I'm building a website (Nextjs) that allows user to login with Trezor wallet by signing Ethereum address.
In front-end, I used TrezorConnect to exported Ethereum addresses with path m/44'/60'/0'/0/i and sign message:
const message = await TrezorConnect.ethereumSignMessage({
message: data,
path: m/44'/60'/0'/0/0,
hex: true,
});
await axios.post(`/login`, { signature: `0x${message.payload.signature}` });
In back-end (Nodejs), I used eth-sig-util to recover signature
const recoveredAddress = recoverPersonalSignature({
data,
sig: signature,
});
if (recoveredAddress.toLowerCase() !== expectedAddress.toLowerCase()) {
throw new HttpException('Signature is not correct.', 400);
}
I saw that the recoveredAddress is different from expectedAddress that I used to sign message.
But when I used "Verify Message Signature" feature on EtherScan, both were verified with same signature (that is 0x${message.payload.signature}).
Are there other ways to verify Trezor signature? I would be pleased if someone gives me any solutions.