Using web3.wallet.accounts.recover(message, signature) I get the account I used to sign.
This is enough to ensure that the signature was made by the returned account ?
Web3js API Doc says it "Recovers the Ethereum address which was used to sign the given data"
https://web3js.readthedocs.io/en/v1.2.0/web3-eth-accounts.html#recover
But it is not very clear whether this data is computed by the public key algorithm or is simply extracted from the raw signature as metadata.