Sign message
ArConnect Injected API signMessage() function
This function allows creating a cryptographic signature for any piece of data for later validation.
data
ArrayBuffer
The data to generate the signature for
options?
Configuration for the signature
Note: This function requires the SIGNATURE
permission.
Note: This function should only be used to allow data validation. It cannot be used for on-chain transactions, interactions or bundles, for security reasons. Consider implementing sign()
, signDataItem()
or dispatch().
Note: The function first hashes the input data for security reasons. We recommend using the built in verifyMessage()
function to validate the signature, or hashing the data the same way, before validation (example).
Note: The options
argument is optional, if it is not provided, the extension will use the default signature options (default hash algorithm: SHA-256
) to sign the data.
Options
Currently ArConnect allows you to customize the hash algorithm (SHA-256
by default):
Example usage
Verification without ArConnect
You might encounter situations where you need to verify the signed message against an ArConnect generated signature, but the extension is not accessible or not installed (for e.g.: server side code, unsupported browser, etc.).
In these cases it is possible to validate the signature by hashing the message (with the algorithm you used when generating the signature through ArConnect) and verifying that against the ArConnect signature. This requires the message to be verified, the signature and the wallet's public key. Below is the JavaScript (TypeScript) example implementation with the Web Crypto API, using SHA-256
hashing:
Last updated