Skip to content

Signing and Verifying Messages

Signing and verifying messages for smart accounts is different than with EOAs. There are a few reasons why:

  • With an EOA, the address is effectively the public key of the private key used for signing. Therefore, verifying a EOA signature is as simple as recovering the signature and compare the recovered public key with the address.

    • With a smart account, the address is the address of a smart contract that has no cryptographic link to the signing private key. Therefore, you must use ERC-1271 to validate the message.

  • With an EOA, you don't have to deploy the account. It just exists.

    • Since smart accounts need to be deployed, it may not be clear how you can validate messages against a smart account not yet deployed. However, that's actually possible thanks to ERC-6492.

If you are impatient, head straight to the API. Otherwise, read on to learn more about ERC-1271 and ERC-6492.

Understanding ERC-1271 and ERC-6492

TODO

API

Signing messages

Both the account and account client objects are able to sign messages:

const signature = await account.signMessage({
  message: 'hello world',
})
 
const signature = await kernelClient.signMessage({
  message: 'hello world',
})

If the account hasn't been deployed, a ERC-6492 signature will be generated.

Validating signatures

While you can validate signatures with ERC-1271, it's recommended that you use ERC-6492 since it works just like ERC-1271 if the account has been deployed, but it can also validate signatures for undeployed accounts.

To validate signatures with ERC-6492:

import { verifyEIP6492Signature } from '@zerodev/sdk'
import { hashMessage } from "viem"
 
await verifyEIP6492Signature({
  signer: account.address, // your smart account address
  hash: hashMessage('hello world'),
  signature: signature,
  client: publicClient,
})