Verifying Ethereum (Web3) signed message in PHP

Question

How can i verify Ethereum signed messase with PHP?

Message is signed using web3.personal.sign function in Web3.js and signature is then sent to server. How can I verify it with PHP?

Are there some pre-built packages (on Packagist) or I should do this from scratch? Is it possible to do this without any connection to RPC nodes or chain (off-chain)?

I already found some question about this on Ethereum StackExchange, but it is very complicate and a bit old so I want to know if there is newer and better solution.

I also found some package on GitHub, but I don't know if it will work with web3.personal.sign.

Some links I found:

• Verifying an Ethereum signature on the server - PHP (1)
• Verifying an Ethereum signature on the server - PHP (2)
• php-ecrecover

Answer 1

Verifying signed message is possible with package php-ecrecover.

You can get the original message address using this package and then verify if it is same as expected address.

JS Sign:

let message = 'Hello World!'
let address = web3.eth.coinbase

web3.personal.sign(web3.fromUtf8(message), address, console.log);

PHP Verify:

$address = '0xe12Aa5FB5659bb0DB3f488e29701fE303bcBAf65';
$message = 'Hello World!';
$signed = '0x2cb6b41177a5e6690ebbc61f182758fcf8f54403edcb848fc1089a772227d55163804b4dc7fcf72d15f0d977d741f6dd6bcc4fc4c74916378afcad06be77b2101b';

if ($address == personal_ecRecover($message, $signed)) {
    echo 'Message verified';
} else {
    echo 'Message not verified';
}