Sign Messages

This section is for Operators only.

Overview

Signing messages serves a crucial purpose in the web3 ecosystem. It allows users to confirm their identity, authenticate transactions, and on smart-contract enables networks such as EVMs, interact with smart contracts without the need to share their private keys.

Ledger Enteprise supports the signature of messages in

the EIP-191 and EIP-712 formats on EVM networks ;
the EIP-191 format on all other networks .

Whenever signing a message, Operators will be able to review their content on the Trusted Display of their Personal Security Devices.

The signature of messages with Ledger Enterprise accounts opens up multiple opportunities in the web3 ecosystem.

Note that signing a Message is a fully off-chain operation that does not let you send funds. However, it is crucial that the format of these signed messages cannot be interpreted as Transactions (and risk losing funds). Therefore, Ledger Enterprise formats all messages in an EIP-191 fashion so that they cannot be broadcasted as Transactions on a network.

Follow the instructions below to sign messages.

Instructions

Pre-requisites

In order to initiate or approve a Message Signature request on an account, you need to be an authorized Operator on that account, i.e. be part of the Message Signature rule of that account.
If this is not the case, please contact your Administrator, so that they can add you to the Message Signing rule .

Step 1: Create the Message Signature request

Select the account that you wish to use to sign your message, and input the desired message in the dedicated space.

( Optional ) Click on Next and add a Title and Comments to easily identify and report your Message Signature requests during your reporting workflows.

Review the summary of the Message Signature request. Click Review on PSD to examine the message on the Trusted Display of your Personal Security Device . Tap the arrows to expand the different sections of the message.

You should only trust the message displayed on your PSD. Ensure that the message is accurate and corresponds to your intention before approving its signature. Reject the message signature and contact the Ledger Enterprise support if you notice discrepancies.

If the message is accurate and corresponds to your intention, you can approve its signature on your PSD.

The message signature request is created and will undergo the message signature governance checks which admins have defined for the account.

If the message signature governance rule requires further operator approvals, see Step 2
If the message signature governance rule does not require further operator approvals, see Step 3

Step 2: Review and approve a Message Signature request

When a Message Signature request requires your approval, it will appear in the Request panel.

sign msg 4

Click on the Message Signature request to examine its content.

sign msg 5

Click Review on PSD to chek the message on the Trusted Display of your Personal Security Device.

Step 3: Sign the Message

Once the Message Signature requests has passed all the required governance checks, it will be signed by the Hardware Security Module. The signed message is then available in your Operations table, in the Message tab.

Step 4: Reporting - Monitor and audit the Message Signature request

You can monitor and audit your entire history of messages signed.

sign msg 7

Ledger Enterprise records the message that was signed, its signature hash, as well as the message siging governance rule's audit logs.

sign msg 8

sign msg 9

To encode and sign the message while preventing it from being interpreted as a Transaction across networks, Ledger Enterprise leverages a specific format (see below).

Message encoding format: keccak256("\0x00<currency_name> Signed Message:\n" + len(message) + message). For instance, a BTC signed message would be encoded following: keccak256("\0x00Bitcoin Signed Message:\n" + len(message) + message).