Verifying signatures

Search…
Verifying Signatures with EIP-1271
Since contracts can’t generate signatures therefore ecrecoverwon’t work if the address is a contract, then the contract-based account needs to use the EIP1271 standard to verify signatures for contracts. 
Verifying contract-based account signatures require calling the EIP1271 isValidSignature( data, signature) method on the account contract. Authereum, Dapper wallet, 0xProject, and a few others are already using EIP1271 to verify signatures where the "recovered address" is a contract address.
Below are examples of how to verify Authereum dapp key signatures:
Using Web3.js
1
const Web3 = require('web3')
2
​
3
const provider = new Web3.providers.HttpProvider('https://kovan.infura.io')
4
const web3 = new Web3(provider)
5
​
6
const eip1271Abi = [
7
  {
8
    "constant": true,
9
    "inputs": [
10
      {
11
        "name": "_messageHash",
12
        "type": "bytes"
13
      },
14
      {
15
        "name": "_signature",
16
        "type": "bytes"
17
      }
18
    ],
19
    "name": "isValidSignature",
20
    "outputs": [
21
      {
22
        "name": "magicValue",
23
        "type": "bytes4"
24
      }
25
    ],
26
    "payable": false,
27
    "stateMutability": "view",
28
    "type": "function"
29
  }
30
]
31
​
32
const account = '0x99bd0006D13542A0917Cf8F2F986Ca7667b84268'
33
const data = '0x47173285a8d7341e5e972fc677286384f802f8ef42a5ec5f03bbfa254cb01fad'
34
const signature = '0x0304494527023df3a811f5ad61aa35177a4455eb4bf098561f9380a574915f4c1ff4a5fc653afdfc086dcc9662848097703d18b82156618ccec1e5c9da7623e51b4760269d07f9a074dc2d6ab10cf52ff77852662e40fbb4b27289126a5bb538271e147c0952204161d710bb070a6e470b0b1ef65d11f1dc074e235e3dfaef00ae1b'
35
​
36
const magicValue = '0x20c13b0b'
37
const instance = await new web3.eth.Contract(eip1271Abi, account)
38
const result = await instance.methods.isValidSignature(data, signature).call()
39
const verified = (result === magicValue)
40
​
41
console.log(verified) // true
Copied!
The isValidSignature method returns a magic which is computed from bytes4(keccak256("isValidSignature(bytes,bytes)"). The reason for returning a magic value to avoid accidentally returning true.
Using ethers.js
1
const ethers = require('ethers')
2
​
3
const provider = ethers.getDefaultProvider('kovan')
4
​
5
const eip1271Abi = [
6
  {
7
    "constant": true,
8
    "inputs": [
9
      {
10
        "name": "_messageHash",
11
        "type": "bytes"
12
      },
13
      {
14
        "name": "_signature",
15
        "type": "bytes"
16
      }
17
    ],
18
    "name": "isValidSignature",
19
    "outputs": [
20
      {
21
        "name": "magicValue",
22
        "type": "bytes4"
23
      }
24
    ],
25
    "payable": false,
26
    "stateMutability": "view",
27
    "type": "function"
28
  }
29
]
30
​
31
const account = '0x99bd0006D13542A0917Cf8F2F986Ca7667b84268'
32
const data = '0x47173285a8d7341e5e972fc677286384f802f8ef42a5ec5f03bbfa254cb01fad'
33
const signature = '0x0304494527023df3a811f5ad61aa35177a4455eb4bf098561f9380a574915f4c1ff4a5fc653afdfc086dcc9662848097703d18b82156618ccec1e5c9da7623e51b4760269d07f9a074dc2d6ab10cf52ff77852662e40fbb4b27289126a5bb538271e147c0952204161d710bb070a6e470b0b1ef65d11f1dc074e235e3dfaef00ae1b'
34
​
35
const magicValue = '0x20c13b0b'
36
const instance = new ethers.Contract(account, eip1271Abi, provider)
37
const result = await instance.isValidSignature(data, signature)
38
const verified = (result === magicValue)
39
​
40
console.log(verified) // true
Copied!
Using NPM package helper
For convenience, there's the is-valid-signature NPM package you can use to validate signature for account contracts. 
1
const validateContractSignature = require('is-valid-signature')
2
const Web3 = require('web3')
3
​
4
const provider = new Web3.providers.HttpProvider('https://kovan.infura.io')
5
​
6
const account = '0x99bd0006D13542A0917Cf8F2F986Ca7667b84268'
7
const data = '0x47173285a8d7341e5e972fc677286384f802f8ef42a5ec5f03bbfa254cb01fad'
8
const signature = '0x0304494527023df3a811f5ad61aa35177a4455eb4bf098561f9380a574915f4c1ff4a5fc653afdfc086dcc9662848097703d18b82156618ccec1e5c9da7623e51b4760269d07f9a074dc2d6ab10cf52ff77852662e40fbb4b27289126a5bb538271e147c0952204161d710bb070a6e470b0b1ef65d11f1dc074e235e3dfaef00ae1b'
9
​
10
const verified = await validateContractSignature(account, data, signature, provider)
11
​
12
console.log(verified) // true
Copied!
Resources
​EIP-1271 specification​
​ERC-1271 : Standard Signature Validation Method for Contracts​
​is-valid-signature NPM Module
​Signature-based authentication server example​
Batched transactions
Testing
Last modified 2yr ago
Copy link
Contents
Verifying Signatures with EIP-1271
Using Web3.js
Using ethers.js
Using NPM package helper
Resources