Comments (6)
commented on June 16, 2024
1
Actually, this may be a problem after all =/
In the below code example, the returned signature is equivalent to that of Nethereum's EncodeUTF8AndSign operation:
string msg = "This is a test!";
var signature = await WalletConnect.ActiveSession.EthPersonalSign(address, msg);
However, when signing via a wallet such as MetaMask in JavaScript (without using WalletConnect) signing the exact same data via HashAndSign generates a completely different signature.
If you dig into web3.eth.personal.sign.HashAndSign it's as follows:
public override string HashAndSign(byte[] plainMessage, EthECKey key)
{
return base.Sign(HashAndHashPrefixedMessage(plainMessage), key);
}
Stepping into HashAndHashPrefixedMessage gives us:
public byte[] HashAndHashPrefixedMessage(byte[] message)
{
return HashPrefixedMessage(Hash(message));
}
Stepping into HashPrefixedMessage (which should probably be called PrefixAndHashMessage) gives us:
public byte[] HashPrefixedMessage(byte[] message)
{
var byteList = new List<byte>();
var bytePrefix = "0x19".HexToByteArray();
var textBytePrefix = Encoding.UTF8.GetBytes("Ethereum Signed Message:\n" + message.Length);
byteList.AddRange(bytePrefix);
byteList.AddRange(textBytePrefix);
byteList.AddRange(message);
return Hash(byteList.ToArray());
}
And finally, Hash (from EthereumMessageSigner's base MessageSigner class) is:
public byte[] Hash(byte[] plainMessage)
{
var hash = new Sha3Keccack().CalculateHash(plainMessage);
return hash;
}
This is what we want to do - an operation equivalent to HashAndSign - summarising the above, the sequence is:
- Hash the nonce (in
HashAndHashPrefixedMessage) then, - Prefix and hash the hash of the nonce (in
HashPrefixedMessage), then - Sign the prefixed-and-hashed hash of the original plain nonce.
But, as mentioned, what WCU actually does is equivalent to EncodeUTF8AndSign, which is:
public string EncodeUTF8AndSign(string message, EthECKey key)
{
return base.Sign(HashPrefixedMessage(Encoding.UTF8.GetBytes(message)), key);
}
The sequence of operations for EncodeUTF8AndSign is:
- Prefix and hash the message received in
HashPrefixedMessage, then - Sign the prefixed-and-hashed message.
Given these steps, you would think that to make EncodeUTF8AndSign function as per HashAndSign, all you would need do is pre-hash the provided input so that EncodeUTF8AndSign prefixes and hashes the (now already hashed) input.
Unfortunately, this does not result in a signature that matches the output of HashAndSign - and I'm damned if I know why, because on paper the steps are identical.
Any thoughts you might have about this would be incredibly gratefully received as I've tried absolutely everything I can think of and cannot find any way whatsoever to get WCU's EncodeUTF8AndSign-like functionality to match that of HashAndSign!
References
https://github.com/Nethereum/Nethereum/blob/master/src/Nethereum.Signer/EthereumMessageSigner.cs
https://github.com/Nethereum/Nethereum/blob/master/src/Nethereum.Signer/MessageSigner.cs
https://web3js.readthedocs.io/en/v1.2.11/web3-eth-personal.html#sign
https://web3js.readthedocs.io/en/v1.2.11/web3-eth-accounts.html#sign
(BTW: Both web3.eth.personal.sign and web3.eth.accounts.sign both generate the identical signatures from the same input)
from walletconnectunity.
ecp4224
commented on June 16, 2024
Let me take a look at this, my guess is that the core library is not transmitting the initial sign request correctly causing the wallet to sign a garbage request
from walletconnectunity.
commented on June 16, 2024
Any further thoughts on this? Can't log in if you can't verify you're the owner of a given wallet address - just need a good signature to EcRecover from =/
from walletconnectunity.
commented on June 16, 2024
Figured it out - the below works (using Nethereum). Code is from DemoActions.PersonalSign:
string msg = "This is a test!";
var results = await WalletConnect.ActiveSession.EthPersonalSign(address, msg);
var ethSigner = new EthereumMessageSigner();
var recoveredAddress = ethSigner.EcRecover(Encoding.UTF8.GetBytes(msg), results); // THIS!!!!!
resultText.text = "Results: " + results + "\nSource address: " + recoveredAddress;
The above will successfully recover the signing address - I won't close this out because you might want to add the recovery step to the WCU PersonalSign method as a demonstration to prevent other people gnashing their teeth when they experience similar issues.
Cheers!
from walletconnectunity.
ecp4224
commented on June 16, 2024
Thank you for looking into this thoroughly! I believe what you say is correct, the current implementation does not include the 0x19Ethereum Signed Message:\n prefix because the wallet is supposed to include this data in the original message (at least that was my understanding of personal_sign)
I believe the reason you were having trouble getting the same hash is because of a bug that was discovered in #21 where the parameters for the RPC call were swapped
from walletconnectunity.
gigajuwels
commented on June 16, 2024
closed due to v1 depreciation
from walletconnectunity.
Related Issues (20)
- Deletion of the kotlin files. HOT 2
- Doesn't Disconnect Expired Session
- SignClient.Session.Keys NullReferenceException on Signature Request HOT 10
- Nothing happened After clicking and redirecting okx wallet in Android HOT 4
- Sample not working after select chain and metamask HOT 6
- Cannot build for WebGL HOT 2
- I can't connect okx wallet HOT 10
- Transaction failed: WalletConnect Transaction Error: No matching key with tag: {tag} HOT 3
- Connection error and transaction failed HOT 6
- Landscape resolution: Wallet Connect QR code does not fit completely on the screen HOT 3
- The screen with the "Coinbase Wallet" is empty HOT 2
- "Wallet Connect" screen opens without content for the entire user session after without Internet HOT 1
- MetaMask connecting don't reactive HOT 2
- Singleton WalletConnectModal.cs disposes SignClient cause null reference exception
- DisconnectAsync method doesn't complete when there is no internet connection HOT 1
- MetaMask will no longer show "Personal sign" popup if we close the MetaMask on the personal sign popup HOT 1
- WalletConnect.Instance.RequestAsync method doesn't complete when there is no internet connection HOT 3
- Wallet connect screens open without content if the QR screen was opened before all wallets on the screen were loaded
- Metamask jsonrpc error at sometimes HOT 1
- WalletConnect doesn't redirect to SafePal app when requesting personal sign or transaction
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from walletconnectunity.