Skip to content

A Rust implementation of EIP-4361 Sign In With Ethereum verification

License

Notifications You must be signed in to change notification settings

llamanodes/siwe-rs

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Sign-In with Ethereum

This crate provides a pure Rust implementation of EIP-4361: Sign In With Ethereum.

Installation

SIWE can be easily installed in any Rust project by including it in said project's cargo.toml file:

siwe = "0.4"

Features available:

  • serde for serialisation/deserialisation support;
  • ethers for EIP-1271 compliant contract wallets support; and
  • typed-builder for nicer verification options construction.

Usage

SIWE exposes a Message struct which implements EIP-4361.

Parsing a SIWE Message

Parsing is done via the Message implementation of FromStr:

let message: Message = string_message.parse()?;

Verifying and Authenticating a SIWE Message

Verification and Authentication is performed via EIP-191, using the address field of the Message as the expected signer. This returns the Ethereum public key of the signer:

let signer: Vec<u8> = message.verify_eip191(&signature)?;

The time constraints (expiry and not-before) can also be validated, at current or particular times:

if message.valid_now() { ... };

// equivalent to
if message.valid_at(&OffsetDateTime::now_utc()) { ... };

Combined verification of time constraints and authentication can be done in a single call with verify:

message.verify(&signature).await?;

Serialization of a SIWE Message

Message instances can also be serialized as their EIP-4361 string representations via the Display implementation of Message:

println!("{}", &message);

As well as in EIP-191 Personal-Signature pre-hash signing input form (if your Ethereum wallet does not support EIP-191 directly):

let eip191_bytes: Vec<u8> = message.eip191_bytes()?;

And directly as the EIP-191 Personal-Signature Hashed signing-input (made over the .eip191_string output):

let eip191_hash: [u8; 32] = message.eip191_hash()?;

Example

Parsing and verifying a Message is easy:

let message: Message = str.parse()?;
let signature: [u8; 65];

if let Err(e) = message.verify(&signature).await {
    // message cannot be correctly authenticated at this time
}

// do application-specific things

Disclaimer

Our Rust library for Sign-In with Ethereum has not yet undergone a formal security audit. We welcome continued feedback on the usability, architecture, and security of this implementation.

See Also

About

A Rust implementation of EIP-4361 Sign In With Ethereum verification

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Rust 100.0%