Skip to content

feat: add SEP-53 message signing and verification #2346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
tomerweller wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

feat: add SEP-53 message signing and verification #2346

tomerweller wants to merge 3 commits into from
+609 −0

Conversation

@tomerweller
Copy link

@tomerweller tomerweller commented Dec 23, 2025

Summary

Closes #2345

Add support for signing and verifying arbitrary messages per SEP-53.

New Commands

stellar message sign - Sign a message using SEP-53 specification

# Sign with an identity
stellar message sign "Hello, World!" --sign-with-key alice

# Sign with a secret key directly
stellar message sign "Hello, World!" --sign-with-key SC36...

# Sign binary data (base64 input)
stellar message sign --base64 "SGVsbG8sIFdvcmxkIQ==" --sign-with-key alice

# Read message from stdin
echo "Hello" | stellar message sign --sign-with-key alice

stellar message verify - Verify a SEP-53 signed message

# Verify with a public key
stellar message verify "Hello, World!" \
  --signature "fO5dbYhXUhBMhe6..." \
  --public-key GABC...

# Verify using an identity
stellar message verify "Hello, World!" \
  --signature "fO5dbYhXUhBMhe6..." \
  --public-key alice

Features

  • Sign messages with local keys, seed phrases, or secure store
  • Support for both UTF-8 text and binary (base64) input
  • Signature output in base64 format
  • Identity lookup for both signing and verification

Implementation

Follows the SEP-53 specification:

  1. Prepend "Stellar Signed Message:\n" prefix to message
  2. SHA-256 hash the prefixed payload
  3. ed25519 sign the hash
  4. Return 64-byte signature as base64

Limitations

  • Ledger hardware wallet signing is not yet supported (returns error)
  • Lab signing is not supported (no way to return signature)

Test Plan

  • Unit tests for signing with various message types (ASCII, UTF-8, binary)
  • Unit tests for verification with valid/invalid signatures
  • Unit tests for SEP-53 prefix correctness
  • Integration with existing identity/key management

🤖 Generated with Claude Code

@tomerweller @claude
feat: add SEP-53 message signing and verification
3d5bf2c 
Add support for signing and verifying arbitrary messages per SEP-53.

New commands:
- `stellar message sign` - Sign a message using SEP-53 specification
- `stellar message verify` - Verify a SEP-53 signed message

Features:
- Sign messages with local keys, seed phrases, or secure store
- Support for both UTF-8 text and binary (base64) input
- Signature output in base64 format
- Identity lookup for signing keys

Implementation follows the SEP-53 specification:
1. Prepend "Stellar Signed Message:\n" prefix to message
2. SHA-256 hash the prefixed payload
3. ed25519 sign the hash

Closes stellar#2345

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@github-project-automation github-project-automation bot moved this to Backlog (Not Ready) in DevX Dec 23, 2025
tomerweller and others added 2 commits December 23, 2025 18:37
@tomerweller @claude
fix: address clippy warnings
104ab59 
- Remove unused `arg` import from clap
- Use `if let` instead of `match` for single pattern destructuring
- Add `#[allow(clippy::unused_async)]` for async fn without await
  (kept async for consistency with other commands)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@claude
Fix cargo fmt formatting
c0b97bf 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@leighmcculloch
Copy link
Member

leighmcculloch commented Jan 4, 2026

@fnando @mootz12 Thoughts on where to put this in the CLI? A top level 'message' feels too general and ambiguous, because 'message' has such generic meaning.

I like that it supports stdin, and uses the same options for consistency with other commands that sign like stellar tx sign.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

DevX
Status: Backlog (Not Ready)

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature Request: Add SEP-53 arbitrary message signing and verification

2 participants

@tomerweller @leighmcculloch