How to check that an Ethereum address belongs to the current user?
Usually (on centralized hostings) it is done by signing a message with hashed private key (stored on the server), but I should not keep a private key in a canister, because anybody running the canister can read it. So, what to do?
Canisters have no keys that they need to hold or manage. A canister can only request a signatures to be created for its address by the ECDSA subnet (the subnet where nodes collectively hold the private key). And that’s exactly the mechanism that a canister can use to sign something and prove the possession of a given address.