siwe

package module
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 27, 2025 License: Apache-2.0, MIT Imports: 14 Imported by: 0

README

Sign-In with Ethereum

This package provides a pure Go implementation of EIP-4361: Sign In With Ethereum.

Installation

SIWE can be easily installed in any Go project by running:

go get -u github.com/spruceid/siwe-go

Testing

To run the test suite, use:

go test ./... -v

Note: Running individual test files directly (e.g., go test siwe_test.go) will not work as it excludes package-level definitions. Always run tests at the package level using go test ./....

Usage

SIWE exposes a Message struct which implements EIP-4361.

Parsing a SIWE Message

Parsing is done via the siwe.ParseMessage function:

var message *siwe.Message
var err error

message, err = siwe.ParseMessage(messageStr)

The function will return a nil pointer and an error if there was an issue while parsing.

Verifying and Authenticating a SIWE Message

Verification and Authentication is performed via EIP-191, using the address field of the Message as the expected signer. This returns the Ethereum public key of the signer:

var publicKey *ecdsa.PublicKey
var err error

publicKey, err = message.VerifyEIP191(signature)

The time constraints (expiry and not-before) can also be validated, at current or particular times:

var message *siwe.Message

if message.ValidNow() {
  // ...
}

// equivalent to

if message.ValidAt(time.Now().UTC()) {
  // ...
}

Combined verification of time constraints and authentication can be done in a single call with verify:

var publicKey *ecdsa.PublicKey
var err error

// Optional domain and nonce variable to be matched against the
// built message struct being verified
var optionalDomain *string
var optionalNonce *string

// Optional timestamp variable to verify at any point
// in time, by default it will use `time.Now()`
var optionalTimestamp *time.Time

publicKey, err = message.Verify(signature, optionalDomain, optionalNonce, optionalTimestamp)

// If you won't be using domain and nonce matching and want
// to verify the message at current time, it's
// safe to pass `nil` in these arguments
publicKey, err = message.Verify(signature, nil, nil, nil)
Serialization of a SIWE Message

Message instances can also be serialized as their EIP-4361 string representations via the String method:

fmt.Printf("%s", message.String())

Signing Messages from Go code

To sign messages directly from Go code, you will need to do it like shown below to correctly follow the personal_sign format.

func signHash(data []byte) common.Hash {
	msg := fmt.Sprintf("\x19Ethereum Signed Message:\n%d%s", len(data), data)
	return crypto.Keccak256Hash([]byte(msg))
}

func signMessage(message string, privateKey *ecdsa.PrivateKey) ([]byte, error) {
	sign := signHash([]byte(message))
	signature, err := crypto.Sign(sign.Bytes(), privateKey)

	if err != nil {
		return nil, err
	}

	signature[64] += 27
	return signature, nil
}

Disclaimer

Our Go library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.

See Also

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ERC1271MagicValue = [4]byte{0x16, 0x26, 0xba, 0x7e}

ERC1271MagicValue is the value that must be returned by a contract's isValidSignature function to indicate a valid signature according to EIP-1271

View Source 
var IsValidSignatureSelector = [4]byte{0x16, 0x26, 0xba, 0x7e}

IsValidSignatureSelector is the function selector for the ERC-1271 isValidSignature function

Functions

func GenerateNonce 

func GenerateNonce() string

Types

type ExpiredMessage 

type ExpiredMessage struct {
	// contains filtered or unexported fields
}

func (*ExpiredMessage) Error 

func (m *ExpiredMessage) Error() string

type InvalidMessage 

type InvalidMessage struct {
	// contains filtered or unexported fields
}

func (*InvalidMessage) Error 

func (m *InvalidMessage) Error() string

type InvalidSignature 

type InvalidSignature struct {
	// contains filtered or unexported fields
}

func (*InvalidSignature) Error 

func (m *InvalidSignature) Error() string

type Message 

type Message struct {
	// contains filtered or unexported fields
}

func InitMessage 

func InitMessage(domain, address, uri, nonce string, options map[string]interface{}) (*Message, error)

InitMessage creates a Message object with the provided parameters

func ParseMessage 

func ParseMessage(message string) (*Message, error)

ParseMessage returns a Message object by parsing an EIP-4361 formatted string

func (*Message) GetAddress 

func (m *Message) GetAddress() common.Address

func (*Message) GetChainID 

func (m *Message) GetChainID() int

func (*Message) GetDomain 

func (m *Message) GetDomain() string

func (*Message) GetExpirationTime 

func (m *Message) GetExpirationTime() *string

func (*Message) GetIssuedAt 

func (m *Message) GetIssuedAt() string

func (*Message) GetNonce 

func (m *Message) GetNonce() string

func (*Message) GetNotBefore 

func (m *Message) GetNotBefore() *string

func (*Message) GetRequestID 

func (m *Message) GetRequestID() *string

func (*Message) GetResources 

func (m *Message) GetResources() []url.URL

func (*Message) GetStatement 

func (m *Message) GetStatement() *string

func (*Message) GetURI 

func (m *Message) GetURI() url.URL

func (*Message) GetVersion 

func (m *Message) GetVersion() string

func (*Message) String 

func (m *Message) String() string

func (*Message) ValidAt 

func (m *Message) ValidAt(when time.Time) (bool, error)

ValidAt validates the time constraints of the message at a specific point in time.

func (*Message) ValidNow 

func (m *Message) ValidNow() (bool, error)

ValidNow validates the time constraints of the message at current time.

func (*Message) Verify 

func (m *Message) Verify(signature string, domain *string, nonce *string, timestamp *time.Time, provider Provider) (*ecdsa.PublicKey, error)

Verify validates time constraints and integrity of the object by matching it's signature.

func (*Message) VerifyEIP191 

func (m *Message) VerifyEIP191(signature string) (*ecdsa.PublicKey, error)

VerifyEIP191 validates the integrity of the object by matching it's signature.

func (*Message) VerifyERC1271 

func (m *Message) VerifyERC1271(ctx context.Context, signature string, provider Provider) error

VerifyERC1271 validates the signature using EIP-1271 contract verification

type Provider 

type Provider interface {
	// CallContract performs a contract call and returns the raw response
	CallContract(ctx context.Context, to common.Address, data []byte) ([]byte, error)
}

Provider allows making calls to the blockchain for contract verification

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.