W-M (OP)
Full Member
Offline
Activity: 210
Merit: 100
In Crypto we Trust.
|
|
March 30, 2013, 10:10:21 AM |
|
Hello there, everyone. I've been interested for bitcoin for some time, and now I finally made an account on this forum a few days ago. I try my best to grasp the whole concept of the Bitcoin, but there is one thing I fail to understand up to this point. And that is the signing of messages using your address. I can't seem to find information on the Wiki about this either. I believe I do understand the concept of a private key(no-one except you should know this one) and a public key(when people see a message with a one specific public key they know for sure that all of these messages are made with the same private key). However, when I use one of my (recieving) bitcoin addresses to sign a message, what positive influence does it have? After all, why would I ever place an address that doesn't belong to me? And if someone stole my identity, that person could just as easily create a signed message for one of his own addresses, making everyone believe that that address would be my valid address, right? I think I am missing something here. I would be very grateful if you could fill me in. ~W-M
|
♠ SatoshiCarnival.co ♢ Refreshing ♥ Fair ♧ Bitcoin Casino ⚂ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀WMCode ~ Web Development ~ Design
|
|
|
W-M (OP)
Full Member
Offline
Activity: 210
Merit: 100
In Crypto we Trust.
|
|
March 30, 2013, 12:52:58 PM |
|
It just proves you own a private key if you sign it and people can verify it.
Thank you for your reply, gweedo, but I still don't really get it. what kind of 'private key' is used in signed messages? Is the receiving address itself used, or something linked to it? Why would I want to prove that I had a certain address when, as far as I know, there is no point in sending people an address I do not posses?
|
♠ SatoshiCarnival.co ♢ Refreshing ♥ Fair ♧ Bitcoin Casino ⚂ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀WMCode ~ Web Development ~ Design
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
March 30, 2013, 12:56:16 PM |
|
It is most useful in situations where you need to *prove* that you own an address such as trying to get a repayment if you accidentally sent to the wrong address (assuming the other party is co-operative).
|
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
March 30, 2013, 12:59:17 PM |
|
It just proves you own a private key if you sign it and people can verify it.
Thank you for your reply, gweedo, but I still don't really get it. what kind of 'private key' is used in signed messages? Is the receiving address itself used, or something linked to it? Yes, it's the same private key than the one of the address
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
HappyScamp
|
|
March 30, 2013, 01:56:09 PM |
|
Hmm.
I always just assume that it was a tacit statement to the effect that "If you like my thinking or it has helped you, you can send some support my way".
Especially where someone is providing a real product or service, such as on some miner design threads.
|
|
|
|
W-M (OP)
Full Member
Offline
Activity: 210
Merit: 100
In Crypto we Trust.
|
|
March 30, 2013, 11:40:22 PM |
|
Thank you very much. I think I understand it a little better now. So as far as I can see, it's not 'perfect' and not a guaranteed way to ensure that the person signing with a certain address is that certain person, right? Would it then make sense to combine this signing with a normal GPG key you use for different messages? Hmm.
I always just assume that it was a tacit statement to the effect that "If you like my thinking or it has helped you, you can send some support my way".
Especially where someone is providing a real product or service, such as on some miner design threads.
Hmm... interesting. Probably true that some people use it that way .
|
♠ SatoshiCarnival.co ♢ Refreshing ♥ Fair ♧ Bitcoin Casino ⚂ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀WMCode ~ Web Development ~ Design
|
|
|
odolvlobo
Legendary
Offline
Activity: 4494
Merit: 3417
|
|
March 30, 2013, 11:58:23 PM |
|
Thank you very much. I think I understand it a little better now. So as far as I can see, it's not 'perfect' and not a guaranteed way to ensure that the person signing with a certain address is that certain person, right? Would it then make sense to combine this signing with a normal GPG key you use for different messages?
Signing with a bitcoin address is the same as signing with a PGP public key. A bitcoin address is a public key. You can verify somebody's identity by asking them to sign something and then verifying the signature with their bitcoin address/public key.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
March 31, 2013, 01:06:23 AM |
|
You can verify somebody's identity by asking them to sign something and then verifying the signature with their bitcoin address/public key.
Provided that their identity is linked to the bitcoin address in question, correct?
|
|
|
|
simonk83
|
|
March 31, 2013, 01:09:40 AM |
|
It just proves you own a private key if you sign it and people can verify it.
Thank you for your reply, gweedo, but I still don't really get it. what kind of 'private key' is used in signed messages? Is the receiving address itself used, or something linked to it? Why would I want to prove that I had a certain address when, as far as I know, there is no point in sending people an address I do not posses? Is that you Maria?
|
|
|
|
Elwar
Legendary
Offline
Activity: 3598
Merit: 2386
Viva Ut Vivas
|
|
March 31, 2013, 04:35:14 AM |
|
I was curious about this myself.
I assume that this is different than encoding a message that can later be decoded with a password?
|
First seastead company actually selling sea homes: Ocean Builders https://ocean.builders Of course we accept bitcoin.
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
March 31, 2013, 05:12:52 AM |
|
Hmm.
I always just assume that it was a tacit statement to the effect that "If you like my thinking or it has helped you, you can send some support my way".
Especially where someone is providing a real product or service, such as on some miner design threads.
Despite the confusingly same name "signature", these are two completely unrelated things. You're talking about placing a Bitcoin address in your forum signature. The OP was talking about generating an ECDSA digital signature using the private key associated with your Bitcoin address. I assume that this is different than encoding a message that can later be decoded with a password?
Yes. Encryption = encoding a message so that only one person can read it. (AFAIK Bitcoin private keys can't be used for this). Digital signature = Proving that you (where "you" is the owner of a certain private key) wrote a certain message. (The Bitcoin software automatically signs your transactions so they are accepted by the network, but you can also sign arbitrary messages on your own).
|
|
|
|
W-M (OP)
Full Member
Offline
Activity: 210
Merit: 100
In Crypto we Trust.
|
|
March 31, 2013, 08:13:52 PM |
|
Thank you very much. I think I understand it a little better now. So as far as I can see, it's not 'perfect' and not a guaranteed way to ensure that the person signing with a certain address is that certain person, right? Would it then make sense to combine this signing with a normal GPG key you use for different messages?
Signing with a bitcoin address is the same as signing with a PGP public key. A bitcoin address is a public key. You can verify somebody's identity by asking them to sign something and then verifying the signature with their bitcoin address/public key. Thank you very much. This was exactly the kind of answer I was hoping to get. It is very clear to me now. Hopefully this will be helpful to other people in the future as well. It just proves you own a private key if you sign it and people can verify it.
Thank you for your reply, gweedo, but I still don't really get it. what kind of 'private key' is used in signed messages? Is the receiving address itself used, or something linked to it? Why would I want to prove that I had a certain address when, as far as I know, there is no point in sending people an address I do not posses? Is that you Maria? I am very sorry, but I do not know anyone named Maria . I myself are of the male gender and altough there are boys named Sue, I am not named Maria. the 'M' in my name stands for something else. @Meni Rosenfeld: Also thank you for your reply. HappyScamp's post had me thoroughly confused for a moment there. Thanks everyone, ~W-M
|
♠ SatoshiCarnival.co ♢ Refreshing ♥ Fair ♧ Bitcoin Casino ⚂ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀WMCode ~ Web Development ~ Design
|
|
|
odolvlobo
Legendary
Offline
Activity: 4494
Merit: 3417
|
|
March 31, 2013, 10:30:11 PM |
|
You can verify somebody's identity by asking them to sign something and then verifying the signature with their bitcoin address/public key.
Provided that their identity is linked to the bitcoin address in question, correct? Yes. What the signature verifies is very specific. You can only verify that that something was signed by the person that gave you the public key. For example, if you receive an email from a stranger, saying "I am Satoshi. Here is my public key." And then you receive an email that is signed. You can verify that the signer is the person that sent you the public key, but not that he is Satoshi. Perhaps, way back when, Satoshi posted a public key or a bitcoin address that he controlled. Then you could use that to verify that the person is that Satoshi. Furthermore, the possession of a signed message is not enough to verify the identity of the holder. Suppose Satoshi's public key is known, and he sent me a message signed with it three years ago. I could just send you that signed message today and say "I am Satoshi. You can verify that I signed this." To verify a person's identity, you must give the person something original to sign.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
|