Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Showing clearer data in the personal_sign signature #3931

Closed
bwheeler96 opened this issue Apr 8, 2018 · 17 comments · Fixed by #29232
Closed

Showing clearer data in the personal_sign signature #3931

bwheeler96 opened this issue Apr 8, 2018 · 17 comments · Fixed by #29232
Assignees
Labels
area-signatures release-12.11.0 Issue or pull request that will be included in release 12.11.0 team-confirmations Push issues to confirmations team type-enhancement

Comments

@bwheeler96
Copy link

Can we make the renderBody method configurable for personal_sign?

Without opening up the whole "how should off-chain data get signed" can of worms, it would be great if personal_sign could be configured in the RPC call to simply show the hex data rather than the utf8 encoded version. I'd rather have my users see 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470 instead of :&��K"b��>7� SS�/���Ļ�)֙�.�I��

Basically as a developer I have three options in my smart contracts

  1. Develop for eth_sign which has a very mean looking warning
    2.Develop for personal_sign which also looks scary to users when utf8 encoded
  2. Use signTypedData which is fantastic, but not supported by any other clients. I want to avoid designing an immutable contract to work with a spec that is only 50% supported. I could design support for both signTypedData and the traditional method, but now my smart contract needs to be aware of the different signing clients. Also not preferred.

I'm not looking to fix signing for the whole ecosystem, but if we could just make it a little more configurable in MetaMask for the time being that would be really cool.

SignatureRequest.prototype.renderBody = function () {

@nikitaeverywhere
Copy link

This issue should be easy to fix:

rows = [{ name: this.context.t('message'), value: this.msgHexToText(data) }]
(I suppose in this.msgHexToText(data) simply check whether data begins with 0x and if it is, do msgHexToText otherwise not).

Look, the deprecated sign does this in a better way:

chrome_2018-04-17_12-30-05-m

@danfinlay this should be very easy to fix, isn't it?

@bwheeler96
Copy link
Author

@danfinlay if you think this is qualifies as an issue that should be fixed, I'm happy to make a fix. I think that signing as hex should be available as a parameter, the same way web3.sha3 accepts { encoding: 'hex' } as an argument.

@danfinlay
Copy link
Contributor

Look, the deprecated sign does this in a better way:

Deprecated sign only shows hex ;)

I'm happy to make a fix.

I think your proposed solution is fine, and simple enough that I'd welcome you to make a PR.

bwheeler96 pushed a commit to bwheeler96/metamask-extension that referenced this issue Apr 19, 2018
Allows developers to specify the display encoding of a personal_sign request in the RPC call. Closes MetaMask#3931.

For example, requesting users to sign a sha3 hash with personal_sign would result in ugly UTF-8 renderings of hex data. Developers can now sign this data using `web3.personal.sign('0xabcdef', web3.eth.coinbase, { encoding: 'hex' }, callback)` and the data will be displayed as hex.
@kumavis
Copy link
Member

kumavis commented Apr 24, 2018

@bwheeler96 do any other clients support the encoding param?

@nikitaeverywhere
Copy link

nikitaeverywhere commented Apr 24, 2018 via email

@kumavis
Copy link
Member

kumavis commented Apr 24, 2018

@ZitRos how would you detect binary vs maybe chinese

@bwheeler96
Copy link
Author

@ZitRos I am personally opposed to the idea of implicit data type detection. However having a console warning if the data "looks like" it was signed using the wrong encoding is probably a good idea.

@kumavis I don't think so. I'm trying to see what default encoding Parity uses, IIRC they show hex for both but I can't get their new client running.

At this point there are a lot of competing philosophies for wallets design, with the prevailing sentiment being a very conservative "let's do nothing until everyone agrees". As a developer I would rather be required to code separately for a handful of different implementations with a good user experience today then have my UX suffer for years until we can make a unicorn standard that satisfies every stakeholder. (see: EIP712, and the lack of implementation on other clients).

I think whether we like it or not we're entering a brand new browser wars. Let's just embrace it.

@nikitaeverywhere
Copy link

nikitaeverywhere commented Apr 24, 2018 via email

@j0xhn
Copy link

j0xhn commented Sep 17, 2018

@bwheeler96 I see your branch was closed. Am I understanding correctly that your code was never merged in for this? Because trying now but not getting the desired results. Is there another workaround that you have found for better formatting?

@bwheeler96
Copy link
Author

@johndangerstorey nope you are out of luck. No way to sign hex and have it appear as hex AFAIK.

@NoahZinsmeister
Copy link
Contributor

See #5878 for a PR addressing this issue.

@danfinlay danfinlay added Sev3-low Low severity; minimal to no impact upon users type-enhancement labels Jan 5, 2021
@Gudahtt Gudahtt removed the Sev3-low Low severity; minimal to no impact upon users label Jan 5, 2021
@Gudahtt
Copy link
Member

Gudahtt commented Jan 5, 2021

It looks as though this was mostly addressed in #5878. Is an explicit encoding still needed at this point? I'm not sure how commonly this is encountered now that the 32-byte string case is dealt with.

@philipcmonk
Copy link

For our use it would still be nice, since we have the user sign a longer hex string, but it's still somewhat legible as a hex string (mainly, you can see the address you're sending to). We could ascii-encode the hex string, but then the verifier also has to ascii-encode, which is complexity we'd rather not include.

I share the aversion to implicit encoding detection. An "encoding" argument would work fine for us, but the easiest solution might be to show both the hex and the unicode interpretation.

@danjm danjm added the area-api label Sep 24, 2021
@vandan
Copy link

vandan commented Jul 19, 2022

What if we explicitly display both UTF-8 and raw hex string versions of the message they are being asked to sign within the wallet? @bschorchit should we simply encourage use of signTypedData_v4 method?

image

@bschorchit
Copy link

@vandan could you explain to me the advantages of displaying both? I've read through the comments but don't fully understand it.

Also the comment initially made on lack of wallet adoption for sign type data probably no longer applies. I do think we should lean towards encouraging the use of it instead of improving other methods, but happy to consider this if there's a good reason for it.

@vandan
Copy link

vandan commented Jul 21, 2022

@bschorchit - I believe the advantage would be that displaying both avoids the need for implicit data type detection. @BelfordZ can add more detail there. People may also want to sign a message that is not in UTF-8. These are the two encodings that would be most likely to come through (UTF-8 & raw hex).

In general though, I agree that the developers should be encouraged to adopt: signTypedData_v4, which represents the latest version of the EIP-712 spec.

@bschorchit I'm still curious if you think the solution suggested here might help end-users get better messaging for dapps that have not adopted signTypedData_v4?

@bschorchit bschorchit added area-personal_sign area-transactions team-confirmations-secure-ux DEPRECATED: please use "team-confirmations" label instead labels Sep 21, 2022
@hilvmason hilvmason added team-confirmations-planning (only for internal use within Confirmations team) and removed team-confirmations-secure-ux DEPRECATED: please use "team-confirmations" label instead labels Jun 5, 2023
@bschorchit bschorchit added team-confirmations Push issues to confirmations team and removed team-confirmations-planning (only for internal use within Confirmations team) labels Oct 24, 2024
@bschorchit
Copy link

As a solution, could we identify when displaying it as a UTF-8 makes it non readable (e.g. :&��K"b��>7� SS�/���Ļ�)֙�.�I��) and in those cases display it as a hex?

@jpuri jpuri self-assigned this Dec 16, 2024
github-merge-queue bot pushed a commit that referenced this issue Dec 19, 2024
…t is valid UTF-8 (#29232)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Converts personal sign message to UTF-8 string only if it can be
converted to valid UTF-8 string.

## **Related issues**

Fixes: #3931

## **Manual testing steps**

1. Send personal sign request to extension with message string
`0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470`
2. Check on confirmation page that it is displayed as UTF-8 string

## **Screenshots/Recordings**
<img width="360" alt="Screenshot 2024-12-16 at 6 53 30 PM"
src="https://github.com/user-attachments/assets/b2053d70-dbed-4bd3-8e77-d0ba3f4150bc"
/>

## **Pre-merge author checklist**

- [X] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [X] I've completed the PR template to the best of my ability
- [X] I’ve included tests if applicable
- [X] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [X] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
@metamaskbot metamaskbot added the release-12.11.0 Issue or pull request that will be included in release 12.11.0 label Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-signatures release-12.11.0 Issue or pull request that will be included in release 12.11.0 team-confirmations Push issues to confirmations team type-enhancement
Projects
None yet