Home

Signing and Verifying Messages

Signing and verifying messages for smart accounts is different than with EOAs. There are a few reasons why:

  • With an EOA, the address is effectively the public key of the private key used for signing. Therefore, verifying a EOA signature is as simple as recovering the signature and compare the recovered public key with the address.

    • With a smart account, the address is the address of a smart contract that has no cryptographic link to the signing private key. Therefore, you must use ERC-1271 to validate the message.
  • With an EOA, you don't have to deploy the account. It just exists.

    • Since smart accounts need to be deployed, it may not be clear how you can validate messages against a smart account not yet deployed.

Signing messages#

To sign messages:

server.ts

_11
// Set your secret key. Remember to switch to your live secret key in production.
_11
// See your keys here: https://dashboard.openfort.xyz/apikeys
_11
const Openfort = require('@openfort/openfort-node').default;
_11
const openfort = new Openfort(YOUR_SECRET_KEY);
_11
_11
const signature = await openfort.accounts.signPayload({
_11
id: "acc_4194ad24-c818-4e5c-b003-9cc2aa7df53b",
_11
domain: { ... }
_11
value: { ... },
_11
types: { ... },
_11
});

Validating signatures#

You can validate signatures with ERC-1271.


_16
const ethers = require("ethers");
_16
_16
async function verifySignature(hash, signature, address) {
_16
let provider = new ethers.providers.JsonRpcProvider(providerUrl);
_16
const iface = new ethers.utils.Interface(ABI);
_16
const encodedDataDeposit = iface.encodeFunctionData("isValidSignature", [
_16
hash,
_16
signature,
_16
]);
_16
_16
const tx = {
_16
to: address,
_16
data: encodedDataDeposit,
_16
};
_16
return await provider.call(tx);
_16
}