In a previous article, we connected Delphi to a Smart Contract. In this article, we will generate an Ethereum-signed message signature in Delphi.
Cryptographic signatures are a foundational computer science primitive that enables blockchain technology.
Before we proceed to signature signing and verification, let’s start by looking at asymmetric cryptography and the ECDSA algorithm used by the Ethereum blockchain.
Modern cryptography is founded on the idea that the key that you use to encrypt your data can be made public while the key that is used to to decrypt your data can be kept private. As such, these systems are known as asymmetric cryptography.
We can talk for hours about asymmetric cryptography but you don’t really need to understand the math behind it. The important thing to take away is that thanks to a complex mathematical puzzle, what you encrypt with a public key can only get decrypted by the private key.
Ethereum uses the ECDSA elliptic curve algorithm because the computational performance is economical compared to other asymmetric algorithms such as RSA or Diffie-Hellman. Also, it is rumored that ECDSA was picked because it has the least likelihood of having backdoors implanted by the NSA.
Each account in the Ethereum network has a public key and a private key. These keys are generated when you create a new blockchain “account”. An Ethereum address is essentially a hashed version of the public key.
Accounts can use their private key to sign a piece of data, returning a signature of that data.
Anyone can then verify the generated signature to:
- Recover the address of the signer, and
- Verify the integrity of the message, that it is the same message that was signed by the signer.
While signatures are a fundamental building block to Ethereum transactions, they have other use cases besides writing data to the blockchain.
Because signatures provide cryptographic proof that someone owns an address on the blockchain, they allow for secondary use cases such as meta transactions.
Using Delphereum, you can now sign messages entirely off-chain in Delphi, without interacting with the Ethereum network. Signing and the verification of messages allows tamper proof communications outside of the blockchain.
Generating the Signature
Clone Delphereum. Launch Delphi. Start a new project. Please make sure the dependencies are in your search path. Then copy and paste the following code:
Please note that you will need to replace the private key in the example above with your own.
Warning! You should never give your private key to anyone. You should write your private key down on a piece of paper, and then store that in a safe. Every time a piece of software asks you for your private key, a big red alarm must go off in your head and you should double verify what you are doing.
If you do not have a wallet on the Ethereum main net, then you can create one on MyEtherWallet or MyCrypto.com. If you don’t want to create a wallet at this time, then you can use these test vectors:
public key:
0x12890d2cce102216644c59dae5baed380d84830c
private key:
b5b1870957d373ef0eeffecc6e4812c0fd08f554b37b233526acc331bf1544f7Validating the Signature
Solidity provides a globally available function namedecrecover that returns an address given a signature. If the returned address is the same as the signer’s address, then the signature is valid.
Because we don’t want to write a Smart Contract at this time, we will be using the following service on etherscan:
https://etherscan.io/verifiedSignaturesThis page will allow you to verify any Ethereum-signed message signature. Please enter your Ethereum address, the generated signature and the message that has to be verified.
Note that any attempt to tamper the message or signature will result in an address that is different than the signer’s address. This ensures that the integrity of the message and signer can be enforced.
Congratulations! You have just generated a cryptographic signature in Delphi, and then verified that signature on etherscan.
In the next article, we will build on this concept and sign a transaction so that we can send cryptocurrency over the network.
