--- title: Off-Chain Message Signing --- Off-chain message signing is a method of signing non-transaction messages with a Solana wallet. This feature can be used to authenticate users or provide proof of wallet ownership. ## Sign Off-Chain Message To sign an arbitrary off-chain message, run the following command: ```bash solana sign-offchain-message ``` The message will be encoded and signed with CLI's default private key and signature printed to the output. If you want to sign it with another key, just use the `-k/--keypair` option: ```bash solana sign-offchain-message -k ``` By default, the messages constructed are version 0, the only version currently supported. When other versions become available, you can override the default value with the `--version` option: ```bash solana sign-offchain-message -k --version ``` The message format is determined automatically based on the version and text of the message. Version `0` headers specify three message formats allowing for trade-offs between compatibility and composition of messages: | ID | Encoding | Maximum Length | Hardware Wallet Support | | :-: | :-----------------: | :------------: | :---------------------: | | 0 | Restricted ASCII \* | 1212 | Yes | | 1 | UTF-8 | 1212 | Blind sign only | | 2 | UTF-8 | 65515 | No | \* Those characters for which [`isprint(3)`](https://linux.die.net/man/3/isprint) returns true. That is, `0x20..=0x7e`. Formats `0` and `1` are motivated by hardware wallet support where both RAM to store the payload and font character support are limited. To sign an off-chain message with Ledger, ensure your Ledger is running latest firmware and Solana Ledger App version 1.3.0 or later. After Ledger is unlocked and Solana Ledger App is open, run: ```bash solana sign-offchain-message -k usb://ledger ``` For more information on how to setup and work with the ledger device see this [link](../wallet-guide/hardware-wallets/ledger.md). Please note that UTF-8 encoded messages require `Allow blind sign` option enabled in Solana Ledger App. Also, due to the lack of UTF-8 support in Ledger devices, only the hash of the message will be displayed in such cases. If `Display mode` is set to `Expert`, Ledger will display technical information about the message to be signed. ## Verify Off-Chain Message Signature To verify the off-chain message signature, run the following command: ```bash solana verify-offchain-signature ``` The public key of the default CLI signer will be used. You can specify another key with the `--signer` option: ```bash solana verify-offchain-signature --signer ``` If the signed message has a version different from the default, you need to specify the matching version explicitly: ```bash solana verify-offchain-signature --version ``` ## Protocol Specification To ensure that off-chain messages are not valid transactions, they are encoded with a fixed prefix: `\xffsolana offchain`, where first byte is chosen such that it is implicitly illegal as the first byte in a transaction `MessageHeader` today. More details about the payload format and other considerations are available in the [proposal](https://github.com/solana-labs/solana/blob/master/docs/src/proposals/off-chain-message-signing.md).