: 'uint32',
      name: 'nonce',
      value: '3'
  },
 {   
    //IMPORTANT! Replay protection!
   type: 'bytes32',
      name: 'gci',
      value: APP_GCI
  }
]   

web3.eth.getAccounts(function (err, accounts) {
  if (!accounts) return
  signMsg(msgParams, accounts[0])
})
function signMsg(msgParams, from) {
  web3.currentProvider.sendAsync({
    method: 'eth_signTypedData',
    params: [msgParams, from],
    from: from,
  }, function (err, result) {
    if (err) return console.error(err)
    if (result.error) {
      return console.error(result.error.message)
    }
    const recovered = sigUtil.recoverTypedSignature({
      data: msgParams,
      sig: result.result 
    })
    if (recovered === from ) {
      alert('Recovered signer: ' + from)
    } else {
      alert('Failed to verify signer, got: ' + result)
    }
  })
}

Of course, this would be implemented as a coins.metamask_wallet function, so devs need not think about it

edit: probably the "from" field could be removed by using ecrecover to get the pubkey

@mappum
Copy link
Owner

mappum commented Jul 3, 2018

It's been a long time since this issue was created, but I'm definitely interested in supporting this. I hadn't considered the way you suggest, which is interesting since the Metamask UI will display the data in a user-friendly way.

But I think I would lean toward using personal_sign so the user would just see the tx JSON in the prompt, then if this was widely adopted we could encourage the Metamask team to natively support our transaction formats.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mappum @veqtor