Ledger-signed messages exceeding 255 bytes cannot be verified

[jobotics]

Description

We are integrating TronWeb into our dApp (near-intents.org). When signing a message via Ledger, verification fails if the signed message length exceeds 255 bytes.

It seems that the current Ledger C implementation splits the data into packets, and the part of the message beyond 255 bytes is moved into the next packet. That "tail" portion is not included in verification, which leads to invalid signatures.

Steps to Reproduce

1. Use Ledger with TronWeb to sign a message longer than 255 bytes.
2. Attempt to verify the signed message.
3. Verification fails.

Expected Behavior

• The entire message (including any data beyond 255 bytes) should be included in the signature and verifiable.

Actual Behavior

• Signature verification fails when the message length exceeds 255 bytes.

Environment

• tronweb: ^6.0.4
• @tronweb3/tronwallet-adapter-react-hooks: 1.1.10
• Ledger: ledger nano x + firmware latest
• Browser/OS: Chrome 140.0.7339.186 / macOS Sequoia 15.16.1

[unicornonea]

Hi,
It seems that you are calling tronWeb.trx.sign(message) or tronWeb.trx.signMessageV2(message). Please note that the tronWeb object is typically exposed by a wallet such as TronLink chrome extension. In this case, the wallet intercepts the sign request and, if it is connected to Ledger, communicates internally with Ledger via the @ledgerhq/hw-app-trx library.

Because of this, the limitation actually comes from the wallet side: Ledger does not support transmitting messages longer than 255 bytes. TronWeb only acts as a bridge in this process—the actual signing is not performed by TronWeb’s signMessageV2. Resolving this issue would require an update to the @ledgerhq/hw-app-trx library, followed by wallet support.

If you want to support messages longer than 255 bytes for now, you can first hash the message (e.g., using sha3) so that the signed data is limited in length. During verification, you can add compatible logic to validate the hashed message. Optionally, you can prepend a random header to the original message before hashing.

By the way, we recommend using tronWeb.trx.signMessageV2(message), with the corresponding verification method verifyMessageV2.
Documentation: https://tronweb.network/docu/docs/Sign%20and%20Verify%20Message

[jobotics]

If you want to support messages longer than 255 bytes for now, you can first hash the message (e.g., using sha3) so that the signed data is limited in length. During verification, you can add compatible logic to validate the hashed message. Optionally, you can prepend a random header to the original message before hashing.

This approach doesn’t work — we’ve already tried it, and some limitation still exists.

By the way, we recommend using tronWeb.trx.signMessageV2(message), with the corresponding verification method verifyMessageV2

It’s already implemented and in use under the hood here: https://github.com/tronweb3/tronwallet-adapter/blob/55418ea01e7736d5d2a65d7a255f3b759d7d0aab/packages/adapters/trust/src/adapter.ts#L241

TL;DR: Please don’t close this ticket — we’ll open one bug issue at @ledgerhq/hw-app-trx and reference this discussion. We’d like to follow up to resolve this and allow the Tron community to use Ledger without such limitations.

[unicornonea]

Hi,
The method mentioned above for handling extra-long messages with sha3 should theoretically work.
If it doesn’t, you can post the corresponding error here, and we’ll take a look.

In addition, TronWeb also supports TIP-712 formatted message signing and verification.
You can use:

tron.tronWeb.trx._signTypedData(messageInfo)

where messageInfo follows the TIP-712 standard.

For detailed usage, please refer to the TronWeb documentation:
signTypedData

The corresponding verification method is documented here:
verifyTypedData

We won’t close this issue until the long-message Ledger problem is resolved.