Since MetaMask makes cryptographic keys available to each user, websites can use these signatures for a variety of uses. Here are a few guides related to specific use cases:

• Authenticating websites(opens new window)
• Some examples of signing off-chain messages for an on-chain protocol from our MetaTransaction Hackathon(opens new window)

If you’d like to jump to some working signature examples, you can visit this repository (opens new window).

If you’d like to read our JavaScript implementations of these methods, they are all available in the npm package eth-sig-util (opens new window).

Note that MetaMask supports signing transactions with Trezor and Ledger hardware wallets. These hardware wallets currently only support signing data using the personal_sign method. If you have trouble logging in to a website or dapp when using a Ledger or Trezor, the site may be requesting you sign data via an unsupported method, in which case we recommend using your standard MetaMask account.

There are currently six signing methods in MetaMask, and you might wonder the history of these methods. Studying the history of these methods yields some guiding lessons for the emergence of decentralized standards. Our current five methods are:

• eth_sign
• personal_sign
• signTypedData (currently identical to signTypedData_v1)
• signTypedData_v1
• signTypedData_v3
• signTypedData_v4

There are likely to be many more over time. When MetaMask first started, the Provider API wasn’t designed to be exposed to untrusted websites, and so some considerations weren’t taken as seriously as they were later.

In particular, the method eth_sign is an open-ended signing method that allows signing an arbitrary hash, which means it can be used to sign transactions, or any other data, making it a dangerous phishing risk.