Signing messages with a wallet is a fundamental security practice in a blockchain environment. It verifies ownership and ensures the integrity of data. Here's how to use the wallet.signMessage
method to sign messages:
// #import { WalletUnlocked, hashMessage, Signer };
const wallet = WalletUnlocked.generate({ provider });
const message = 'my-message';
const signedMessage = await wallet.signMessage(message);
// Example output: 0x277e1461cbb2e6a3250fa8c490221595efb3f4d66d43a4618d1013ca61ca56ba
const hashedMessage = hashMessage(message);
// Example output: 0x40436501b686546b7c660bb18791ac2ae35e77fbe2ac977fc061922b9ec83766
const recoveredAddress = Signer.recoverAddress(hashedMessage, signedMessage);
// Example output: Address {
// bech32Address: 'fuel1za0wl90u09c6v88faqkvczu9r927kewvvr0asejv5xmdwtm98w0st7m2s3'
// }
The wallet.signMessage
method internally hashes the message using the SHA-256 algorithm, then signs the hashed message, returning the signature as a hex string.
The hashMessage
helper gives us the hash of the original message. This is crucial to ensure that the hash used during signing matches the one used during the address recovery process.
The recoverAddress
method from the Signer
class takes the hashed message and the signature to recover the signer's address. This confirms that the signature was created by the holder of the private key associated with that address, ensuring the authenticity and integrity of the signed message.
Signing a transaction involves using your wallet to sign the transaction ID (also known as transaction hash ) to authorize the use of your resources. Here's how it works:
Generate a Signature
: Using the wallet to create a signature based on the transaction ID.
Using the Signature on the transaction
: Place the signature in the transaction's witnesses
array. Each Coin / Message input should have a matching witnessIndex
. This index indicates your signature's location within the witnesses
array.
Security Mechanism
: The transaction ID is derived from the transaction bytes (excluding the witnesses
). If the transaction changes, the ID changes, making any previous signatures invalid. This ensures no unauthorized changes can be made after signing.
The following code snippet exemplifies how a Transaction can be signed:
const request = new ScriptTransactionRequest({
gasLimit: 10000,
});
request.addCoinOutput(Address.fromRandom(), 1000, provider.getBaseAssetId());
const txCost = await wallet.getTransactionCost(request);
request.gasLimit = txCost.gasUsed;
request.maxFee = txCost.maxFee;
await wallet.fund(request, txCost);
const signedTransaction = await wallet.signTransaction(request);
const transactionId = request.getTransactionId(provider.getChainId());
const recoveredAddress = Signer.recoverAddress(transactionId, signedTransaction);
request.updateWitnessByOwner(recoveredAddress, signedTransaction);
const tx = await provider.sendTransaction(request);
const result = await tx.waitForResult();
Similar to the sign message example, the previous code used Signer.recoverAddress
to get the wallet's address from the transaction ID and the signed data.
When using your wallet to submit a transaction with wallet.sendTransaction()
, the SDK already handles these steps related to signing the transaction and adding the signature to the witnesses
array. Because of that, you can skip this in most cases:
await wallet.fund(request, txCost);
const tx = await wallet.sendTransaction(request);
const result = await tx.waitForResult();