web3j icon indicating copy to clipboard operation
web3j copied to clipboard

Published 20 hours ago verified publisher icon hyperledger

Signature Verification Not Intuitive

Open lukerQuant opened this issue 2 years ago • 0 comments

Issue_title

Using web3j to sign a message and then verify it, is not intuitive due to hidden hashing.

Issue_description

Web3j requires both of the following:

  1. the message input to Sign.signMessage to be hashed
  2. the message input to Sign.recoverFromSignature to NOT be hashed

This inconsistency means the signing and verification process is unintuitive. Especially when there is no comments on the Sign.signMessage function: https://github.com/web3j/web3j/blob/b15e56aa4692f36cf937169c102c10a2f2ef4919/crypto/src/main/java/org/web3j/crypto/Sign.java#L80

It took us a while to work this out. This time would not have been wasted in the inputs to both of the functions were consistent (e.g. both not hashed or both hashed)

Issue_context

This appeared when we were signing messages (not transactions) with our Ethereum keys

lukerQuant avatar Jan 10 '23 14:01 lukerQuant