verify broken?

[tayvano]

Hello, could it be the case that your verify message feature is broken? I am trying to verify the following msg that I believe was created using your sign message feature: {"address":"0xf73752c21404d457c502b23d3a81a1a179b86b3d","msg":"I, Tuan Le own this wallet. 0xf73752c21404d457c502b23d3a81a1a179b86b3d","sig": "0x4c515f099e93e3c90c5f40bc8237d961b2d89f6ce8a3afb54b7996d69ee8802b10b1b8fefe5c2d0045a7eea93e50f13d4145706ea5e2658a07d84a0aeaabbed21c","version":"2"}
2h 2 hours ago
etherchain.org
the console just prints the following error message: TypeError: Cannot read property 'getHWType' of undefined
at ChildScope.$scope.verifySignedMessage (etherwallet-master.js:2570)
at fn (eval at compile (etherwallet-master.js:44152), :4:177)
at callback (etherwallet-master.js:55774)
at ChildScope.$eval (etherwallet-master.js:46977)
at ChildScope.$apply (etherwallet-master.js:47077)
at HTMLAnchorElement. (etherwallet-master.js:55779)
at defaultHandlerWrapper (etherwallet-master.js:32707)
at HTMLAnchorElement.eventHandler (etherwallet-master.js:32695)

[Zwilla]

I’m on this atm, testing. I will come back with a pr

[Zwilla]

Will make a pr tomorrow.
0xf73752c21404d457c502b23d3a81a1a179b86b3d did sign the message I, Tuan Le own this wallet. 0xf73752c21404d457c502b23d3a81a1a179b86b3d.

Test it here: https://mytokenwallet.com/signmsg.html

Technical:
The problem was / is that the window has no scope to master, so we got an error, also if we did not unlock the / a wallet first we have no defined hwType, for that we got undefined.
Jo, one problem, but 4 files to change.

From user side:
Can not sign a message without unlocking any wallet before. So for a fast workaround just unlock any wallet and verify than.

Video:

• http://www.youtube.com/watch?v=QvoBAPHMz34

[Zwilla]

I’m going crazy. Working and discovering since yesterday you opened this issue.

Some more problems: (but solved the given issue)

Case one: I’m stupid
Case two: I’m idiot
Case 3: stupid and and idiot

let me collect the issues here:

• Sign message is using incorrect prefix ethereum/go-ethereum#14794
• Ethereum: support SignMessage/Verify Message trezor/trezor-mcu#163
• https://gist.github.com/bas-vk/d46d83da2b2b4721efb0907aecdb7ebd
• case signethmsg missing on popup.js trezor/connect#73 (comment)

It is only possible to verify a Trezor signed message with a Trezor Wallet

Also missing the (close Trezor session - function on popup.html (V3) I have very high security concerns about this shared Trezor session across all browsers )

Try to verify this Trezor signed message - without a Trezor:

Trezor signed message

{
  "address": "0x30460ff609cdff975fb41166da35e54a6ef71ee5",
  "msg": "Hi @channel, I’m stupid Zwilla from MyTokenWallet.com",
  "sig": "0xc7fe579c32b4505fa26470ce005923ebdd3ab035980448a1c2c1b6f74dbebc3c664d0128958a934302fa79c5b1b792ffa17744902505c1071bc69c555ac0bbbe1c",
  "version": "2"
}

---

Mnemonic Phrase signed message

{
  "address": "0x9db4200e51cde9003ca370b789e84970c3703645",
  "msg": "hi",
  "sig": "0xb01cc2f35c9be99d8d0ece6e5d86e902e74335fab1f3abc40e4aa3869da043eb60f4b3bd8d8ac2b98aee6bbad29c4038289f8b5e47e8cf8fc0f8c9d1d7e319b21c",
  "version": "2"
}

Can you change your label to high? Because it is not possible to verify a message outside of mew or mtw, to get other involved? Thx!

[tayvano]

The signing message mechanism in Ethereum is highly confusing and this has been a known issue for a while: https://medium.com/metamask/the-new-secure-way-to-sign-data-in-your-browser-6af9dd2a1527

The user could not sign nor verify before and they still can't. We're getting closer but we are not there yet unfortunately. ☹

[bkawk]

This may help...

            /**
            * create a signed message
            * @param {string} privateKey - The private key to sign the message with
            * @param {string} message - The message to be signed
            * @param {string} address - The address associated with the private key
            * @param {string} date - The date to append to the message
            * @returns {object} 
            */
            signMessage(privateKey, message, address, date) {
                return new Promise((resolve, reject) => {
                    if(privateKey && message && address && date){
                        const Buffer = util.Buffer.Buffer;
                        const hash = util.sha3(message + ' ' + date);
                        const signed = util.ecsign(hash, privateKey);
                        const combined = Buffer.concat([
                            Buffer.from(signed.r),
                            Buffer.from(signed.s),
                            Buffer.from([signed.v])
                        ]);
                        const signature = combined.toString('hex');
                        const signedMsg = JSON.stringify({
                            address: address,
                            message:  message + ' ' + date,
                            signature: '0x' + signature
                        });
                        resolve(signedMsg);
                    } else {
                        reject(Error('Missing Arguments'))
                    }
                });
            }


            /**
            * verify a signed message
            * @param {string} signature - The final signature starting with 0x
            * @param {string} message - The message before it was signed
            * @returns {string} address - The address that signed the message
            */
            verifyMessage(signature, message) {
                return new Promise((resolve, reject) => {
                    if(signature && message){
                        const {v, r, s} = util.fromRpcSig(signature);
                        const message = util.toBuffer(util.sha3(message));
                        const publicKey  = util.ecrecover(message, v, r, s);
                        const addressBuffer = util.publicToAddress(publicKey);
                        const address = util.bufferToHex(addressBuffer);
                        resolve(address);
                    } else {
                        reject(Error('Missing Arguments'))
                    }
                });
            }

[Zwilla]

will test it asap

[albpal]

If the hash signed contains the date, how we can get, after the transaction has been submitted, "the message before it was signed" parameter to pass to verifyMessage?

[rstormsf]

it still doesn't work. @tayvano

{
  "address": "0x3444bc7b064c5fcd628bd91b5d505624a157e54f",
  "msg": "2",
  "sig": "0x967a96670b79422febb53d7ffdff7c56ae62fe20a46aca5c59748236f3940abe56e76a393756b127392972909e443f0e23d74c21c3fe7166269e9334730d33b51c",
  "version": "2"
}

I get the same error

 Cannot read property 'getHWType' of undefined

[pyskell]

@tayvano @kvhnuke

To add to this it seems the problem is that in order to verify a message I first need to unlock a wallet on the sign message tab. Then I can verify.

Steps to reproduce:

1. Sign a message:

{
  "address": "0xe99a555a53d92004d657d4edb226747cbd96402f",
  "msg": "This is a test of the signing functionality of MEW.",
  "sig": "0x4dff3905bbd4528ad0d04df8cf2b58df421b77d292437ca576436b026ef59f81219657eae8367fdaab6ef12df56ba5f0868198d630415c513b47b8ccdc8244981c",
  "version": "2"
}

1. Close myetherwallet.com's window
2. Visit https://www.myetherwallet.com/signmsg.html in a new window
3. Click "Verify Message"
4. Enter signed message from the first step
5. Nothing happens

This is probably a bug where an unlocked wallet is expected for both sign and verify functionality but is only needed for signing.

Edit: This bug is only present in v3, v4 works as expected.