Fantastic video, thank you. Can the verification part be done in a backend such as a NodeJS REST API, that takes the signature, address and message in the request body. Then perform the verification in that API to authenticate/authorize the endpoint call and process the call. Would this be a valid form of authorizing API requests to a rest API?
Great video, is it possible to add a const during the signing process to check ownerOf (to authenticate the user by verifying they have a specific NFT in their wallet) Thanks!
Hi Artur, I don't really get what all the xyz.js packages are all about. And please don't assume everybody knows how to set up the Coding environment. Once it is set up then progress can be made by following along with the Code. BUT I LIKE YOUR STYLE so don't be afraid to repeat and develop that Remix Video you did. You could add a Time function and a simple GUI. How would you interact with the Deployed Contract once the Remix IDE had been closed for example ? H
Tutorial is awesome but I think it's not the better way to prompt user for signature. Because that signature can be used multiple times. What do you think about it Sir?
Signing is 100% as you see exactly what do you sign inside your wallet prompt. If somebody give you transaction to sign then you'd see it. The signature cannot be used for other purpose like moving the funds or calling certain contract as then the message is different.
Depends on use-case. If you want to create session for signer then you need to do it on your backend. However, you can save message and signature and validate it on client if necessary.
no. You would just sign an empty message (which I'm not sure is actually possible). That signature cannot be used for moving tokens, selling NFTs, or whatever is crucial to your safety.
@@ArturChmaro but is there a way that an hacker can get my private key from a website probably sending me a phishing link and from that link get my private key
@@okunadetosin6018 no its just not possible that website can extract a private key. There are tons of protocols and apps that are asking for signatures. User has to manually take out the private key and hand over it to the attacker. That's the phising method that works almost everywhere and you can't do much about it 🙄
@@unityhui7116 Same package for signing (ethers), but additional building blocks like DB, session persistence, and simple backend endpoint to store user data.
@@ArturChmaro can anyone control a compromised wallet which was due to unwanted links due to phishing..now a ledger can control the signing and every other transaction with respect to the compromised wallet..
🎁 Web3 Starter for JS Devs (free email course): @t
Artur you are a genius and a great coder. I found this video simple to follow and the sandbox added plenty of value.
Glad it was helpful!
I could not find a page where I could sign adhoc messages with Metamask. This is perfect!
Great video ! Does this only work for Metamask wallets or does it check for the presence of any wallet installed on the browser?
Saved my life! Thanks, that's exactly what I was looking for.
Awesome, glad it was useful for you Daniil!
thanks its handy tool to verify the signatures!!
Super duper helpful! Thank you so much for this tutorial!
Can we send data while in the same time includes certain amount of ether, it's like sending money with notes in it?
Showing error provider not found how can we solve in linux based visual studio for ether providier? please help regarding this
Fantastic video, thank you. Can the verification part be done in a backend such as a NodeJS REST API, that takes the signature, address and message in the request body. Then perform the verification in that API to authenticate/authorize the endpoint call and process the call. Would this be a valid form of authorizing API requests to a rest API?
Exactly you can do it on your backend side and use that for auth (set cookie or whatever you like)
@@ArturChmaro great, thank you
Hi can I use this to sing a transaction on the NRG main net with Metamask? I need help.
Great video, is it possible to add a const during the signing process to check ownerOf (to authenticate the user by verifying they have a specific NFT in their wallet)
Thanks!
Yes, absolutely. You can take signature from given address and then query the chain to validate ownership of certain NFT.
great video, with great explanation, this is the content we need, do you have a full web3 development course?
Soon :)
Hi Artur, I don't really get what all the xyz.js packages are all about. And please don't assume everybody knows how to set up the Coding environment. Once it is set up then progress can be made by following along with the Code. BUT I LIKE YOUR STYLE so don't be afraid to repeat and develop that Remix Video you did. You could add a Time function and a simple GUI. How would you interact with the Deployed Contract once the Remix IDE had been closed for example ? H
Very useful content !
Glad you think so!
Thanks for this super useful video!
This was helpful. Thanks a lot ❤️
Glad it was helpful!
So we stored the signed message in a database? So that it can be used to verify later?
Depends on usecase. Sometimes you can store it, but for some cases (like login for instance) it's better to ask for fresh signature every single time.
Thx bro i need this so much !!
Glad I could help
you earned a subscriber
Tutorial is awesome but I think it's not the better way to prompt user for signature. Because that signature can be used multiple times. What do you think about it Sir?
In order to prevent reply attack you just have to add nonce/random string to it and validate on your backend
Hey, any suggestions about how to verify message with django on backend?
Not a Django expert, but I believe there must be some library for Python that allows you to do such things ;)
Hello, from a user perspective, is the act of signing a message 100% safe? i.e. can that action itself be used maliciously? Thanks
Signing is 100% as you see exactly what do you sign inside your wallet prompt. If somebody give you transaction to sign then you'd see it. The signature cannot be used for other purpose like moving the funds or calling certain contract as then the message is different.
Chciałbym zrobić coś unikatowego, stąd moje zapytanie: czy w react native jest możliwość pobrania ile czasu spędziliśmy na poszczególnych aplikacjach?
Niestety nie wiem czy jest to możliwe w RN.
Ideally, the verification step should be done in the backend right?
Depends on use-case. If you want to create session for signer then you need to do it on your backend. However, you can save message and signature and validate it on client if necessary.
If I sign a signature without any message, can that signature be misused?
no. You would just sign an empty message (which I'm not sure is actually possible). That signature cannot be used for moving tokens, selling NFTs, or whatever is crucial to your safety.
Can this method be used to generate your private key and sent to a someone else like an hacker?
No. Private key is not leaving wallet. Please familiarize with Public-key cryptography
@@ArturChmaro but is there a way that an hacker can get my private key from a website probably sending me a phishing link and from that link get my private key
@@okunadetosin6018 no its just not possible that website can extract a private key. There are tons of protocols and apps that are asking for signatures. User has to manually take out the private key and hand over it to the attacker. That's the phising method that works almost everywhere and you can't do much about it 🙄
Great vid! Thanks a lot
Glad you liked it!
Nice video brother! Just used it to implement authentication logic.
Awesome! Glad the content was useful for you mate 🔥I will do the “Sign-in with Ethereum” tutorial soon
@@ArturChmaro Awesome. What be staying tuned for that. But what is the difference? Different package?
@@unityhui7116 Same package for signing (ethers), but additional building blocks like DB, session persistence, and simple backend endpoint to store user data.
@@ArturChmaro Got ya. Sounds good bro.
@@ArturChmaro Brother did you uploaded the video? If yes kindly share the link, if not when will you update? Thanks in advance.....
great video
Thanks!
great video!
thank you sir very thank you
Most welcome
Nice! more about crypto please :)
Yes sir 🚀
respect
Artur, zaczniesz w przyszłości dodawać polski napisy dla mniej ogarniętych w ingliszu? Proszę
Na ten moment nie planuje. Opracowanie materiałów już i tak mi zajmuje dużo czasu. Napisy to niestety dodatkowa praca :(
Działasz hobbistycznie na środowisku ethereum, czy zmieniłeś pracę? :D
Ja w Ethereum robię w pracy jakoś od 2019 😅 zacząłem nagrywać bo mało contentu na YT o tym + challange by nagrywać po angielsku 🙂
@@ArturChmaro świetna robota l, sam staram się podszkolić w tym temacie 😀
@@mikoajchudy2688 Bardzo dobra decyzja, jak masz jakieś pytania, niejasności lub propozycje na content to wal śmiało!
@@ArturChmaro can anyone control a compromised wallet which was due to unwanted links due to phishing..now a ledger can control the signing and every other transaction with respect to the compromised wallet..
@@thechamboo if somebody else possesses your private key to the wallet then the wallet is compromised and shall not be used for anything
thx for sharing
My pleasure
nice
Algum Brasileiro aí mano?