Aside from performing transactions and interacting with smart contracts, an EOA (What is an EOA?) is also capable of signing a message. Similarly with the aforementioned activities, signing a message can only be done if you have access to the EOA's private key - which is why signing a message is commonly practiced as a way to verify someone's ownership of an address. It is also how we verify the ownership of a contract address on Etherscan!
Signing a message with an EOA results in a signature hash - a string of characters (that looks like the transaction hash, albeit longer in length) that is unique to a specific signed message (like how a transaction hash is unique to one specific transaction). This is why the message signature hash is crucial in verifying that a message was indeed signed by the EOA that the signer claims to own.
Now that we've cleared the basics, let's jump straight to the highlight - our revamped Verified Signatures Tool.
Accompanying the sleek UI enhancement is the new feature to sign and publish a message directly on Etherscan.
Signing a message
To sign a message, click on the Sign Message button and you will be prompted to connect to our website via either MetaMask or WalletConnect. Once connected, you can enter the message that you want to sign and click Sign Message. Done! You should see the signature hash for your signed message right afterward.
To make it easier to share the signed message elsewhere, you can opt to publish the signed message on our website. Published messages are hosted on our website and its public URL is yours to use. But be mindful of sensitive or personal information in the signed message before publishing it.
Verifying a message
Verifying a message means verifying whether a message is really written (signed) by an address. For example, imagine that you're looking to contact the owner of an NFT you'd really like to buy. An anonymous online account approaches you claiming to be that owner. You can ask them to sign a message using the address and provide you with the signed message details. Then you can verify its authenticity using our tool.
If that person signs using MyEtherWallet, the signed message would typically look like this:
To verify this signed message, click on the Verify Signature button on our Verified Signatures page and enter the message details into their respective fields.
- Address = The signer's address
- Message = The entire message that was signed by the signer's address. Make sure to copy everything between the first and the last "..." and not to leave or add any character from the signed message. An additional or missing character may result in failure to verify.
- Signature Hash = Usually stylized as "sig". Do take note that some signature hash tools have the first two characters, "0x", missing - like the sample signature hash above. In this case, make sure to add 0x before entering the whole signature hash into the field.
- Options = Choose to either verify the signed message or publish the signed message upon verification (again, be mindful of sensitive or personal information in the signed message before publishing it).
Unpublishing a signed message
If you have accidentally or wrongly published a signed message, you can have it unpublished by signing a message using the same signer address as the one in the published signed message following the template below:
[Etherscan.io dd/mm/yyyy hh:mm:ss] I, hereby request that the Verified Signature #[InsertSignedMessageIDHere] be removed from Etherscan.io]
After signing the above message, send us the signed message details (like the MyEtherWallet sample above) through our Contact Us page and one of our team members will get back to you as soon as possible.