DEV Community

Muhammad Auzair
Muhammad Auzair

Posted on

Signature Verification in solidity


Signature verification plays a crucial role in ensuring the integrity and authenticity of data in various applications, especially in the blockchain domain. In this article, we will explore how to perform signature verification using the ECDSA (Elliptic Curve Digital Signature Algorithm) algorithm in the OpenZeppelin framework. OpenZeppelin provides a comprehensive set of smart contracts and libraries for building secure and auditable decentralized applications (dApps) on the Ethereum blockchain.


To follow along with this tutorial, you should have a basic understanding of Ethereum, smart contracts, and the Solidity programming language. Additionally, you will need to open up the remix tool on your browser .

Step 1: Setting Up the Project on remix

  1. Open your web browser and navigate to the Remix IDE website:
  2. Create a new file by clicking on the "+" button in the File Explorer panel.
  3. Save the file with the extension .sol, e.g., SignatureVerification.sol.

Step 2: Implementing Signature Verification

In the newly created file, define the Solidity contract and import the required OpenZeppelin contracts:

   pragma solidity ^0.8.0;

   import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
   import "@openzeppelin/contracts/utils/Address.sol";

   contract SignatureVerification {
       using ECDSA for bytes32;
       using Address for address;

       function verifySignature(
           bytes32 message,
           address signer,
           bytes memory signature
       ) public pure returns (bool) {
           bytes32 hash = message.toEthSignedMessageHash();
           address recoveredSigner = hash.recover(signature);
           return signer == recoveredSigner;
Enter fullscreen mode Exit fullscreen mode


The using statements enable the use of ECDSA and Address utility functions from OpenZeppelin within the contract. The verifySignature function takes in the message, expected signer address, and signature, and verifies the signature's validity.

The verifySignature function takes the keccak256 hash value of the message.It also takes the signer address which is the person who signed the message and at last it takes the signature. It returns a bool value stating that has the signer signed the message or not.

First of all, we add the prefix '\x19Ethereum Signed Message:\n' using the toEthSignedMessageHash function on the keccak256 message.While signing the message this is automatically added to the signature Hence we also have to do the same.

After that, we recover the address from the signature and the hashed values and we check to see if the address matches that of the signer or not.

Step 3: Generating Signature on Backend

Now to generate the signature we will use python and web3 module. You can use node.js as well

  1. Make sure you installed web3 module onin your enviroment.
  2. Create a file and add the following contents to it.
from web3 import Web3, Account

# Initialize Web3 provider
web3 = Web3(Web3.HTTPProvider(''))

# Private key of the account signing the data
private_key = 'YOUR_PRIVATE_KEY'

# Data to be signed
data_to_sign = b'Test Data'

# Generate the signature
account = Account.privateKeyToAccount(private_key)
signature = web3.eth.account.sign(data_to_sign, private_key=account.privateKey)

# Get the signature components
r = signature.r
s = signature.s
v = signature.v

# Print the signature components
print(f'r: {r}')
print(f's: {s}')
print(f'v: {v}')

Enter fullscreen mode Exit fullscreen mode


In this article, we've explored how to implement signature verification using the ECDSA algorithm in OpenZeppelin. By leveraging OpenZepplin library.

Top comments (5)

mary_andree_b2c2ae1e22639 profile image
Mary Andree

Thanks for the good explanation

g33knoob profile image

Nice article about solidity sign, im on my way to learn solidity

muhammad_auzair profile image
Muhammad Auzair

Thanks, acutally this is my very first article that I have ever written.

muhammad_auzair profile image
Muhammad Auzair

Thanks, I really appriciate if you tell your friends about it :)