|
Title: Website to verify bitcoin signatures? Post by: SebastianJu on April 30, 2013, 05:28:37 PM Hello,
is there a way to check out a signed message on a website? Thanks! Title: Re: Website to verify bitcoin signatures? Post by: mobile4ever on April 30, 2013, 05:39:49 PM Hello, is there a way to check out a signed message on a website? Thanks! Usually the whole server is verified when you see the yellow lock in your browser. The page you are looking at would then be verified as well. You just want to verify a "signed message"? Title: Re: Website to verify bitcoin signatures? Post by: kjj on April 30, 2013, 06:06:13 PM I think he is asking if anyone is running a web service that can accept a hex (or whatever) bitcoin transaction string and indicate if the signature is valid or not.
I'm not aware of any sites that do that. That doesn't mean there aren't any. I just had to check, and it appears that the decoderawtransaction RPC command does not validate the signatures, so making such a thing isn't as simple as just slapping up a bitcoind and a couple lines of PHP. Title: Re: Website to verify bitcoin signatures? Post by: dserrano5 on April 30, 2013, 07:29:20 PM I just had to check, and it appears that the decoderawtransaction RPC command does not validate the signatures, so making such a thing isn't as simple as just slapping up a bitcoind and a couple lines of PHP. I think he wants to verify a signed message, ie what bitcoin does with verifymessage. That can be easily put behind a quick script Title: Re: Website to verify bitcoin signatures? Post by: SebastianJu on April 30, 2013, 07:33:48 PM I just had to check, and it appears that the decoderawtransaction RPC command does not validate the signatures, so making such a thing isn't as simple as just slapping up a bitcoind and a couple lines of PHP. I think he wants to verify a signed message, ie what bitcoin does with verifymessage. That can be easily put behind a quick script I didnt think that there are so many interpretations but i meant the functionality where one can sign a message with an address one owns. This way another person can verify that the other person owns that address. For example verifying that an address is bound to a username here in the forum. Title: Re: Website to verify bitcoin signatures? Post by: franky1 on April 30, 2013, 07:55:29 PM I just had to check, and it appears that the decoderawtransaction RPC command does not validate the signatures, so making such a thing isn't as simple as just slapping up a bitcoind and a couple lines of PHP. I think he wants to verify a signed message, ie what bitcoin does with verifymessage. That can be easily put behind a quick script yep. bitcoin qt /bitcoind has RPC api calls commands. the command verifymessage <bitcoinaddress> <signature> <message> will verify the message came from that bitcoin address https://en.bitcoin.it/wiki/API_reference_(JSON-RPC) (https://en.bitcoin.it/wiki/API_reference_(JSON-RPC)) that link should help you get started Title: Re: Website to verify bitcoin signatures? Post by: BurtW on April 30, 2013, 07:58:18 PM You can sign messages with your private keys and check signed messages from your blockchain.info wallet, which is a web site. Does that work for you?
Title: Re: Website to verify bitcoin signatures? Post by: kjj on April 30, 2013, 07:59:45 PM I just had to check, and it appears that the decoderawtransaction RPC command does not validate the signatures, so making such a thing isn't as simple as just slapping up a bitcoind and a couple lines of PHP. I think he wants to verify a signed message, ie what bitcoin does with verifymessage. That can be easily put behind a quick script I didnt think that there are so many interpretations but i meant the functionality where one can sign a message with an address one owns. This way another person can verify that the other person owns that address. For example verifying that an address is bound to a username here in the forum. Oh, that? Well, that is certainly easy enough. Code: <?php Title: Re: Website to verify bitcoin signatures? Post by: phatsphere on April 30, 2013, 08:24:57 PM here: https://blockchain.info/wallet/features
it does not only verify, but also do the signing if you give them the priv key. Title: Re: Website to verify bitcoin signatures? Post by: SebastianJu on April 30, 2013, 08:27:45 PM Am i right or does this all need the bitcoin-qt wallet running on the pc you want to test it with or in case of blockchain.info having a wallet there?
I thought more of a link that can provide the info if a signed message is valid. Then one could, for example post a link into a thread, clicking it and the info is checked. Maybe the info has to be stored on the target website because the verificationstring contains special signs. A shortcutlink like the url shorteners use maybe. On the other hand, maybe urls can handle it good enough so that the url can contain everything as parameters. I now linked to How to sign/verify messages? (http://imgur.com/a/nUmZ0) to show how it can be done with the original client. But it involves some work to check it out. A faster way would be interesting. Clicking a link and done. Only having to check if the input-data is correct at the target website. Title: Re: Website to verify bitcoin signatures? Post by: mobile4ever on April 30, 2013, 08:38:01 PM You definitely got plenty of answers. I found another one:
Quote Bitcoin: Message signing and verification | (by Alex Delmar) ... A cool function of Bitcoin not mentioned in introductions is its message signing and verification feature. Here: http://peculium.net/2013/03/29/bitcoin-message-signing-and-verification/ Title: Re: Website to verify bitcoin signatures? Post by: kjj on April 30, 2013, 08:43:17 PM Am i right or does this all need the bitcoin-qt wallet running on the pc you want to test it with or in case of blockchain.info having a wallet there? The code I posted needs a connection to a bitcoind node, yes. But anyone that wants to is free to toss it on a webserver and provide the service. I'd recommend doing it on a box that isn't also hosting a wallet. I'm not aware of any vulnerabilities involved in passing user-provided data to the RPC interface in that context, but it may be a good idea to sanitize the inputs first. That's kinda why I'd rather not host it on any of my servers. Title: Re: Website to verify bitcoin signatures? Post by: flatfly on April 30, 2013, 10:51:42 PM simplest of all:
http://brainwallet.org/#sign and http://brainwallet.org/#verify Title: Re: Website to verify bitcoin signatures? Post by: BurtW on April 30, 2013, 11:28:35 PM simplest of all: http://brainwallet.org/#sign and http://brainwallet.org/#verify Now that is cool and I think we have the answer he was actually looking for. Title: Re: Website to verify bitcoin signatures? Post by: SebastianJu on April 30, 2013, 11:42:19 PM simplest of all: http://brainwallet.org/#sign and http://brainwallet.org/#verify Very nice. :) Nearly exactly what i was looking for. Not fully automatic but when i see the sourcecode then the form uses get. Maybe its possible to implement the message and signature into the url. Anyway, i think its helpful to have such tool without having to use a wallet for verifications. But im wondering... the sign-function... is it really a good idea to send out the private key to a website? Title: Re: Website to verify bitcoin signatures? Post by: mobile4ever on May 01, 2013, 12:27:34 AM But im wondering... the sign-function... is it really a good idea to send out the private key to a website? If you can have an https connection it shoud not be a problem, if you trust the site. Title: Re: Website to verify bitcoin signatures? Post by: SebastianJu on May 01, 2013, 12:33:01 AM But im wondering... the sign-function... is it really a good idea to send out the private key to a website? If you can have an https connection it shoud not be a problem, if you trust the site. The site is the risk i believe. I think i wont recommend the sign-function to someone. Even when the websiteowner is legit websites can be hacked. I dont want to hear that someone is losing money because i sent him there. But i think the fewest people will know this key. But the verification is nice... Title: Re: Website to verify bitcoin signatures? Post by: dashingriddler on June 11, 2013, 02:36:05 PM Based on the source code on github, the private key is not going to their server at all. It is javascript calculation and implementation - so it is just client side.
|