Signing methods
This page describes the signing RPC methods in MetaMask. Learn how to use the recommended signing methods.
eth_signTypedData_v4
- Cheap to verify onchain.
- Human-readable.
- Protected against phishing signatures.
If onchain verifiability cost is a high priority,
use eth_signTypedData_v4
.
personal_sign
- Displays human-readable text when UTF-8 encoded, making it a popular choice for site logins (for example, Sign-In with Ethereum).
- Is protected against phishing signatures.
The text prefix of personal_sign
makes signatures expensive to verify onchain.
If onchain verifiability cost is not a priority, you can
use personal_sign
.
MetaMask implements personal_sign
similarly to the Go Ethereum client's updated eth_sign
implementation.
MetaMask's personal_sign
doesn't accept a password.
Deprecated signing methods
eth_sign
, eth_signTypedData_v1
, and eth_signTypedData_v3
are deprecated.
Use eth_signTypedData_v4
or personal_sign
.
eth_sign
eth_sign
allows signing an arbitrary hash, which means an attacker can use it to request users to
sign transactions or any other data.
Using eth_sign
is a dangerous phishing risk.
To enhance user security, MetaMask no longer supports using eth_sign
.
Use eth_signTypedData_v4
or personal_sign
instead.
See MIP-3 for
more information about the discontinuation of eth_sign
.
eth_signTypedData_v1
and eth_signTypedData_v3
eth_signTypedData
was introduced by EIP-712.
The EIP-712 specification changed several times resulting in multiple versions
of eth_signTypedData
.
The earlier versions are:
eth_signTypedData_v1
- The same aseth_signTypedData
. Read the introductory blog post to this method.eth_signTypedData_v3
- A highly used version of the EIP-712 specification. Read the introductory blog post to this method.
The missing v2
represents an intermediary design that the Cipher browser implemented.
All early versions of this method lack later security improvements.
Use the latest version, eth_signTypedData_v4
.