Bitcoin Forum

Bitcoin => Mining speculation => Topic started by: RustyNomad on June 19, 2015, 07:10:04 PM



Title: Questions irt message signing
Post by: RustyNomad on June 19, 2015, 07:10:04 PM
There are three people whom I need to make payments to and I'm planning on making these payments in bitcoin. I however need to have some sort of 'proof of payment' for record keeping purposes.

First step is to get proof that they actually own and control the address to which payment will be made so they cannot later say that the payment was made to the 'wrong' address. So I'll get each person to sign a short message, something like 'I xxxx yyyyy hereby confirm that the following bitcoin address is owned and controlled by myself........' and to let them forward this signed message together with the signature and key address to me via email.

The above together with the relevant transaction on the blockchain should do for my requirements.

Questions

1) Does the above seem sound or is there a better way to go about this?

2) Is there a limit to the length of the message and if so will this be client specific? Just want to make sure that they will be able to sign the message no matter which client/wallet they use.

3) Anything else I need to know or consider?



 


Title: Re: Questions irt message signing
Post by: achow101 on June 19, 2015, 07:33:11 PM
1) It is sound, and a lot of people here do that. You should also have them include the date and time in the message.
2) I don't think that there is a limit, but ask them to keep the message short just in case.
3) Most web wallets do not actually give their users full control of the keys. If they are using a web wallet, then they won't be able to sign a message. One of the exceptions is blockchain.info's wallet.

Also, what key do they need to forward to you? You only need the message, signature, and address used to sign it.


Title: Re: Questions irt message signing
Post by: RustyNomad on June 19, 2015, 07:35:35 PM

Also, what key do they need to forward to you? You only need the message, signature, and address used to sign it.

Sorry, meant the address they signed the message with.

Just checked and see Coinbase also allows message signing.


Title: Re: Questions irt message signing
Post by: emelac on June 19, 2015, 07:51:36 PM
I'm not an expert on message signing but this quoted reddit post might be relevant.

http://www.reddit.com/r/Bitcoin/comments/18qy88/bitcoin_message_signing_and_verification/c8h6qmu

Quote
Also also remember to send them the plain text and the signature — ideally with "== BEGIN HERE ==" and "== END HERE ==" markers — because the gook you get from signing does not carry a copy of the plaintext it authenticates.

I have seen a number of messages using this format, although I don't understand the technical details.

Code:
== BEGIN PLAINTEXT MESSAGE ==
Test message, demonstrating to /u/revman how to format
a bitcoin signed address.
== END PLAINTEXT MESSAGE ==
Signed with Bitcoin address 1EkRbE33yCDAiT2AeH97sxVofKDVsZN5fc:
HCKxUPNFcg7eLMhdR7JAax16zG8ZSmzLDU+1c3i2pSEcrFE6LgZl0fpYmidqxFrKBtTAcitlu3r9X8D3JASl8uo=