Signing methods
This page describes the signing RPC methods in MetaMask. Learn how to use the recommended signing methods.
eth_signTypedData_v4
- Cheap to verify onchain.
- Human-readable.
- Protected against phishing signatures.
If onchain verifiability cost is a high priority,
use eth_signTypedData_v4.
personal_sign
- Displays human-readable text when UTF-8 encoded, making it a popular choice for site logins (for example, Sign-In with Ethereum).
- Is protected against phishing signatures.
The text prefix of personal_sign makes signatures expensive to verify onchain.
If onchain verifiability cost is not a priority, you can
use personal_sign.
MetaMask implements personal_sign similarly to the Go Ethereum client's updated eth_sign implementation.
MetaMask's personal_sign doesn't accept a password.
Deprecated signing methods
eth_sign, eth_signTypedData_v1, and eth_signTypedData_v3 are deprecated.
Use eth_signTypedData_v4 or personal_sign.
eth_sign
eth_sign allows signing an arbitrary hash, which means an attacker can use it to request users to
sign transactions or any other data.
Using eth_sign is a dangerous phishing risk.
To enhance user security, MetaMask no longer supports using eth_sign.
Use eth_signTypedData_v4 or personal_sign instead.
See MIP-3 for
more information about the discontinuation of eth_sign.
eth_signTypedData_v1 and eth_signTypedData_v3
eth_signTypedData was introduced by EIP-712.
The EIP-712 specification changed several times resulting in multiple versions
of eth_signTypedData.
The earlier versions are:
eth_signTypedData_v1- The same aseth_signTypedData. Read the introductory blog post to this method.eth_signTypedData_v3- A highly used version of the EIP-712 specification. Read the introductory blog post to this method.
The missing v2 represents an intermediary design that the Cipher browser implemented.
All early versions of this method lack later security improvements.
Use the latest version, eth_signTypedData_v4.