Ledger Enterprise
Help Center
Help Center
  • Welcome to the Help Center
  • Fundamentals
    • Getting set up
      • Sign in and out
      • For Administrators
      • For Operators
  • Supported Networks
  • What's new
  • CORE
    • Workspace administration
      • Admin Rule
        • Edit the admin rule
      • Accounts
        • Create an account
        • Solana SPL token account
        • Direct Access EVM Accounts
        • Edit an account
        • Activate a view-only account
        • Generate a receiving address
      • Groups
        • Create a group
        • Edit a group
        • Delete a group
      • Whitelists
        • Create a whitelist
        • Edit a whitelist
      • Entities
        • Create an entity
        • Edit an entity
        • Delete an entity
      • Policies
    • Users
      • User Roles and Permissions
      • New users
      • Register on the Ledger Vault
    • Your Device
      • Initialize your Personal Security Device (PSD)
      • Update your Personal Security Device (PSD)
      • Configure the Ledger Cryptosteel
      • Device pairing: View your partition ID
    • Managing requests
      • Approve or reject a request
      • Track the status of a request
      • Recreate a rejected or failed request
    • Transactions
      • Create a transaction
      • Transaction fees & speed
      • UTXOs
      • Replace by Fee
      • Export transaction history
      • Vault Raw Signing Overview
    • Compliance capabilities
      • Proof of Reserve - Enable Message Signing on an account
      • Proof of Researve - Sign Messages
      • Address Screening and KYT
    • Using Vault Signer
      • Create a Vault Signer account
      • Connect your Signer account to the Ledger Live extension
      • Craft a transaction on Ledger Live with your Vault Signer account
    • Overview of the Ledger Enterprise API
    • Public Key Infrastructure (PKI) Implementation
    • Ledger Enterprise mobile application
      • Terms of Use
      • How to use the app
      • FAQ
  • staking
    • Stake Cardano
      • Overview
      • Enable ADA Staking
      • Stake ADA with Figment
      • Reporting
    • Stake Cosmos
      • Overview
      • Enable ATOM Staking on your Ledger Cosmos Enterprise accounts
      • How to stake ATOM
    • Stake Ethereum
      • Overview
      • Enable ETH Staking on your Ethereum accounts
      • Stake ETH with Kiln
      • Stake ETH with Figment
      • Stake ETH with Blockdaemon
    • Stake Solana
      • Overview
      • Enable SOL Staking on your Solana accounts
      • Stake SOL with Figment
      • Solana Staking Reporting
    • Stake Polkadot
      • Overview
      • Enable DOT Staking
      • Stake DOT with Figment
    • Stake Polygon
      • Overview
      • Enable MATIC Staking
      • Stake MATIC with Figment
      • Stake MATIC with Kiln
    • Stake Tezos
      • Overview
    • Staking Providers
      • Stake with kiln
      • Stake with Figment
      • Stake with Blockdaemon
  • Web3: DeFi & NFT
    • Web3: DeFi & NFT Interactions
      • Web3 governance & configuration
        • Enable Smart Contract Interactions on EVM accounts
        • Enable Message Signatures on EVM accounts
        • Enable Contract Deployments on EVM accounts
        • Customize DApps catalog on EVM accounts
      • Vault DApps
        • DApp Provider Guide
        • Lido
        • Paraswap
        • Yearn
      • Interact with an external DApp via WalletConnect
      • Deploy a Smart Contract
      • Sign DApp messages
      • Interact with a smart contract
    • Raw Signing Best Practices
  • TRADELINK
    • Introduction
    • Best Practices
    • Run Tradelink as an Administrator
    • Operate Tradelink as a Custodian
    • Operate Tradelink as an Asset Manager
    • Operate Tradelink as an Exchange
    • Ledger Tradelink Terms of Use
  • Support
    • Troubleshooting
    • Security best practices
      • Ledger Stax Best Practices
    • Recovering your Vault Master Seed
    • Recover your Ledger Vault's master seed on a Nano S Plus
Powered by GitBook
On this page
  • Overview
  • Instructions
  • General best practices
  1. Web3: DeFi & NFT
  2. Web3: DeFi & NFT Interactions
  3. Web3 governance & configuration

Enable Message Signatures on EVM accounts

This article is for Administrators only.

Overview

Signing messages serves a crucial purpose in the web3 ecosystem. It allows users to confirm their identity, authenticate transactions, and interact with smart contracts without the need to share their private keys.

The EIP-191 and EIP-712 formats are Ethereum Improvement Proposals that standardize signed messages:

  • EIP-191 provides a basic signed data scheme. It is mostly used to let users prove that they control an address without revealing their private key, typically when logging into a DApp.

  • EIP-712 improves upon EIP-191 and makes the process of data signing more user-friendly. It displays the data in a structured and readable format, improving user understanding and control over what they are signing. It is used when users are required to sign complex data to interact with a decentralized application (dApp), for instance, when placing an order on an NFT marketplace, or to allow a DEX to swap their tokens.

Ledger Enteprise supports the signature of messages in the EIP-191 and EIP-712 formats, and enables operators to review their content on the Trusted Display of their Personal Security Devices.

The signature of messages with Ledger Enterprise accounts opens up multiple opportunities in the web3 ecosystem. Here are a few examples:

  • Decentralized Finance (DeFi) apps such as MakerDao, Aave or Curve Financeoften require users to sign transactions for lending, borrowing, or trading assets

  • Decentralized Exchanges (DEXs) such as Uniswap or Sushiswap's trading process involve signing messages to authorize trades and liquidity provisions

  • NFT Marketplaces such as OpenSea, Rarible or Blur involve transactions where users purchase, bid for, or transfer digital assets. These marketplaces often require message signatures to ensure these transactions are secure and valid.

  • Identity and social apps such as ENS (Ethereum Name Service) or Lenster use signatures to verify identities, prove ownership or facilitate secure communication

  • DAOs and governance apps such as Snapshot or Aragon often require members to sign messages to participate in voting and other governance actions.

You can enable message signatures for any Ethereum or EVM account. The step 4 web3 rules of the account creation or edition procedure now lets you activate and configure a rule to govern message signatures for the account. Activate the feature by clicking on the Toggle button, and configure your Message Signature governance rule according to your needs.

Signing DApp messages can put funds at risk. We advise users to educate themselves about the risks of signing messages, before activating message signatures.

Instructions

  1. Select creator to define which operators can create signature requests for DApp messages. You can select up to 20 operators or a single group. The selected operators will be able to initiate a message signature process through a DApp. See Sign DApp Messages for details.

  2. (optional) Use the approval workflow section to define which Operators must review and approve message signature requests for DApp messages. You can define up to three steps.

  3. Confirm the creation of your Message Signature rule and review the rule on your Personal Security Device. Once you've reviewed the rule on your PSD and confirmed, an account creation or edition request is created.

  4. Once all required Administrators have reviewed and approved the account creation or edition request, according to your workspace's admin rule , the Message Signature rule will be effective for the account.

General best practices

DApp Message Signing Process

Please note that the signature of messages is a time-sensitive process. The connection between Ledger Vault and the DApp must be maintained between the time the DApp requests a message signature, and the time Ledger Vault returns a signed message.

We recommend the following to ensure the message reaches the DApp after all approvals have been collected:

  • Once an operator initiates a message signature process through a DApp, they should maintain the connection with the DApp through the Ledger Enterprise message signature process. Whether they use a Vault DApp or connect to an external DApp via WalletConnect, operators who create message signing requests should leave their UI focused on the Vault DApp or WalletConnect, and avoid initiating other parallel operations.

  • If you choose to enforce review and approvals from other operators for message signature requests, make sure that approvals are provided fast enough, i.e. while the operator who initiated the message signature process is still connected to the DApp.

Web3 Risk Management

  • Do not enable Message Contract Signatures for an account holding higher amounts of funds than what you intend to use with Smart Contracts & DApps.

  • Try segregating Smart Contract & DApp accounts with one account per smart contract or DApp you wish to interact with. For example:

  • One account dedicated to Paraswap trading, which you top up before trades and withdraw from after trades

  • One account dedicated to ETH liquid staking on Lido

  • One account dedicated to to NFT trading on NFT marketplaces

  • Although Vault DApps have been audited by multiple independent third-party firms, we encourage you to carry out your own due diligence before signing messages for any DApp or smart contract.

PreviousEnable Smart Contract Interactions on EVM accountsNextEnable Contract Deployments on EVM accounts

Last updated 1 month ago