Bitcoin Forum
November 13, 2024, 03:31:47 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: What is signing with your Bitcoin address?  (Read 1769 times)
W-M (OP)
Full Member
***
Offline Offline

Activity: 210
Merit: 100

In Crypto we Trust.


View Profile
March 30, 2013, 10:10:21 AM
 #1

Hello there, everyone.

I've been interested for bitcoin for some time, and now I finally made an account on this forum a few days ago. I try my best to grasp the whole concept of the Bitcoin, but there is one thing I fail to understand up to this point. And that is the signing of messages using your address. I can't seem to find information on the Wiki about this either.

I believe I do understand the concept of a private key(no-one except you should know this one) and a public key(when people see a message with a one specific public key they know for sure that all of these messages are made with the same private key).
However, when I use one of my (recieving) bitcoin addresses to sign a message, what positive influence does it have? After all, why would I ever place an address that doesn't belong to me?
And if someone stole my identity, that person could just as easily create a signed message for one of his own addresses, making everyone believe that that address would be my valid address, right?

I think I am missing something here. I would be very grateful if you could fill me in.

~W-M

SatoshiCarnival.co ♢ Refreshing ♥ Fair ♧ Bitcoin Casino

WMCode ~ Web Development ~ Design
W-M (OP)
Full Member
***
Offline Offline

Activity: 210
Merit: 100

In Crypto we Trust.


View Profile
March 30, 2013, 12:52:58 PM
 #2

It just proves you own a private key if you sign it and people can verify it.
Thank you for your reply, gweedo, but I still don't really get it. what kind of 'private key' is used in signed messages? Is the receiving address itself used, or something linked to it?

Why would I want to prove that I had a certain address when, as far as I know, there is no point in sending people an address I do not posses?

SatoshiCarnival.co ♢ Refreshing ♥ Fair ♧ Bitcoin Casino

WMCode ~ Web Development ~ Design
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
March 30, 2013, 12:56:16 PM
 #3

It is most useful in situations where you need to *prove* that you own an address such as trying to get a repayment if you accidentally sent to the wrong address (assuming the other party is co-operative).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1280


May Bitcoin be touched by his Noodly Appendage


View Profile
March 30, 2013, 12:59:17 PM
 #4

It just proves you own a private key if you sign it and people can verify it.
Thank you for your reply, gweedo, but I still don't really get it. what kind of 'private key' is used in signed messages? Is the receiving address itself used, or something linked to it?
Yes, it's the same private key than the one of the address

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
HappyScamp
Sr. Member
****
Offline Offline

Activity: 314
Merit: 250



View Profile
March 30, 2013, 01:56:09 PM
 #5

Hmm.

I always just assume that it was a tacit statement to the effect that "If you like my thinking or it has helped you, you can send some support my way".

Especially where someone is providing a real product or service, such as on some miner design threads.

W-M (OP)
Full Member
***
Offline Offline

Activity: 210
Merit: 100

In Crypto we Trust.


View Profile
March 30, 2013, 11:40:22 PM
 #6

Thank you very much. I think I understand it a little better now. So as far as I can see, it's not 'perfect' and not a guaranteed way to ensure that the person signing with a certain address is that certain person, right? Would it then make sense to combine this signing with a normal GPG key you use for different messages?

Hmm.

I always just assume that it was a tacit statement to the effect that "If you like my thinking or it has helped you, you can send some support my way".

Especially where someone is providing a real product or service, such as on some miner design threads.

Hmm... interesting. Probably true that some people use it that way  Smiley.

SatoshiCarnival.co ♢ Refreshing ♥ Fair ♧ Bitcoin Casino

WMCode ~ Web Development ~ Design
odolvlobo
Legendary
*
Offline Offline

Activity: 4494
Merit: 3417



View Profile
March 30, 2013, 11:58:23 PM
 #7

Thank you very much. I think I understand it a little better now. So as far as I can see, it's not 'perfect' and not a guaranteed way to ensure that the person signing with a certain address is that certain person, right? Would it then make sense to combine this signing with a normal GPG key you use for different messages?

Signing with a bitcoin address is the same as signing with a PGP public key. A bitcoin address is a public key.

You can verify somebody's identity by asking them to sign something and then verifying the signature with their bitcoin address/public key.

Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
March 31, 2013, 01:06:23 AM
 #8

You can verify somebody's identity by asking them to sign something and then verifying the signature with their bitcoin address/public key.

Provided that their identity is linked to the bitcoin address in question, correct?
simonk83
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
March 31, 2013, 01:09:40 AM
 #9

It just proves you own a private key if you sign it and people can verify it.
Thank you for your reply, gweedo, but I still don't really get it. what kind of 'private key' is used in signed messages? Is the receiving address itself used, or something linked to it?

Why would I want to prove that I had a certain address when, as far as I know, there is no point in sending people an address I do not posses?

Is that you Maria?

Cheesy
Elwar
Legendary
*
Offline Offline

Activity: 3598
Merit: 2386


Viva Ut Vivas


View Profile WWW
March 31, 2013, 04:35:14 AM
 #10

I was curious about this myself.

I assume that this is different than encoding a message that can later be decoded with a password?


First seastead company actually selling sea homes: Ocean Builders https://ocean.builders  Of course we accept bitcoin.
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 2058
Merit: 1054



View Profile WWW
March 31, 2013, 05:12:52 AM
 #11

Hmm.

I always just assume that it was a tacit statement to the effect that "If you like my thinking or it has helped you, you can send some support my way".

Especially where someone is providing a real product or service, such as on some miner design threads.
Despite the confusingly same name "signature", these are two completely unrelated things.

You're talking about placing a Bitcoin address in your forum signature.

The OP was talking about generating an ECDSA digital signature using the private key associated with your Bitcoin address.

I assume that this is different than encoding a message that can later be decoded with a password?
Yes.

Encryption = encoding a message so that only one person can read it. (AFAIK Bitcoin private keys can't be used for this).

Digital signature = Proving that you (where "you" is the owner of a certain private key) wrote a certain message. (The Bitcoin software automatically signs your transactions so they are accepted by the network, but you can also sign arbitrary messages on your own).

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
W-M (OP)
Full Member
***
Offline Offline

Activity: 210
Merit: 100

In Crypto we Trust.


View Profile
March 31, 2013, 08:13:52 PM
 #12

Thank you very much. I think I understand it a little better now. So as far as I can see, it's not 'perfect' and not a guaranteed way to ensure that the person signing with a certain address is that certain person, right? Would it then make sense to combine this signing with a normal GPG key you use for different messages?

Signing with a bitcoin address is the same as signing with a PGP public key. A bitcoin address is a public key.

You can verify somebody's identity by asking them to sign something and then verifying the signature with their bitcoin address/public key.
Thank you very much. This was exactly the kind of answer I was hoping to get. It is very clear to me now. Hopefully this will be helpful to other people in the future as well. Smiley

It just proves you own a private key if you sign it and people can verify it.
Thank you for your reply, gweedo, but I still don't really get it. what kind of 'private key' is used in signed messages? Is the receiving address itself used, or something linked to it?

Why would I want to prove that I had a certain address when, as far as I know, there is no point in sending people an address I do not posses?

Is that you Maria?

Cheesy
I am very sorry, but I do not know anyone named Maria  Wink. I myself are of the male gender and altough there are boys named Sue, I am not named Maria. the 'M' in my name stands for something else.


@Meni Rosenfeld: Also thank you for your reply. HappyScamp's post had me thoroughly confused for a moment there.  Roll Eyes

Thanks everyone,

~W-M

SatoshiCarnival.co ♢ Refreshing ♥ Fair ♧ Bitcoin Casino

WMCode ~ Web Development ~ Design
odolvlobo
Legendary
*
Offline Offline

Activity: 4494
Merit: 3417



View Profile
March 31, 2013, 10:30:11 PM
 #13

You can verify somebody's identity by asking them to sign something and then verifying the signature with their bitcoin address/public key.

Provided that their identity is linked to the bitcoin address in question, correct?

Yes. What the signature verifies is very specific. You can only verify that that something was signed by the person that gave you the public key.

For example, if you receive an email from a stranger, saying "I am Satoshi. Here is my public key." And then you receive an email that is signed. You can verify that the signer is the person that sent you the public key, but not that he is Satoshi. Perhaps, way back when, Satoshi posted a public key or a bitcoin address that he controlled. Then you could use that to verify that the person is that Satoshi.

Furthermore, the possession of a signed message is not enough to verify the identity of the holder. Suppose Satoshi's public key is known, and he sent me a message signed with it three years ago. I could just send you that signed message today and say "I am Satoshi. You can verify that I signed this." To verify a person's identity, you must give the person something original to sign.

Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!