Skip to content

wallet_verifySignature

Verifies a signature from a key associated with an account.

The account and key must exist on-chain, unless it is a PREP account created through wallet_createAccount.

The validity of the signature is returned along with a proof that can be executed using e.g. eth_call.

Keys

There exists three different key roles:

  • Admin keys are capable of adding and modifying other keys, and capable of spending an unlimited amount of tokens and calling any contract and selector.
  • Normal keys can only call contracts as defined by the permissions set on it, and spend the amount of tokens afforded to it by permissions.
  • Session keys are like normal keys, except they also have an expiry.

Setting permissions on an admin key is not allowed and will return an error.

For complete details on keys, including their signature encoding, public key encoding, and key hashes, refer to the Key section.

Request

type Request = {
  // id of the key to verify the signature with or an address of an account.
  // If address is specified, signature will be attempted to verify against
  // all of account keys until a match is found.
  keyIdOrAddress: `0x${string}`,
  // digest of the message to verify
  digest: `0x${string}`,
  // signature bytes
  signature: `0x${string}`,
  chainId: `0x${string}`,
}

Response

type Response = {
  valid: boolean,
  proof?: {
    // address of an account (either delegated or stored) that the signature was verified against.
    account: `0x${string}`,
    // the key hash that signed the digest.
    keyHash: `0x${string}`,
    // PREP account initialization data
    prepInitData?: `0x${string}`,
    // signature proving that account is associated with the requested `keyId`
    idSignature?: {
      y_parity: boolean,
      r: `0x${string}`,
      s: `0x${string}`,
    },
  }
}

Verification

Signature is always verified against an account (either deployed or stored in RPC storage). account contains the account address the signature was verified against.

To verify that provided account is indeed tied to the provided keyId, user can either

  1. Query the AccountRegistry contract.
  2. Verify the returned idSignature. It is only returned for accounts that are not yet delegated.

To verify that the signature is valid for the returned account, user can call unwrapAndValidateSignature on the returned account. For non-delegated PREP accounts, this call will have to be preceded by initializePREP with prepInitData and a state override delegating the account to Delegation contract.