Personal Signatures

Message signing lets a dapp verify account ownership or authorize an action without sending a transaction. Two methods exist — one modern and safe, one legacy and dangerous — and they behave very differently under the hood.

personal_sign

The right choice for almost every "Sign message" flow. EIP-191 prepends a standard prefix before hashing, which prevents a signed message from being replayed as a valid transaction. The wallet receives the raw UTF-8 string and should display it clearly — this is the method to use when you want users to actually read what they're signing.

RPC: personal_sign(message, address)

eth_sign

Signs a raw 32-byte hash with no prefix, no context, and no protection against replay. The user sees a hex blob with no indication of what they're authorizing.

RPC: eth_sign(address, hash)