A Contract Account enables arbitrary verification logic that can support multisig and any signature scheme. This is an advantage over an EOA which limits users to only ECDSA.
An EOA can use its private key to sign messages. However, a Contract Account isn't inherently associated to a private key so it cannot sign messages by default.
But let's say your smart contract is assigned an owner that holds an arbitrary private key. The contract can still be programmed to verify that a message was signed by the current owner's private key. This can also be extended for multisig cases as well with many owners.
Let take a look at the example of signing up to an app like OpenSea with a smart contract wallet like Stackup. Below is the following flow that you're likely familiar with.
Here you are verifying that you own the account you are signing up with. And this is what happens under the hood:
Essentially, the contract has some logic to ensure that the message has been signed by the correct users or entities before approving anything.
In order for this to work with multiple different parties, it's important to follow the recommended standard as outlined in EIP-1271. Implementing this standard is the easiest way to ensure your smart contract accounts have the best coverage for validating signatures with the rest of the ecosystem.
Test out Stackup's quickstart guide!