2

Trying to figure out the best approach to this. Working on a web3j/ethereum app, I need a way to verify an address is generated and in use by the app user by a server. My approach idea:

  1. Use the private ethereum key the sign/encrypt a message
  2. Send encrypted message ("abc" for example) and ethereum address to server
  3. Server decrypts message using ethereum address sent
  4. Checks the message is same as"abc" and if so validates address

Is this possible in web3j or web3js (which could be used for server side). Or is there a better approach?

Raghav Sood
  • 81,899
  • 22
  • 187
  • 195
web derpveloper
  • 83
  • 1
  • 9

1 Answers1

4

Use the private ethereum key the sign/encrypt a message

This is certainly possible, but encryption functionality is not exposed by web3. You would need to use a regular ECDSA library to handle encryption. Signing, however, can be done through web3.

Server decrypts message using ethereum address sent

It is not possible to recover the public key from the ethereum address. It is possible to recover it from the signature, however. You would need your receiving server to run ecrecover, and then decrypt the text.

Checks the message is same as"abc" and if so validates address

Once you have decrypted the payload, equality checks are easy enough. To validate the address, you must run the recovered public key through keccak256, and then verify the last 20 bytes of the hash are the same as the address you received.

Raghav Sood
  • 81,899
  • 22
  • 187
  • 195
  • Do you know of any other java library that would help with doing encryption/decryption with an ethereum pub-key? – tObi Dec 14 '21 at 18:56