Skip to main content

Signing methods

This page describes the signing RPC methods in MetaMask. Learn how to use the recommended signing methods.

eth_signTypedData_v4

eth_signTypedData_v4 is:

  • Cheap to verify onchain.
  • Human-readable.
  • Protected against phishing signatures.

If onchain verifiability cost is a high priority, use eth_signTypedData_v4.

personal_sign

personal_sign:

  • Displays human-readable text when UTF-8 encoded, making it a popular choice for site logins (for example, Sign-In with Ethereum).
  • Is protected against phishing signatures.

The text prefix of personal_sign makes signatures expensive to verify onchain. If onchain verifiability cost is not a priority, you can use personal_sign.

note

MetaMask implements personal_sign similarly to the Go Ethereum client's updated eth_sign implementation. MetaMask's personal_sign doesn't accept a password.

Deprecated signing methods

important

eth_sign, eth_signTypedData_v1, and eth_signTypedData_v3 are deprecated. Use eth_signTypedData_v4 or personal_sign.

eth_sign

eth_sign allows signing an arbitrary hash, which means an attacker can use it to request users to sign transactions or any other data. Using eth_sign is a dangerous phishing risk.

To enhance user security, MetaMask no longer supports using eth_sign. Use eth_signTypedData_v4 or personal_sign instead.

note

See MIP-3 for more information about the discontinuation of eth_sign.

eth_signTypedData_v1 and eth_signTypedData_v3

eth_signTypedData was introduced by EIP-712. The EIP-712 specification changed several times resulting in multiple versions of eth_signTypedData.

The earlier versions are:

The missing v2 represents an intermediary design that the Cipher browser implemented.

All early versions of this method lack later security improvements. Use the latest version, eth_signTypedData_v4.