CIP-8 defines how a Cardano key signs an arbitrary payload using the COSE (CBOR Object Signing and Encryption) format, producing a signature plus the public key needed to verify it. Because no transaction is built and nothing is submitted, message signing costs no fee and never appears on-chain; it simply demonstrates that the signer holds the private key behind a given address.
This is the mechanism behind "sign in with Cardano" logins, ownership checks, and gated access: a service hands the wallet a challenge, the wallet signs it, and the service verifies the result against the claimed address. In practice apps reach CIP-8 through the CIP-30 signData method, which implements this signing flow inside the dApp-wallet bridge. It is deliberately distinct from signing a transaction, so approving a login can never move your funds.
Sources
Explore next
- WalletSoftware that stores your private keys and allows you to send, receive, and manage your ada and other tokens.View term
- CIP-30The standard that lets a website talk to a browser-extension wallet, so dApps can request addresses, ask the wallet to sign a transaction, and submit it, all without handling the user's keys.View term
- Bech32An address encoding format used for Cardano addresses since the Shelley hard fork.View term