# Verifying signatures

## Verifying Signatures with EIP-1271

Since contracts can’t generate signatures therefore `ecrecover`won’t work if the address is a contract, then the contract-based account needs to use the [EIP1271](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1271.md) standard to verify signatures for contracts.&#x20;

Verifying contract-based account signatures require calling the EIP1271 `isValidSignature( data, signature)` method on the account contract. Authereum, Dapper wallet, 0xProject, and a few others are already using EIP1271 to verify signatures where the "recovered address" is a contract address.

Below are examples of how to verify Authereum dapp key signatures:

### Using Web3.js

```javascript
const Web3 = require('web3')

const provider = new Web3.providers.HttpProvider('https://kovan.infura.io')
const web3 = new Web3(provider)

const eip1271Abi = [
  {
    "constant": true,
    "inputs": [
      {
        "name": "_messageHash",
        "type": "bytes"
      },
      {
        "name": "_signature",
        "type": "bytes"
      }
    ],
    "name": "isValidSignature",
    "outputs": [
      {
        "name": "magicValue",
        "type": "bytes4"
      }
    ],
    "payable": false,
    "stateMutability": "view",
    "type": "function"
  }
]

const account = '0x99bd0006D13542A0917Cf8F2F986Ca7667b84268'
const data = '0x47173285a8d7341e5e972fc677286384f802f8ef42a5ec5f03bbfa254cb01fad'
const signature = '0x0304494527023df3a811f5ad61aa35177a4455eb4bf098561f9380a574915f4c1ff4a5fc653afdfc086dcc9662848097703d18b82156618ccec1e5c9da7623e51b4760269d07f9a074dc2d6ab10cf52ff77852662e40fbb4b27289126a5bb538271e147c0952204161d710bb070a6e470b0b1ef65d11f1dc074e235e3dfaef00ae1b'

const magicValue = '0x20c13b0b'
const instance = await new web3.eth.Contract(eip1271Abi, account)
const result = await instance.methods.isValidSignature(data, signature).call()
const verified = (result === magicValue)

console.log(verified) // true
```

The `isValidSignature` method returns a magic which is computed from `bytes4(keccak256("isValidSignature(bytes,bytes)").` The reason for returning a magic value to avoid accidentally returning `true`.

### Using ethers.js

```javascript
const ethers = require('ethers')

const provider = ethers.getDefaultProvider('kovan')

const eip1271Abi = [
  {
    "constant": true,
    "inputs": [
      {
        "name": "_messageHash",
        "type": "bytes"
      },
      {
        "name": "_signature",
        "type": "bytes"
      }
    ],
    "name": "isValidSignature",
    "outputs": [
      {
        "name": "magicValue",
        "type": "bytes4"
      }
    ],
    "payable": false,
    "stateMutability": "view",
    "type": "function"
  }
]

const account = '0x99bd0006D13542A0917Cf8F2F986Ca7667b84268'
const data = '0x47173285a8d7341e5e972fc677286384f802f8ef42a5ec5f03bbfa254cb01fad'
const signature = '0x0304494527023df3a811f5ad61aa35177a4455eb4bf098561f9380a574915f4c1ff4a5fc653afdfc086dcc9662848097703d18b82156618ccec1e5c9da7623e51b4760269d07f9a074dc2d6ab10cf52ff77852662e40fbb4b27289126a5bb538271e147c0952204161d710bb070a6e470b0b1ef65d11f1dc074e235e3dfaef00ae1b'

const magicValue = '0x20c13b0b'
const instance = new ethers.Contract(account, eip1271Abi, provider)
const result = await instance.isValidSignature(data, signature)
const verified = (result === magicValue)

console.log(verified) // true
```

### Using NPM package helper

For convenience, there's the [~~`is-valid-signature`~~](https://www.npmjs.com/package/is-valid-signature) NPM package you can use to validate signature for account contracts.&#x20;

```javascript
const validateContractSignature = require('is-valid-signature')
const Web3 = require('web3')

const provider = new Web3.providers.HttpProvider('https://kovan.infura.io')

const account = '0x99bd0006D13542A0917Cf8F2F986Ca7667b84268'
const data = '0x47173285a8d7341e5e972fc677286384f802f8ef42a5ec5f03bbfa254cb01fad'
const signature = '0x0304494527023df3a811f5ad61aa35177a4455eb4bf098561f9380a574915f4c1ff4a5fc653afdfc086dcc9662848097703d18b82156618ccec1e5c9da7623e51b4760269d07f9a074dc2d6ab10cf52ff77852662e40fbb4b27289126a5bb538271e147c0952204161d710bb070a6e470b0b1ef65d11f1dc074e235e3dfaef00ae1b'

const verified = await validateContractSignature(account, data, signature, provider)

console.log(verified) // true
```

### Resources

* [EIP-1271 specification](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1271.md)
* [ERC-1271 : Standard Signature Validation Method for Contracts](https://github.com/ethereum/EIPs/issues/1271)
* [`is-valid-signature`](https://www.npmjs.com/package/is-valid-signature) NPM Module
* [Signature-based authentication server example](https://github.com/authereum/signature-based-authentication-example)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.authereum.com/verifying-signatures.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.