[BOUNTY: 2.0 BTC] [CLAIMED] Message Signing in Armory

[jackjack]

1.
You need to add that function:

Code:

def DecodeBase58Check(sec):
	vchRet = b58decode(sec, None)
	secret = vchRet[0:-4]
	csum = vchRet[-4:]
	hash = Hash(secret)
	cs32 = hash[0:4]
	if cs32 != csum:
		return None
	else:
		return secret

pvk1=DecodeBase58Check("5KWLD8VF29WR36qR2YM3wWLDuePHJAP4YKgCMcfvNN7TTxSFgFx")

2.

Code:

pubkey = EC_KEY(pvk1, bool(compressed key or not?)).pubkey  #this is an object
pbk = pubkey.ser()   #the serialization itself: 04+x+y or 02+x or 03+x

[greBit]

champion! thanks

[jackjack]

I have an armory wallet and need to sign a message to prove ownership of a particular address to recover scammed funds. I'm running the MacOSx. Is the message signing compatible with bitcoin-qt yet? If so, How do I sign in this method? I currently tried verifying a signed message and it failed in bitcoin-qt.

Thank you!

I don't think etotheipi already put the code in Armory (I can be wrong though)
If you have python on your OSX I can make tweak my code a bit to do what you want until it's implemented

[dashingriddler]

There is a webpage which can do the work for you
http://brainwallet.org/#sign
You need to provide your private key (u can get it on the SIGN MESSAGE window of armory by selecting the address using address button)
This runs on java script - so your private key wont get sent to any web server

[jackjack]

There is a webpage which can do the work for you
http://brainwallet.org/#sign
You need to provide your private key (u can get it on the SIGN MESSAGE window of armory by selecting the address using address button)
This runs on java script - so your private key wont get sent to any web server

The point is precisely not to use another software but rather having everything done in Python

[dashingriddler]

There is a webpage which can do the work for you
http://brainwallet.org/#sign
You need to provide your private key (u can get it on the SIGN MESSAGE window of armory by selecting the address using address button)
This runs on java script - so your private key wont get sent to any web server

The point is precisely not to use another software but rather having everything done in Python

I do agree. But this is just for people who wish to sign a message but are using armory. I had to spend lot of time to figure this out as needed to sign some message. I hope it helps someone

[Ente]

I just played a bit with jasvet.py, thank you both, jackjack and Alan.

I try to sign one same message with several addresses. The signature should be somewhat futureproof and "official"
(Like, legally proving the ownership of several addresses).
A short signature is a plus, to be able to queeze more onto one piece of paper.

So, I figured I'll go with the bitcoin-qt v0 method for this.

Adding this to the script:

Code:

def DecodeBase58Check(sec):
	vchRet = b58decode(sec, None)
	secret = vchRet[0:-4]
	csum = vchRet[-4:]
	hash = Hash(secret)
	cs32 = hash[0:4]
	if cs32 != csum:
		return None
	else:
		return secret

#==============================================

pvk1=DecodeBase58Check("5KWLD8VF29WR36qR2YM3wWLDuePHJAP4YKgCMcfvNN7TTxSFgFx")
text1='Hello world!'
FTVerbose=True
sv0=ASv0(pvk1, text1)
print sv0

jasvet.py says:

{'b64-signature': 'ICJNavINw/4nHQId8M6AZ+IyyugUSwdp0RcVbUH+jknO5liYIiv5LolCFOZZSSTOySYasEL8f/hak6poxgB+DmI=', 'message': 'Hello world!', 'signature': ' "Mj\xf2\r\xc3\xfe\'\x1d\x02\x1d\xf0\xce\x80g\xe22\xca\xe8\x14K\x07i\xd1\x17\x15mA\xfe\x8eI\xce\xe6X\

It seems I got something wrong, or need to convert the output or the like.

http://brainwallet.org/#sign says:

Privkey:

5KWLD8VF29WR36qR2YM3wWLDuePHJAP4YKgCMcfvNN7TTxSFgFx

Text:

Hello world!

Signature:

G+xTV1JL0C3eAtIPQwOETWwKYCALDR2Px0u1S/4CXl1lKhM/0mFEsuYH2BVMlPe/FvJFJmuFue2TfWW8OgacBVo=

Ah, it's no fun to be a noob, I can tell ya! 

Ente

[jackjack]

Signatures aren't unique

[Ente]

Signatures aren't unique

OH! Of course, without ever thinking about it, I assumed those signatures would be unique! Maybe like a hash with several inputs, one being the privkey and the other being the text.

All right, but even when several different signatures verify "true" to the same adress and text, they all should verify.
I can't figure how to verify

{'b64-signature': 'ICJNavINw/4nHQId8M6AZ+IyyugUSwdp0RcVbUH+jknO5liYIiv5LolCFOZZSSTOySYasEL8f/hak6poxgB+DmI=', 'message': 'Hello world!', 'signature': ' "Mj\xf2\r\xc3\xfe\'\x1d\x02\x1d\xf0\xce\x80g\xe22\xca\xe8\x14K\x07i\xd1\x17\x15mA\xfe\x8eI\xce\xe6X\

on http://brainwallet.org/#verify

Privkey:

5KWLD8VF29WR36qR2YM3wWLDuePHJAP4YKgCMcfvNN7TTxSFgFx

Text:

Hello world!

Pubkey:

1PRPcHe3fFGjLmaGWFbQ92FtjKuSoUgcyz

I'll dig out bitcoin-qt in a minute, and try to get some result which two out of the three agree upon ;-)

/edit:

Aww man, of course now it works!

ICJNavINw/4nHQId8M6AZ+IyyugUSwdp0RcVbUH+jknO5liYIiv5LolCFOZZSSTOySYasEL8f/hak6poxgB+DmI=

Hello world!

Verifies to

16RiJy3VBjf4bQJiF5UL887pggK1RasMn8

Thank you, jackjack, for the script! Will have some fun with it now! :-)

Ente

[Ente]

All right, now I'm totally lost.

I used as a privkey:

5JVNazqC4JucAHUeRLhcqrbGFAro2CySd2ptDaDnPe18G9tmuAs

Message:

Hello world!

And got as a signature from jasvet.py:

IHBIv6b+gp+aX1FSQ9vOGfjbh6svVfRzLq2NBlwSu6xQE7sq2cWBQnbRwkOL64IkJguDELeh9nGXKmlHxFgKJiI=

Now comes the funny part:
Both http://brainwallet.org/#verify and bitcoin-qt do verify the signature, but only to the adress

1N8UThyPpVz8DuZLNx4KbX9rqQhFAFfGRE

The proper pubkeys to the given privkey should be:
uncompressed:
1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz
compressed:
1D6eGU1hudNTkg5eaqYHxgM3NYCbq6MJoy

What the heck is this mystery adress?

As reference, from http://brainwallet.org/#sign I got

HMkg8LsNsYAC/oTEbgaBZy6kLNjLPSz1cZbCcqlFAL6GqdxRGR2LEg6PofSnpkFVlJTPqFS0amps9t55WBcToNo=

and from bitcoin-qt

HPM/8W8EhvKMrBfY0X9TrHx8UJQNTl1XBrzH/63jZSoc4tByiOr5U9wkn4KJ8cWKDjF9PJFRl/Kb121OqOq0jQQ=

as signatures, which both are verified valid by the respective other as coming from 1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz, the uncompressed adress.


Is there a different way to do this (signing a text with the privkey, being able to verify it with the pubkey) resulting in an even shorter signature? Doesn't have to be Bitcoin-related at all. Some recognized standard would be nice, so I don't have to print the sourcecode to the backside ;-)

Ente

[gmaxwell]

The user should have no idea what's in it until they copy it into their wallet and it will spit out the message only if the signature is valid.  This is considered ideal since users have a tendency to only look for the message header and trust it without checking.  This way, they can't get the message unless they also check the signature.

uh. You realize you can't have what you want here without building a PKI, right?  I mean, you can make them push a button, but all signatures will pass (except where the attacker is incompetent).

The way signmessage was designed in Bitcoin you have to provide both the message you expect to be signed and the address you expect to have signed it... so that the validation passing isn't just tautological— a ritual that just fulfills itself and always returns true—, but actually means indicates that the user's inputs were consistent.

It helps if you actually understand the use-case for signmessage in Bitcoin-QT:  It's used as an authentication mechanism for services which are address based, e.g. for changing configurations settings on the eligius pool, and it was informed by a number of security exploits against openpgp based systems (e.g. some of the ripe address record databases) which allowed any user to impersonate any other user because gpg --validate would pass on all of them, but there was no way to tell it what user was actually required, so any in your keyring would pass.

[etotheipi]

That is the intention.  Unless I misunderstood you.  The goal isn't "This message has a valid signature!"  It's "This message has a valid signature from address 1xyZaQb".  Or rather: "This message has been signed by the same person who sent you 42.83 BTC yesterday."  If you have previously transacted with someone, then you know what address you're looking for.  I agree, it's easy to be misused/misunderstood by people who don't understand what they're doing, but that also doesn't mean it's useless. 

The use cases I imagined were anonymous, paid services.  You can use signed messages from the funding address to authorize requests to your account with that service.  They don't care who you are, they only care that the same person that funded that account is signing the message.

Am I missing something? 

[LogicalUnit]

Can someone please explain to me the procedure for signing messages in Armory? I simply can't seem to generate a signed message block using the method described here: https://bitcointalk.org/index.php?topic=252848.0

[etotheipi]

Can someone please explain to me the procedure for signing messages in Armory? I simply can't seem to generate a signed message block using the method described here: https://bitcointalk.org/index.php?topic=252848.0

It's crappy.  It was originally a key calculator, with signing as an after-thought.  When it turned out that so few people found it useful (since it wasn't compatible) I stopped doing anythign on it until I had a chance to upgrade it to a compatible one (and isolate message signing from the other stuff).

If you want to still use it:  click the address book icon above the message box in the bottom left.  Select the address you want.  Put your message in the box.  Then click "Sign" and type in your passphrase when it asks.  Once the signature is present, you can click "Copy Signature Block."   You can immediately "Import Signature Block" to test it. 

As I said, it's not really made to be used, right now.  But the next version will have it.

[LogicalUnit]

If you want to still use it:  click the address book icon above the message box in the bottom left.  Select the address you want.  Put your message in the box.  Then click "Sign" and type in your passphrase when it asks.  Once the signature is present, you can click "Copy Signature Block."   You can immediately "Import Signature Block" to test it. 

As I said, it's not really made to be used, right now.  But the next version will have it.

It's simply not asking me for my passphrase when I click "Sign Message". It either crashes or fails to create a signature

[Swimmer63]

If you want to still use it:  click the address book icon above the message box in the bottom left.  Select the address you want.  Put your message in the box.  Then click "Sign" and type in your passphrase when it asks.  Once the signature is present, you can click "Copy Signature Block."   You can immediately "Import Signature Block" to test it. 

As I said, it's not really made to be used, right now.  But the next version will have it.

It's simply not asking me for my passphrase when I click "Sign Message". It either crashes or fails to create a signature

Me too.  Really disappointed I'll have to go back to Qt.  I really like Armory's layout and all.  Feel better about it's security.  But I have to have signed messages.  Many transactions demand it.

[Ente]

All right, now I'm totally lost.

I used as a privkey:

5JVNazqC4JucAHUeRLhcqrbGFAro2CySd2ptDaDnPe18G9tmuAs

Message:

Hello world!

And got as a signature from jasvet.py:

IHBIv6b+gp+aX1FSQ9vOGfjbh6svVfRzLq2NBlwSu6xQE7sq2cWBQnbRwkOL64IkJguDELeh9nGXKmlHxFgKJiI=

Now comes the funny part:
Both http://brainwallet.org/#verify and bitcoin-qt do verify the signature, but only to the adress

1N8UThyPpVz8DuZLNx4KbX9rqQhFAFfGRE

The proper pubkeys to the given privkey should be:
uncompressed:
1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz
compressed:
1D6eGU1hudNTkg5eaqYHxgM3NYCbq6MJoy

What the heck is this mystery adress?

As reference, from http://brainwallet.org/#sign I got

HMkg8LsNsYAC/oTEbgaBZy6kLNjLPSz1cZbCcqlFAL6GqdxRGR2LEg6PofSnpkFVlJTPqFS0amps9t55WBcToNo=

and from bitcoin-qt

HPM/8W8EhvKMrBfY0X9TrHx8UJQNTl1XBrzH/63jZSoc4tByiOr5U9wkn4KJ8cWKDjF9PJFRl/Kb121OqOq0jQQ=

as signatures, which both are verified valid by the respective other as coming from 1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz, the uncompressed adress.


Is there a different way to do this (signing a text with the privkey, being able to verify it with the pubkey) resulting in an even shorter signature? Doesn't have to be Bitcoin-related at all. Some recognized standard would be nice, so I don't have to print the sourcecode to the backside ;-)

Ente

Bump.
Did anyone observe similar symptoms?

Ente

[CircusPeanut]

JackJack,

I am integrating the message signing code you provided into Armory. I am looking at this function:

Code:

def format_msg_to_sign(msg):
   return "\x18Bitcoin Signed Message:\n"+chr(len(msg))+msg  #todo: check 18

It seems to limit the length of the message to 255 characters.

Can we do longer messages using a var int? Is 255 the intended limit?

[jackjack]

I thought I fixed that before releasing the code!
Sorry for that, I'll push an update in the following minutes

[CircusPeanut]

That's great, and thanks for the speedy response.

Also, I am parsing out the signature and message from the ASv1B64 and ASv1CS outputs to pass into verifySignature. Please let me know if that is included in the latest version. No problem if it's not, I just don't want to duplicate any of your code.