# 签名 登录 验证

By [point](https://paragraph.com/@point) · 2022-05-03

---

### 1\. etherjs签名

    async walletSignMessage(message) {
        const signer = await window.ethProvider.getSigner();
        const result = await signer.signMessage(message);
        return result;
      }
    

### 2.go后端验证

    func VerifySig(address, signature, msg string) bool {
       bytes := []byte(msg)
       fromAddr := common.HexToAddress(address)
       sig := hexutil.MustDecode(signature)
       if sig[64] != 27 && sig[64] != 28 {
          return false
       }
       sig[64] -= 27
       pubKey, err := crypto.SigToPub(signHash(bytes), sig)
       if err != nil {
          return false
       }
       recoveredAddr := crypto.PubkeyToAddress(*pubKey)
       fmt.Println(recoveredAddr)
       result := fromAddr == recoveredAddr
       return result
    }
    
    func signHash(data []byte) []byte {
        msg := fmt.Sprintf("\x19Ethereum Signed Message:\n%d%s", len(data), data)
        return crypto.Keccak256([]byte(msg))
    }
    

为了提高安全性，还可以在前端生成时加入salt，时间戳之类的限制

---

*Originally published on [point](https://paragraph.com/@point/9HtpYR6FKdaFW0VMQd40)*