AEX 8
AEX: 8
Title: Message Signing
Author: Andreas Gassmann (@AndreasGassmann), Alessandro De Carli (@dcale)
License: BSD-3-Clause
Discussions-To: TBD
Status: Draft
Type: Standards Track
Created: 2019-05-13Simple Summary
This document defines a standard how arbitrary messages or payload can be signed using an aeternity keypair.
Motivation
Message signing can be used in a wide variety of scenarios. Common use cases include:
Authentication / Login (Proving you are the owner of an address/pubkey)
Authorization (Giving a user priviliges based on the coins / tokens he owns)
Prove Data Integrity
Voting
This technique has been around for a long time, but with the rise in crypto adoption it becomes more accessible to the average user.
Specification
Flow
DApp / Website / Wallet prepares a signing request containing a message (challenge) and other parameters (see below)
Signing request is sent to the Wallet / Signer containing the Private Key
User can select an identity (= keypair)
Message will be signed
User is either being redirected to the provided callback URL, or the signed message is displayed (eg. QR code)
Encoding
The signature should be encoded in hex: Buffer.from(signature).toString("hex");
Message Signing Request
Message Signing Response
The response can contain an array of signatures and publicKeys, which allows a single message to be signed by multiple identities at once.
Signing the message
Verifying the signature
Example
Serialization and Transport Layer
Serialization and Transport Layer are not part of this propaosal.
The Serialization is being discussed as part of AEX-7 Data Serialization
Security
In order to prevent malicious DApps from sending a seeminly random message to be signed that actually contains data like a valid transaction, we should add a prefix to the message so this can't be exploited.
https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign
Last updated
Was this helpful?