This library proves ownership of an Ethereum wallet to off-chain verifiers. To create proof of ownership, a signing function must be provided that allows the user to sign some typed-data with their private key, thus proving they own the wallet. The verifier will check that the signature of the signer matches the wallet address to check, and that the contents of the signed typed-message are valid. The proof consists of a string of a base64 version of the message concatenated with a '.' and the base64 version of the signature.
npm install @identity.com/prove-ethereum-wallet
or
yarn add @identity.com/prove-ethereum-wallet
Prove ownership of an Ethereum wallet
Prover side:
const { create } = require('@identity.com/prove-ethereum-wallet');
const ownerWallet = Wallet.createRandom();
const proof = await create((domain, types, message) => wallet._signTypedData(domain, types, message), { message: '<verifierUrl>' });
Verifier side:
const { verify } = require('@identity.com/prove-ethereum-wallet');
const success = await verify(expectedOwnerAddress, proof, { message: '<verifierUrl>' });
The prove() function generates some typed-data, including an expiry timestamp and message and signs it with the wallet private key. For the transaction to be verified by the verify() function, it must:
- have an expiry that is before UTC now()
- be signed by the expected wallet address
- contain a matching message
The prove and verify functions can be configured as follows:
Optional Default:
export const defaultDomain: TypedDataDomain = {
name: "Proof Of Ethereum Wallet Ownership",
version: "1",
};
Optional Default:
export const defaultTypes: Record<string, Array<TypedDataField>> = {
PoWo: [
{ name: "expires", type: "string" },
{ name: "message", type: "string" },
],
};
Optional Default: empty
The message passed to check against the proof. This would normally be a nonce, or single use message to prevent the POWO from being re-used in a replay-attack.