Message Signing on Bitcoin and Cardano

The Message Signing feature in Ledger Enterprise allows you to cryptographically prove ownership of a specific crypto address without initiating an on-chain transaction. This is particularly useful for processes like participating in airdrops, verifying ownership for a third-party service, or registering on certain platforms that require proof of address control.

This feature enhances security by allowing you to interact with services without exposing your private keys or sending funds. The entire process is secured by your Ledger device, ensuring that what you see on the device's trusted display is what you are actually signing.

Currently, Message Signing is supported for both Bitcoin (BTC) and Cardano (ADA) accounts.

Step-by-Step Guide to Signing a Message

Follow these steps to generate a signature for a message using your Ledger Enterprise workspace.

1. Ensure the Feature is Enabled

Before you can sign a message, the "Message signature" permission must be enabled for the specific account. This is configured by an Admin in the governance rules when creating a new account or by editing an existing one.

1. When creating or editing an account, go through all the steps until you get to step 4 showing the Message Signature ruleset.

2. Toggle the Message signature rule to the "on" position.

3. Add the groups that you would like to have the power to sign messages in this ruleset.

1. Complete the account creation or update process, including the necessary approvals from other Admins.

2. Claiming tokens (optional use case)

Once your account has been setup and message signing enabled, you can use the address to do things like claim token rewards.

1. Go to the relevant claim site;

2. Enter the relevant account address that you can make a claim from.

3. Go through the claim process.

4. The claim site will generate a unique claim message.

5. Copy the claim message to your clipboard.

3. Initiate the Signing Request

You can start the signing process as an Operator.

1. From the Left Menu, click New Transaction and then select Sign message.

1. A "Sign message" modal will appear.

4. Enter Message and Signature Details

In the modal, you will need to provide the necessary information.

1. Account & Address: Select the account and the specific address from which you want to sign.

2. Message to sign: Paste the exact message provided by the third-party service (e.g., the unique claim preview from an airdrop website).

3. Signature standard: This is a critical step. You must select the correct standard required by the service you are interacting with.

• For Bitcoin (BTC), the standard is typically BIP-137.

• For Cardano (ADA), the standard is CIP-8.

1. Cardano (ADA) Specifics: When signing with a Cardano address, you must specify which key to use for the signature. The address itself is a concatenation of a payment key and a stake key.

• Check the requirements of the third-party service. As a general rule, if your address begins with stake, you should select Use stake address. Otherwise, use the default Use payment address.

1. Click Next and review the details, then submit the request for approval.

5. Approve on Your Ledger Device

You will be prompted to connect your Ledger device to verify and approve the request.

1. Connect and unlock your Ledger Stax.

2. Carefully review the message details displayed on the device's screen. This ensures that the message you are signing matches the one you intended to sign.

3. Approve the action on the device.

6. Retrieve Your Signature

After the request is approved and processed, you can retrieve the signature and public key.

1. Navigate to the Operations tab and click on the Messages sub-tab.

1. Locate your completed message signature request in the list and click on it to open the details view.

2. Here you will find:

   1. Public Key / Stake Key: The public key corresponding to the address you used.

   2. Signature: The generated cryptographic signature.

3. Use the copy icons to copy both the Public Key and the Signature. You can now paste these into the required fields on the third-party platform to complete the verification process (eg; in the token claim process we described earlier).