How to Sign and Verify a Signed Message in Crypto
How to Sign and Verify a Signed Message in Crypto
EOA (What is an EOA?) is capable of signing a message. Signing messages is often used to ensure the address owner's authenticity and integrity. e.g. an address owner wants to change the token's name showed on blockchain explorer, but while he has no way to change it by contract code on chain. He can notify the blockchain explorer by signing a message to 1. approve he is the owner of the contract, 2. he signs the message "please change the token name to be xxx", then the blockchain explorer will receive this message and verify the signature and modify the token information after verify successfully.
Signing a Message
Signing a message is done only with the EOA's private key. The process is as following,
- Hash the message using a cryptographic hash function such as SHA-256.
- Use the private key to sign the hashed message.
- Done, the signature result of step2 is the signed message.
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.asymmetric import rsa
def sign_message(message, private_key):
signature = private_key.sign(
message,
padding.PKCS1v15(),
hashes.SHA256()
)
return signature
# Prepare the private key
private_key = "The Private Key of your EOA address"
# Message to be signed
message = b"Could you please rename the smart contract https://eth.tokenview.io/en/address/{contract_address} from current "{token name}" to "{new_token_name}"? I am the owner of this token contract address."
# Sign the message
signature = sign_message(message, private_key)
print("Signed message is:", signature.hex())
Verifying a Signed Message
Verifying a signed mesage is done only with the EOA's public key. This is the step the one who received the signature to verify whether the signature is correct so that he can continue to take actions on his side. This process involves the following steps:
- Hash the message using the same cryptographic hash function used to sign the message.
- Use the public key to verify the digital signature by applying the same algorithm used to create the digital signature to the hashed message.
- If the two values match, the message is considered to be authentic and has not been tampered with. If the values do not match, the message has been modified or the digital signature was created using a different private key.
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.asymmetric import rsa
def verify_signature(message, signature, public_key):
try:
public_key.verify(
signature,
message,
padding.PKCS1v15(),
hashes.SHA256()
)
return True
except:
return False
# Get the public key
public_key = "The Public Key of the EOA address"
# Message
message = b"Could you please rename the smart contract https://eth.tokenview.io/en/address/{contract_address} from current "{token name}" to "{new_token_name}"? I am the owner of this token contract address."
# Message signed
signature = "6a056920c3aafd4d9b75e180671024f35eb63044f7e7f1c44baad3a8311956442b0849b8dd844c01ae7ac476d24f632fbedc1b1d1664726e6e814cbceeea0a2c7ad137e866bcdc3ebaa80bb7af8d6520c90cdb2618eb69b39087127e26cf986f5c36f6db13a8b8b6e5f2445ffafcc9f558ab4ee36ed5139ecaac1f0244dd8a0f0851aa2b2f194236c94750380ebbc378d76c56124d5369d1a4d16d6fca934ebff30607001a57b0db2e5f7aee79ae4931f17e127dc9de4236619d09101661f0c06366aa5592b7577c1651e7b9d91956e10d27e68b1a7cb81b3332a6a0b0dad6fecfff02591e14348f7d794128061a0073e590e90076e383d5abb5806c0213f23c"
# Verify the signature
is_verified = verify_signature(message, bytes.fromhex(signature), public_key)
print("Signature verified successfully:", is_verified)