Trying to figure out the best approach to this. Working on a web3j/ethereum app, I need a way to verify an address is generated and in use by the app user by a server. My approach idea:
Is this possible in web3j or web3js (which could be used for server side). Or is there a better approach?
Use the private ethereum key the sign/encrypt a message
This is certainly possible, but encryption functionality is not exposed by web3. You would need to use a regular ECDSA library to handle encryption. Signing, however, can be done through web3.
Server decrypts message using ethereum address sent
It is not possible to recover the public key from the ethereum address. It is possible to recover it from the signature, however. You would need your receiving server to run ecrecover, and then decrypt the text.
Checks the message is same as"abc" and if so validates address
Once you have decrypted the payload, equality checks are easy enough. To validate the address, you must run the recovered public key through keccak256, and then verify the last 20 bytes of the hash are the same as the address you received.