Skip to content

feat: add SEP-53 message signing and verification #2346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tomerweller wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat: add SEP-53 message signing and verification #2346

tomerweller wants to merge 8 commits into from

Conversation

@tomerweller
Copy link

@tomerweller tomerweller commented Dec 23, 2025

Summary

Closes #2345

Add support for signing and verifying arbitrary messages per SEP-53.

New Commands

stellar message sign - Sign a message using SEP-53 specification

# Sign with an identity
stellar message sign "Hello, World!" --sign-with-key alice

# Sign with a secret key directly
stellar message sign "Hello, World!" --sign-with-key SC36...

# Sign binary data (base64 input)
stellar message sign --base64 "SGVsbG8sIFdvcmxkIQ==" --sign-with-key alice

# Read message from stdin
echo "Hello" | stellar message sign --sign-with-key alice

stellar message verify - Verify a SEP-53 signed message

# Verify with a public key
stellar message verify "Hello, World!" \
  --signature "fO5dbYhXUhBMhe6..." \
  --public-key GABC...

# Verify using an identity
stellar message verify "Hello, World!" \
  --signature "fO5dbYhXUhBMhe6..." \
  --public-key alice

Features

  • Sign messages with local keys, seed phrases, or secure store
  • Support for both UTF-8 text and binary (base64) input
  • Signature output in base64 format
  • Identity lookup for both signing and verification

Implementation

Follows the SEP-53 specification:

  1. Prepend "Stellar Signed Message:\n" prefix to message
  2. SHA-256 hash the prefixed payload
  3. ed25519 sign the hash
  4. Return 64-byte signature as base64

Limitations

  • Ledger hardware wallet signing is not yet supported (returns error)
  • Lab signing is not supported (no way to return signature)

Test Plan

  • Unit tests for signing with various message types (ASCII, UTF-8, binary)
  • Unit tests for verification with valid/invalid signatures
  • Unit tests for SEP-53 prefix correctness
  • Integration with existing identity/key management

🤖 Generated with Claude Code

@tomerweller @claude
feat: add SEP-53 message signing and verification
3d5bf2c 
Add support for signing and verifying arbitrary messages per SEP-53.

New commands:
- `stellar message sign` - Sign a message using SEP-53 specification
- `stellar message verify` - Verify a SEP-53 signed message

Features:
- Sign messages with local keys, seed phrases, or secure store
- Support for both UTF-8 text and binary (base64) input
- Signature output in base64 format
- Identity lookup for signing keys

Implementation follows the SEP-53 specification:
1. Prepend "Stellar Signed Message:\n" prefix to message
2. SHA-256 hash the prefixed payload
3. ed25519 sign the hash

Closes stellar#2345

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@github-project-automation github-project-automation bot moved this to Backlog (Not Ready) in DevX Dec 23, 2025
tomerweller and others added 2 commits December 23, 2025 18:37
@tomerweller @claude
fix: address clippy warnings
104ab59 
- Remove unused `arg` import from clap
- Use `if let` instead of `match` for single pattern destructuring
- Add `#[allow(clippy::unused_async)]` for async fn without await
  (kept async for consistency with other commands)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@claude
Fix cargo fmt formatting
c0b97bf 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@leighmcculloch
Copy link
Member

leighmcculloch commented Jan 4, 2026

@fnando @mootz12 Thoughts on where to put this in the CLI? A top level 'message' feels too general and ambiguous, because 'message' has such generic meaning.

I like that it supports stdin, and uses the same options for consistency with other commands that sign like stellar tx sign.

@mootz12
Copy link
Contributor

mootz12 commented Jan 5, 2026

@leighmcculloch

Thoughts on where to put this in the CLI? A top level 'message' feels too general and ambiguous, because 'message' has such generic meaning.

I think as-implemented makes the most sense with how the CLI is currently setup. Most other tools from a quick scan are consistent with the message naming.

The only other reasonable alternative I can think of would be to make sign a subcommand, e.g.

stellar sign tx ...
stellar sign message ...

But this might be excess refactoring / breaking changes.

@janewang janewang moved this from Backlog (Not Ready) to Todo (Ready for Dev) in DevX Jan 5, 2026
@janewang janewang requested a review from a team January 5, 2026 15:19
@mootz12 mootz12 self-assigned this Jan 6, 2026
@mootz12 mootz12 marked this pull request as ready for review January 8, 2026 14:55
@mootz12 mootz12 moved this from Todo (Ready for Dev) to Needs Review in DevX Jan 13, 2026
@fnando
Copy link
Member

fnando commented Jan 14, 2026

To be honest, stellar message seems like the perfect place for this. We should avoid the trap of using nested subcommands whenever possible; it's terrible ui, imo (so I'm against stellar sign message and the like).

fnando
fnando reviewed Jan 14, 2026
View reviewed changes
@mootz12 mootz12 requested review from Copilot and fnando January 14, 2026 16:57
Copilot AI reviewed Jan 14, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements SEP-53 arbitrary message signing and verification for the Stellar CLI, allowing users to sign and verify messages using Stellar keys to prove address ownership or authenticate without on-chain transactions.

Changes:

  • Added new message sign and message verify commands following the SEP-53 specification
  • Modified Signer::get_public_key() to return stellar_strkey::ed25519::PublicKey wrapper type instead of raw [u8; 32] for better type safety
  • Added comprehensive unit and integration tests using SEP-53 test vectors

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
cmd/soroban-cli/src/signer/mod.rs Updated get_public_key() return type and call sites to use stellar_strkey::ed25519::PublicKey wrapper
cmd/soroban-cli/src/print.rs Added documentation comments to print functions
cmd/soroban-cli/src/commands/mod.rs Registered new message subcommand and error type
cmd/soroban-cli/src/commands/message/mod.rs Defined message command structure with SEP-53 prefix constant
cmd/soroban-cli/src/commands/message/sign.rs Implemented SEP-53 message signing with stdin support and base64 encoding
cmd/soroban-cli/src/commands/message/verify.rs Implemented SEP-53 signature verification with identity resolution
cmd/crates/soroban-test/tests/it/message.rs Integration tests covering sign/verify with keys, stdin, and aliases
cmd/crates/soroban-test/tests/it/main.rs Registered message integration tests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mootz12 mootz12 mootz12 left review comments

Copilot code review Copilot Copilot left review comments

@fnando fnando Awaiting requested review from fnando

At least 1 approving review is required to merge this pull request.

Assignees

@mootz12 mootz12

Labels

None yet

Projects

DevX
Status: Needs Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature Request: Add SEP-53 arbitrary message signing and verification

4 participants

@tomerweller @leighmcculloch @mootz12 @fnando