|
Title: Publishing signed bitcoin messages Post by: mothepro on November 12, 2025, 04:47:23 PM Just wanted to see what y'all think of this bitcoin message verifier page I put together.
https://verify-bitcoin-message.js.org Originally, I made it to learn, but also wanted an easy way to aggregate, share and publish these types of messages... If anyone can, translations would be an incredible contribution now :) Title: Re: Publishing signed bitcoin messages Post by: mothepro on November 12, 2025, 05:01:32 PM Publishing messages will start a Github bot which automatically verifies all included messages and even provide proofs!
For example, a while back, someone used 100s bitcoin addresses to sign this message. Quote Craig Steven Wright is a liar and a fraud. He doesn't have the keys used to sign this message. The Lightning Network is a significant achievement. However, we need to continue work on improving on-chain capacity. Unfortunately, the solution is not to just change a constant in the code or to allow powerful participants to force out others. We are all Satoshi I published those signed messages on the signer's behalf. https://github.com/mothepro/verify-bitcoin-message/pull/17 Title: Re: Publishing signed bitcoin messages Post by: stwenhao on November 13, 2025, 08:13:13 AM The tool works correctly, but it says things, which can be wrong in some cases. Because the correctness of the signature doesn't prove, that the coins are spendable, if it was artificially generated, without dealing with any private keys at all.
For example: Code: message="Hello World" Quote 1psPJZYEJrjPtY6kw5Tqtj4mW2yXSSDuH digitally signed this message with their private key Wrong, the private key is unknown. If it would be known, then secp256k1 would be broken.Quote Authentication The signer can spend bitcoin from the address Wrong, the signer can only sign "Hello World" specifically, and nothing else, because the private key is unknown, and the public key was created from the signed message and signature public key.Title: Re: Publishing signed bitcoin messages Post by: ABCbits on November 13, 2025, 10:47:04 AM For something that made for learning purpose, it's good enough. I just want to suggest to consider showing all entered data (address, signature and message) after user clicking button "Verify".
The tool works correctly, but it says things, which can be wrong in some cases. Because the correctness of the signature doesn't prove, that the coins are spendable, if it was artificially generated, without dealing with any private keys at all. --snip-- Interesting. I tried using other website mentioned on OP's website and they have same issue. Electrum says "Invalid address" on "Sign/verify message" windows, although Electrum let me import the address on watch-only address. Title: Re: Publishing signed bitcoin messages Post by: mothepro on November 13, 2025, 03:40:56 PM For the curious, the payload in question is: https://verify-bitcoin-message.js.org/?address=1psPJZYEJrjPtY6kw5Tqtj4mW2yXSSDuH&message=Hello+World&signature=GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE%3D
correctness of the signature doesn't prove, that the coins are spendable, if it was artificially generated Are you able to explain more about how this signature was generated then? My best guess is the message "Hello World" was chosen, then signature uses some simple points on the elliptic curve to generate a public key. Wrong, the signer can only sign "Hello World" specifically, and nothing else, because the private key is unknown, and the public key was created from the signed message and signature public key. But then the public key shouldn't map to a valid address? I implemented a Base58 checksum (which shouldn't validate) AND mempool.space (https://mempool.space/address/1psPJZYEJrjPtY6kw5Tqtj4mW2yXSSDuH) should throw an invalid address error. It sounds like message signatures are only useful if you expect a specific address (or a set amount of coins in the address). I just want to suggest to consider showing all entered data (address, signature and message) after user clicking button "Verify". Great feedback, added a "View Details" button to see the entire payload as json. Thanks! Title: Re: Publishing signed bitcoin messages Post by: stwenhao on November 13, 2025, 08:11:41 PM Quote Are you able to explain more about how this signature was generated then? Sure:https://bitcoin.stackexchange.com/questions/77324/how-are-bitcoin-signed-messages-generated https://en.bitcoin.it/wiki/Message_signing 1. Take some public key, where you don't know the private key, and turn it into R-value. For example: Code: R=020000000000000000000000000000000000000000000000000000000000000001 Code: s=0000000000000000000000000000000000000000000000000000000000000001 Code: 1b 4. Take any message you want, and hash it properly: Code: message="Hello World" Code: z=a7af0baad5ae99b97fc69b3a0d1abcf3ef17f131cc4776e1bc11933ec8550f49 However, the knowledge of this public key, does not require the knowledge of the private key. Also, it is possible to pick someone else's public key, and put it into R-value, instead of 020000000000000000000000000000000000000000000000000000000000000001. Then, a given recovered address will be spendable only by that person. Here is another example, which will pass verification: Code: message="I am Saint Wenhao, and I can use public key recovery." Link to your site: https://verify-bitcoin-message.js.org/?address=1D2w953S1GgTHa2tRA5kuFwfuUkw9jt5ip&message=I+am+Saint+Wenhao%2C+and+I+can+use+public+key+recovery.&signature=GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE%3D As you can see, verification passed, but "The signer can spend bitcoin from the address" is a lie, because only public keys were used, to generate all of that, so private keys are unknown, even if the signature can pass verification. Title: Re: Publishing signed bitcoin messages Post by: LeyMonte on November 14, 2025, 02:08:41 PM Although I had checked verification before with Mycelium but after seeing this, I tried to check again today and saw that my BTC wallet showed verified. Verify bitcoin message js org It can be checked very easily. Anyone who wants to can check their wallet directly there in a short time.
|