Generating an Ethereum-signed message signature in Delphi
In a previous article, we connected Delphi to a Smart Contract. In this article, we will generate an Ethereum-signed message signature in Delphi.
Cryptographic signatures are a foundational computer science primitive that enables blockchain technology.
Before we proceed to signature signing and verification, let’s start by looking at asymmetric cryptography and the ECDSA algorithm used by the Ethereum blockchain.
Modern cryptography is founded on the idea that the key that you use to encrypt your data can be made public while the key that is used to to decrypt your data can be kept private. As such, these systems are known as asymmetric cryptography.
We can talk for hours about asymmetric cryptography but you don’t really need to understand the math behind it. The important thing to take away is that thanks to a complex mathematical puzzle, what you encrypt with a public key can only get decrypted by the private key.
Ethereum uses the ECDSA elliptic curve algorithm because the computational performance is economical compared to other asymmetric algorithms such as RSA or Diffie-Hellman. Also, it is rumored that ECDSA was picked because it has the least likelihood of having backdoors implanted by the NSA.
Each account in the Ethereum network has a public key and a private key. These keys are generated when you create a new blockchain “account”. An Ethereum address is essentially a hashed version of the public key.
Accounts can use their private key to sign a piece of data, returning a signature of that data.
Anyone can then verify the generated signature to:
- Recover the address of the signer, and
- Verify the integrity of the message, that it is the same message that was signed by the signer.
While signatures are a fundamental building block to Ethereum transactions, they have other use cases besides writing data to the blockchain.
Because signatures provide cryptographic proof that someone owns an address on the blockchain, they allow for secondary use cases such as meta transactions.
Using Delphereum, you can now sign messages entirely off-chain in Delphi, without interacting with the Ethereum network. Signing and the verification of messages allows tamper proof communications outside of the blockchain.
Generating the Signature
Please note that you will need to replace the private key in the example above with your own.
Warning! You should never give your private key to anyone. You should write your private key down on a piece of paper, and then store that in a safe. Every time a piece of software asks you for your private key, a big red alarm must go off in your head and you should double verify what you are doing.
Validating the Signature
Solidity provides a globally available function named
ecrecover that returns an address given a signature. If the returned address is the same as the signer’s address, then the signature is valid.
Because we don’t want to write a Smart Contract at this time, we will be using the following service on etherscan:
This page will allow you to verify any Ethereum-signed message signature. Please enter your Ethereum address, the generated signature and the message that has to be verified.
Note that any attempt to tamper the message or signature will result in an address that is different than the signer’s address. This ensures that the integrity of the message and signer can be enforced.
Congratulations! You have just generated a cryptographic signature in Delphi, and then verified that signature on etherscan.
In the next article, we will build on this concept and sign a transaction so that we can send cryptocurrency over the network.