The Go implementation of Sign-In with Ethereum can be found here:
Installation
SIWE can be easily installed in any Go project by running:
goget-ugithub.com/spruceid/siwe-go
Usage
SIWE exposes a Message struct which implements EIP-4361.
Parsing a SIWE Message
Parsing is done via the siwe.ParseMessage function:
var message *siwe.Messagevar err errormessage, err = siwe.ParseMessage(messageStr)
The function will return a nil pointer and an error if there was an issue while parsing.
Verifying and Authenticating a SIWE Message
Verification and Authentication is performed via EIP-191, using the address field of the Message as the expected signer. This returns the Ethereum public key of the signer:
var publicKey *ecdsa.PublicKeyvar err errorpublicKey, err = message.VerifyEIP191(signature)
The time constraints (expiry and not-before) can also be validated, at current or particular times:
Combined verification of time constraints and authentication can be done in a single call with verify:
var publicKey *ecdsa.PublicKeyvar err error// Optional nonce variable to be matched against the// built message struct being verifiedvar optionalNonce *string// Optional timestamp variable to verify at any point// in time, by default it will use `time.Now()`var optionalTimestamp *time.TimepublicKey, err = message.Verify(signature, optionalNonce, optionalTimestamp)// If you won't be using nonce matching and want// to verify the message at the current time, it's// safe to pass `nil` in both argumentspublicKey, err = message.Verify(signature, nil, nil)
Serialization of a SIWE Message
Message instances can also be serialized as their EIP-4361 string representations via the String method:
fmt.Printf("%s", message.String())
Signing Messages from Go code
To sign messages directly from Go code, you will need to do it like shown below to correctly follow the personal_sign format: