Move Signatory Verification with airSlate SignNow

Void signatory template

in this video I'm gonna show you how to sign and verify messages to assign a message you first create a message to sign and then you hash the message and then you sign the hash of the message to sign the hash you're gonna need your private key of your eternium account and you want to keep your private key or secret so you will do the actual signing without interacting with us my kata and to verify a signature you will first recreate the hash from the original message and then you would recover the signer from the signature and hash and finally you would compare the recovered signer to the claimed signer let's imagine that we're signing a check from a bank account so we need three informations the person that were signing the check to the amount that this person can withdraw from our account and what they don't know about what this check is for and lastly we're gonna need a unique identifier called announce so that we can invalidate the check wants the person withdrawals from our account will declare this function as public peer and it's gonna be tender 32 bytes hash of the inputs and inside our get message hash function will return the catch at 256 Bob our inputs so this function here covers steps one and two of signing now when we sign the message - it's actually not the message hash itself that is being signed what's actually being signed is this you prefix the message that you're going to sign with ether um sign message followed by the length of the message and then finally the message itself you take all of this and hash it using catch up to 56 and that is the message that is actually being signed so when we sign the message hash the actual message that will be signed is the prefix eternium sign message since the message has is 32 bytes here the length will be 32 and then followed by the message ash and then you take the cat chapter 56 of the whole thing so you'll write a function to recreate that the input of this function will be the message hash from the function of up and since it's going to create another hash it's going to return by it's 32 inside the function it's gonna return the catch up to 56 of the prefix eternam sighing message followed by the length of the message which will be 32 and the actual message which is going to be the message hash that is passed from the input so that completes the code for the function that recreates the hash that is actually being signed now to actually sign the message I'll show you later after we deploy this contract moving on I'm gonna show you how to verify a signature given a message hash first I'm gonna write the function that paints the big picture and then we'll work our way down into the details to verify a signature we need several inputs and the address that claims to be the signer of the message the parameters that was used to create the message hash and the signature itself and the function will return true if the signer is indeed the owner of the signature you'll first recreate the message hash from the inputs and then compute the hash that was actually signed the function recover signer which we all write out later will take in the hash that was signed and the signature and it will be turned the address of the signer so we are compared with the signer that we think should have signed the message and then we turn the comparison the function recover Steiner is gonna fake each side message hash and the signature as input and it's gonna output an address based on the message hash and the signature to recover the signer we first need to split the signature into three parameters or s and B now you don't need to understand what these parameters all you need to understand here is that these parameters I needed to call the built-in function EC recover to call the function GC recover you first need a pass in the hash that was signed and then the parameter is B R in s that we split from the signature and this function will try to compute the address that signed the hash and return a 0 address if the signature is invalid so that completes the call to recover designer let's now work on the function split signature which we have not defined yet the function split signature is going to take the signature as input and it's going to return the T parameters are as can be needed to call EC recover will first require that the length of the signature is equal to 65 since 32 first output 32 for the second output and 1 for the last output is equal to 65 now to actually split the bytes the only way to do it at this moment is to use assembly and don't worry if you don't understand this part since you won't be using assembly much now to get the first output from the signature this is how you do it at X Y will return X plus y so what does it mean to that 32 to the signature well you're not going to be adding 32 to the actual signature signature is a dynamic data type so what's being stored inside the variable C is a pointer to where the actual signature is stored in other words the starting position of the signature being stored in memory and when you add 32 you move the starting position by 32 effectively skipping the first 32 bytes why do you skip the first 32 bytes and this is because dynamic array store the length of the array in the first 32 bytes so the signature itself starts after skipping the first 32 bytes when you call the function endo with an input of P it builds the next 32 bytes starting at the memory address P so putting it all together this line of code will skip the first 32 bytes and then load the next 32 bytes and then assign it to the variable R and to get the value for the s we will do something similar to what we did to get the R value here we need to skip 64 bytes since the first 32 bytes stores the length of the signature and the next study 2 bytes stores the value for R so the value for s starts after skipping the first 64 bytes and to get the value B we need to skip the first 96 bytes and then get the first bite after so this is how you get our SMB value from the signature and that covers the code for how to verify a signature let's now compile and deploy the contract and I'll show you example of how to sign and verify a message and for this example you're going to need meta mask which is a eternium wallet that you can install inside your browser so here I deployed the contract I will create the message hash to sign and then later verify the signature and let's now go through these steps first we'll create the message hash to sign so you'll call the get message hash function and for the inputs I'll pass in the second account for the number I'll pass in 1 2 3 4 the message all passing in coffee and donuts and then for the nouns or pass in one and then call the function and that's the hash that we're going to be signing and to sign the hash we need to allow remix to connect to metal mask and you can do that by hitting f12 and opening the JavaScript console and then typing the 30 end of enable this will open up the metal mask so go ahead and type in your password to unlock it and then hit connect so now you'll have access to meta mask inside the browser console and we can sign the hash inside the browser now first of all assign the hash to a variable named hash and to sign the hash you'll need to call what the personal dot sign pass in the hash followed by the account that we're going to use to sign - in this case we will use the default account that is available to meta mask and you can access that by calling web 3.8 the default hotel and then finally we will console the result so you'll see a pop-up like this and hit sign and that is our signature and the signature will be different for different accounts now to verify the signature we're gonna need the address of the signer and we can get it by calling web 3 the the default account again so that was the address that was used to sign the message and to verify the signature I'm gonna paste the signer in here and then passing the parameters that was used to sign it and then the signature itself then head verified and you can see that the function verified returned to now if you change the parameter even by a little for example instead of sending one two three will add extra zero and then hit verify and you can see that the function returns false likewise if we keep the message the same but changed the signature so for example changing the signature by one number and then hit verify it would again return false so in summary if you changed the original message or the signature even by a little bit then the signature is no longer valid that's all I got to say about signature verification thanks for watching and have a nice day