Bitcoin Forum

Hello there, everyone.

I've been interested for bitcoin for some time, and now I finally made an account on this forum a few days ago. I try my best to grasp the whole concept of the Bitcoin, but there is one thing I fail to understand up to this point. And that is the signing of messages using your address. I can't seem to find information on the Wiki (http://en.bitcoin.it) about this either.

I believe I do understand the concept of a private key(no-one except you should know this one) and a public key(when people see a message with a one specific public key they know for sure that all of these messages are made with the same private key).
However, when I use one of my (recieving) bitcoin addresses to sign a message, what positive influence does it have? After all, why would I ever place an address that doesn't belong to me?
And if someone stole my identity, that person could just as easily create a signed message for one of his own addresses, making everyone believe that that address would be my valid address, right?

I think I am missing something here. I would be very grateful if you could fill me in.

~W-M

Thank you for your reply, gweedo, but I still don't really get it. what kind of 'private key' is used in signed messages? Is the receiving address itself used, or something linked to it?

Why would I want to prove that I had a certain address when, as far as I know, there is no point in sending people an address I do not posses?

It is most useful in situations where you need to *prove* that you own an address such as trying to get a repayment if you accidentally sent to the wrong address (assuming the other party is co-operative).

Yes, it's the same private key than the one of the address

Hmm.

I always just assume that it was a tacit statement to the effect that "If you like my thinking or it has helped you, you can send some support my way".

Especially where someone is providing a real product or service, such as on some miner design threads.

Thank you very much. I think I understand it a little better now. So as far as I can see, it's not 'perfect' and not a guaranteed way to ensure that the person signing with a certain address is that certain person, right? Would it then make sense to combine this signing with a normal GPG key you use for different messages?

Hmm... interesting. Probably true that some people use it that way  :).

Signing with a bitcoin address is the same as signing with a PGP public key. A bitcoin address is a public key.

You can verify somebody's identity by asking them to sign something and then verifying the signature with their bitcoin address/public key.

Provided that their identity is linked to the bitcoin address in question, correct?

Is that you Maria?

:D

I was curious about this myself.

I assume that this is different than encoding a message that can later be decoded with a password?

Despite the confusingly same name "signature", these are two completely unrelated things.

You're talking about placing a Bitcoin address in your forum signature.

The OP was talking about generating an ECDSA digital signature using the private key associated with your Bitcoin address.

Yes.

Encryption = encoding a message so that only one person can read it. (AFAIK Bitcoin private keys can't be used for this).

Digital signature = Proving that you (where "you" is the owner of a certain private key) wrote a certain message. (The Bitcoin software automatically signs your transactions so they are accepted by the network, but you can also sign arbitrary messages on your own).

Thank you very much. This was exactly the kind of answer I was hoping to get. It is very clear to me now. Hopefully this will be helpful to other people in the future as well. :)

I am very sorry, but I do not know anyone named Maria  ;). I myself are of the male gender and altough there are boys named Sue (http://en.wikipedia.org/wiki/Boy_named_sue), I am not named Maria. the 'M' in my name stands for something else.


@Meni Rosenfeld: Also thank you for your reply. HappyScamp's post had me thoroughly confused for a moment there.  ::)

Thanks everyone,

~W-M

Yes. What the signature verifies is very specific. You can only verify that that something was signed by the person that gave you the public key.

For example, if you receive an email from a stranger, saying "I am Satoshi. Here is my public key." And then you receive an email that is signed. You can verify that the signer is the person that sent you the public key, but not that he is Satoshi. Perhaps, way back when, Satoshi posted a public key or a bitcoin address that he controlled. Then you could use that to verify that the person is that Satoshi.

Furthermore, the possession of a signed message is not enough to verify the identity of the holder. Suppose Satoshi's public key is known, and he sent me a message signed with it three years ago. I could just send you that signed message today and say "I am Satoshi. You can verify that I signed this." To verify a person's identity, you must give the person something original to sign.