Sign DApp Messages

This section is for Operators only.


Signing messages serves a crucial purpose in the web3 ecosystem. It allows users to confirm their identity, authenticate transactions, and interact with smart contracts without the need to share their private keys.

The EIP-191 and EIP-712 formats are Ethereum Improvement Proposals that standardize signed messages:

  • EIP-191 provides a basic signed data scheme. It is mostly used to let users prove that they control an address without revealing their private key, typically when logging into a DApp.
  • EIP-712 improves upon EIP-191 and makes the process of data signing more user-friendly. It displays the data in a structured and readable format, improving user understanding and control over what they are signing.

Ledger Enteprise supports the signature of messages in the EIP-191 and EIP-712 formats, and enables operators to review their content on the Trusted Display of their Personal Security Devices.

The signature of messages with Ledger Enterprise accounts opens up multiple opportunities in the web3 ecosystem.

Follow the instructions below to sign messages when interacting with DApps.


Step 1: Connect to a DApp

Step 2: Initiate the message signature on the DApp

You can connect to various DApps which will eventually require the signature of messages. Signed messages can serve various purposes:

  • Log in with the DApp by proving the ownership of your Ledger Enterprise EVM account
  • Decentralized Finance (DeFi) apps such as MakerDao, Aave or Curve Finance will require you to sign transactions for lending, borrowing, or trading assets with your Ledger Enterprise EVM account
  • Decentralized Exchanges (DEXs) such as Uniswap or Sushiswap's trading process involve signing messages with your Ledger Enterprise EVM account to authorize trades and liquidity provisions
  • NFT Marketplaces such as OpenSea, Rarible or Blur involve transactions where users purchase, bid for, or transfer digital assets. These marketplaces will require message signatures from your Ledger Enterprise EVM accounts to ensure these transactions are secure and valid.
  • Identity and social apps such as ENS (Ethereum Name Service) or Lenster will require signatures from your Ledger Enterprise EVM accounts to verify identities, prove ownership or facilitate secure communication
  • DAOs and governance apps such as Snapshot or Aragon will require your Ledger Enterprise EVM accounts to sign messages to participate in voting and other governance actions.

msg sign welcomet OpenSea

Once you've clicked the DApp's prompt to initiate a message signature, the DApp sends a message signature request to Ledger Enterprise. The message signature request will undergo your orginazation's security and governance checks.

Step 3: Create the message signature request

As the operator initating the message signature process with the DApp, you are creating a message signature request on your Ledger Enterprise workspace.

You are prompted with a message signature request modal, which helps you review the content of the message to sign.

  • EIP-191 messages usually present basic data to sign, typically a login message

    OpenSea login msg

  • EIP-712 messages present data in a structured format, to help users interpret more complex orders & operations, such as a bid on an NFT marketplace or a token spend authorization on a DEX

    msg sign modal2

Click Review on PSD to examine the message on the Trusted Display of your Personal Security Device. Tap the arrows to expand the different sections of the message.

msg sign 712PSD

You should only trust the message displayed on your PSD. Ensure that the message is accurate and corresponds to your intention before approving its signature. Reject the message signature and contact the Ledger Enterprise support if you notice discrepancies.

If the message is accurate and corresponds to your intention, you can approve its signature on your PSD.

The message signature request is created and will undergo the message signature governance checks which admins have defined for the account.

  • If the message signature governance rule requires further operator approvals, see Step 4
  • If the message signature governance rule does not require further operator approvals, see Step 5

Step 4: Review and approve a message signature request

When a message signature request requires your approval, it will appear in the request panel.

Click on the message signature request to examine its content.

Click Review on PSD to chek the message on the Trusted Display of your Personal Security Device.

(see step 3 for details)

Step 5: Sign the message and return the signed message to the DApp

Once the message signature requests has passed all the required governance checks, it will be signed by the Hardware Security Module. The signed message is then communicated to the DApp, which unlocks the pending user flow, whether it is a login, an NFT bid or a trade order.

Please note that the signature of messages is a time-sensitive process. The connection between Ledger Vault and the DApp must be maintained between the time the DApp requests a message signature, and the time Ledger Vault returns a signed message.
We recommend the following good-practices to ensure the message reaches the DApp after all approvals have been collected:
  • Once an operator initiates a message signature process through a DApp, they should maintain the connection with the DApp through the Ledger Enterprise message signature process. Whether they use a Vault DApp or connect to an external DApp via WalletConnect, operators who create message signing requests should leave their UI focused on the Vault DApp or WalletConnect, and avoid initiating other parallel operations.
  • If approvals from other operators are required for a message signature request, make sure that approvals are provided fast enough, i.e. while the operator who initiated the message signature process is still connected to the DApp.

Step 6: Reporting - monitor and audit the message signature request

You can monitor and audit your entire history of messages signed when interacting with DApps.

msg sign op history

Ledger Enterprise records the message that was signed, as well as the message siging governance rule's audit logs.

msg sign reporting

msg sign governance history

See also: