A Go implementation of EIP-4361 Sign In With Ethereum verification

Sign-In with Ethereum

This go module provides a pure Go implementation of EIP-4361: Sign In With Ethereum.

Installation

go get github.com/jiulongw/siwe-go

Usage

SIWE exposes a Message struct which implements EIP-4361.

Parsing a SIWE Message

Parsing is done via the MessageFromString function:

msg, err := MessageFromString(text_representation)

Parsing from JSON

Message object can be parsed from JSON format defined by official siwe package.

type RequestBody struct {
    Message   siwe.Message `json:"message"`
    Signature string       `json:"signature"`
}

var r *http.Request  // incoming request

var body RequestBody
err := json.NewDecoder(r.Body).Decode(&body)

Verifying and Authenticating a SIWE Message

Verification and Authentication is performed via EIP-191. VerifySignature function of Message will recover signature to Ethereum public key and compare it with Address field of Message. If either public key recovery failed, or the recovered public key does not match Address, error is returned.

err := msg.VerifySignature(sig)
if err != nil {
  // signature validation failed.
}

The time constraints (expiry and not-before) can also be validated, at current or particular times:

if msg.Valid() { ... }
if msg.ValidAt(time.Now()) { ... }

Combined verification of time constraints and authentication can be done in a single call with verify:

err := msg.Verify(sig)
if err != nil {
  // signature validation failed or time constraints are not satisfied.
}

Serialization of a SIWE Message

Message instances can also be serialized as their EIP-4361 string representations via the String function.

fmt.Println(msg.String());

As well as in EIP-191 Personal-Signature pre-hash signing input form.

fmt.Println(msg.EIP191String())

And directly as the EIP-191 Personal-Signature Hashed signing-input.

hash := msg.EIP191Hash()

Example

Parsing and verifying a Message is easy:

var str string  // string representation of message
var sig []byte  // message signature to verify

msg, err := MessageFromString(str)
if err != nil {
    panic(err)
}

if err := msg.Verify(sig); err != nil {
    panic(err)
}

// do application-specific things

Disclaimer

Our Go library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.

See Also

Owner
Jiulong Wang
Jiulong Wang
https://github.com/jiulongw/siwe-go
Similar Resources

Sign, verify, encrypt and decrypt data with GPG in your browser.

Sign, verify, encrypt and decrypt data with GPG in your browser.

keygaen Sign, verify, encrypt and decrypt data with GPG in your browser. ⚠️ keygaen has not yet been audited! While we try to make keygaen as secure a

Nov 22, 2022

Signature-server - stores transaction blobs and uses predefined secret key to sign and verify those transactions

Signature Server Signature server stores transaction blobs and uses predefined s

Feb 14, 2022

Small utility to sign a small json containing basic kyc information. The key generated by it is fully compatible with cosmos based chains.

Testnet signer utility This utility generates a signed JSON-formatted ID to prove ownership of a key used to submit tx on the blockchain. This testnet

Sep 10, 2022

Go implementation of Ethereum proof of stake

Prysm: An Ethereum Consensus Implementation Written in Go This is the core repository for Prysm, a Golang implementation of the Ethereum Consensus spe

Jan 1, 2023

A Commander for Go implementation of official Ethereum Client

Young A Commander for Go implementation of official Ethereum Client by zhong-my. Overview Young Dependencies Young stands on the shoulder of many grea

Oct 14, 2021

Official Golang implementation of the Ethereum protocol

Go Ethereum Official Golang implementation of the Ethereum protocol. Automated builds are available for stable releases and the unstable master branch

Nov 24, 2021

ECIES implementation forked of the `crypto/ecies` package from Ethereum

# NOTE This implementation is direct fork of Kylom's implementation. I claim no authorship over this code apart from some minor modifications. Please

Dec 7, 2021

A permissioned implementation of Ethereum supporting data privacy

A permissioned implementation of Ethereum supporting data privacy

GoQuorum is an Ethereum-based distributed ledger protocol with transaction/contract privacy and new consensus mechanisms. GoQuorum is a fork of go-eth

Dec 31, 2022

Official Go implementation of the Ethereum protocol

Go Ethereum Official Golang implementation of the Ethereum protocol. Automated builds are available for stable releases and the unstable master branch

Jan 8, 2023
Comments
  • Signing Message With Ledger Fails to Verify

    Signing Message With Ledger Fails to Verify

    Hello

    I'm currently testing SIWE with a Ledger Wallet and get the following error: invalid compact signature recovery code when I try to Verify the signature.

    I'm currently using this version of the package: v0.0.0-20220218031631-8d1130da4d8f

    Could you shed some light on what can be the issue here?

Related tags
Cryptography siwe-go
Ethereum go-ethereum - Official Golang implementation of the Ethereum protocol

Go Ethereum Official Golang implementation of the Ethereum protocol. Automated b

Feb 17, 2022
Converts Eth2 EIP-2335 scrypt keystores to pbkdf2 keystores (and vice-versa).

eth2-keystore-converter Converts Eth2 EIP-2335 scrypt keystores to pbkdf2 keystores (and vice-versa). Usage Converting a scrypt keystore to pbkdf2 usi

May 13, 2022
Convert any EIP-2335 keystores to scrypt or pbkdf2

eth2-keystore-converter Converts Eth2 EIP-2335 scrypt keystores to pbkdf2 keysto

May 13, 2022
Go-ethereum - Official Golang implementation of the Ethereum protocol

Go Ethereum Official Golang implementation of the Ethereum protocol. Automated b

Jan 4, 2022
Go language implementation of a blockchain based on the BDLS BFT protocol. The implementation was adapted from Ethereum and Sperax implementation

BDLS protocol based PoS Blockchain Most functionalities of this client is similar to the Ethereum golang implementation. If you do not find your quest

Oct 14, 2022
LEO (Low Ethereum Orbit) is an Ethereum Portal Network client.

LEO LEO (Low Ethereum Orbit) is an Ethereum Portal Network client. What makes LEO different from other Portal Network clients is that it uses libp2p f

Apr 19, 2022
Ethereum-vanity-wallet - A fork of https://github.com/meehow/ethereum-vanity-wallet but the key can be exported to a JSON keystore file

ethereum-vanity-wallet See https://github.com/meehow/ethereum-vanity-wallet This version: doesn't display the private key let's you interactively expo

Jan 2, 2022
This library aims to make it easier to interact with Ethereum through de Go programming language by adding a layer of abstraction through a new client on top of the go-ethereum library.

Simple ethereum client Simple ethereum client aims to make it easier for the developers to interact with Ethereum through a new layer of abstraction t

May 1, 2022
A dead simple tool to sign files and verify digital signatures.

minisign minisign is a dead simple tool to sign files and verify signatures. $ minisign -G

Dec 16, 2022
Generate and sign TSL certificates with ease.

certctl Manage certificates with ease.

Oct 20, 2022