Ethereum Wallet

Logging in with Ethereum Wallet

Calimero allows users to authenticate via their Ethereum wallet (such as Metamask), ensuring secure access to the Admin Dashboard. The authentication process leverages Ethereum's ECDSA signature verification through the authentication service.

Authentication Flow

The Ethereum authentication in Calimero follows the same challenge-response pattern as other supported wallets. Here's how it works:

1. User Initiates Login

• The user initiates login and is redirected to the authentication page
• They are presented with wallet options, typically Metamask for Ethereum authentication

2. Server Issues Authentication Challenge

• The authentication service generates a unique challenge for the user to sign
• This challenge typically includes a timestamp and unique identifier to prevent replay attacks

3. User Signs Authentication Challenge

• The user is prompted to sign the server-issued structured challenge using their Ethereum wallet.
• The wallet extension displays the challenge data and requests user confirmation.
• The user approves the signature request in their wallet.

4. Signature Sent to Backend

• After the user signs the challenge, the signature is sent back to the server for verification.

5. Signature Verification

• The backend verifies the Ethereum signature to ensure its authenticity using standard ECDSA signature verification.
• The signature is verified against the structured challenge that was signed.
• If the signature is valid, the user's Ethereum address is extracted and stored as the user's unique identifier.

6. Successful Authentication

• Once verified, the user is successfully authenticated.
• The user's identifier is the wallet's public key.

Authentication Implementation

Calimero's Ethereum authentication uses structured challenges with ECDSA signature verification:

• Structured Challenge Generation: The server generates a unique structured challenge for each login attempt using the Request format
• Signature Verification: The backend verifies the ECDSA signature against the structured challenge
• Identity Storage: The user's Ethereum wallet public key serves as their unique identifier

Supported Ethereum Wallets

Calimero supports MetaMask for Ethereum authentication:

• Metamask: The most popular Web3 wallet extension

Security Features

• Structured Challenge-Response Authentication: Each login attempt uses a unique server-generated structured challenge with specific fields for enhanced security
• ECDSA Signature Verification: Uses Ethereum's standard cryptographic methods for signature validation
• Public Key-based Identity: User identity is tied to their Ethereum wallet public key, ensuring decentralized authentication
• Standard Wallet Security: Leverages the security features of established Ethereum wallets like Metamask

This authentication flow leverages Ethereum's robust ECDSA signature verification to provide secure, decentralized access to Calimero's features while maintaining consistency with the blockchain's native security model.