Bitcoin Forum
November 15, 2024, 09:54:00 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Signing messages offline / sending online  (Read 875 times)
deuteragenie (OP)
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
June 28, 2017, 08:21:23 AM
 #1

I have a paper wallet, and would like to sign a message (NOT a transaction!) offline, on an air-gapped computer, transfer the message and signature using a USB key to an online computer and send the message and signature online.

a) Is there a way to achieve the above?
b) Do I put my private keys in danger in any way? In particular, can I trust the digital signature algorithm to be robust? (i.e. NOT to reveal anything about the private key)
c) Do I need to pay fees to submit the message?
ranochigo
Legendary
*
Offline Offline

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
June 28, 2017, 09:07:28 AM
 #2

I have a paper wallet, and would like to sign a message (NOT a transaction!) offline, on an air-gapped computer, transfer the message and signature using a USB key to an online computer and send the message and signature online.

a) Is there a way to achieve the above?
Yes. You have to import the keys into a client like Electrum. Else, you can download the brainwallet script and only use the sign feature
b) Do I put my private keys in danger in any way? In particular, can I trust the digital signature algorithm to be robust? (i.e. NOT to reveal anything about the private key)
The sign message feature will not reveal anything about your Bitcoins private key if it is done correctly. I've never heard of any client leaking the private key. You wouldn't have any problems if you could verify that the Electrum build is official.
c) Do I need to pay fees to submit the message?
No. The message is not transferred over the blockchain. You have to manually send the whole output of the message for users to verify it.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
stiffbud
Hero Member
*****
Offline Offline

Activity: 980
Merit: 500



View Profile
June 28, 2017, 09:10:48 AM
 #3

I have a paper wallet, and would like to sign a message (NOT a transaction!) offline, on an air-gapped computer, transfer the message and signature using a USB key to an online computer and send the message and signature online.

a) Is there a way to achieve the above?
b) Do I put my private keys in danger in any way? In particular, can I trust the digital signature algorithm to be robust? (i.e. NOT to reveal anything about the private key)
c) Do I need to pay fees to submit the message?
question was already answered by the other guy above. Besides Electrum you can use mycelium in mobile. Importing the privatekey is safe as long as you are sure that you device does not have any key stealing virus or malware in it. Signing and verifyjng the message is also free so no fee.

Decentralized
Asset-Backed Banking

  ▄▄██████████████████
 █████████████████████
█████▀▀
████▀    ████
████     ████
████     ████
         ████     ████
         ████    ▄████
               ▄▄█████
█████████████████████
██████████████████▀▀ 
.TheStandard.io.█▀▀▀











█▄▄▄
▀▀▀█











▄▄▄█
████████████████████████████
████████████████████████████
████████████████████████████
█████████████████▀▀  ███████
█████████████▀▀      ███████
█████████▀▀   ▄▄     ███████
█████▀▀    ▄█▀▀     ████████
█████████ █▀        ████████
█████████ █ ▄███▄   ████████
██████████████████▄▄████████
████████████████████████████
████████████████████████████
████████████████████████████
deuteragenie (OP)
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
June 28, 2017, 12:35:59 PM
 #4

Thank you.

I understand that I can import the private key in an (offline) tool on an airgapped computer.
However, what is unclear to me is how to generate the signed message on the airgapped computer, but submit it on an online computer.
For that, I would need to be able to export the message/signed message on a USB key for example.
Is this possible using existing tools?
mocacinno
Legendary
*
Offline Offline

Activity: 3584
Merit: 5243


https://merel.mobi => buy facemasks with BTC/LTC


View Profile WWW
June 28, 2017, 12:39:09 PM
 #5

Thank you.

I understand that I can import the private key in an (offline) tool on an airgapped computer.
However, what is unclear to me is how to generate the signed message on the airgapped computer, but submit it on an online computer.
For that, I would need to be able to export the message/signed message on a USB key for example.
Is this possible using existing tools?

I actually wrote an article on the topic with a step by step tutorial a while ago:
http://www.mocacinno.com/blog/how-to-sign-a-message-with-a-bip38-encrypted-paper-wallet/

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4851



View Profile
June 28, 2017, 03:05:09 PM
 #6

what is unclear to me is how to generate the signed message on the airgapped computer, but submit it on an online computer.

Submit it?  Submit it where?  I assume you mean "email it", or "text it", or "post it to a discussion forum", or something like that?

While you can sign any binary data, typically people sign text based messages.  The binary signature is also typically converted to text with base64 encoding.

Since it is text, you can transfer it from the offline computer to the online computer using any method you like.  Some possible examples are:

  • Save the text message and signature to a file on a USB
  • Generate a QR code from the message and signature and scan it with the online computer
  • Type the message carefully into the online com[puter with a keyboard
  • Take a picture of the message and signature

For that, I would need to be able to export the message/signed message on a USB key for example.
Is this possible using existing tools?

Sure.  You can use the clipboard on the offline computer to copy the message and signature and paste it into your favorite text editor or word processing program.

Then, once you've got the message and signature on an online computer you can email it, or post it to a forum, or text it, or any other method you like to use for sharing text with someone.
deuteragenie (OP)
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
June 28, 2017, 04:02:22 PM
 #7

Aaaah! You nailed it.  Stupid me was under the impression that signing was somehow linked to broadcasting the message/signed message.
But it is not the case, so my questions were not relevant indeed.
Thank you for making it clear.

I guess I will try this API then: https://bitcoin.org/en/developer-reference#signmessagewithprivkey

Sweetbtc
Hero Member
*****
Offline Offline

Activity: 938
Merit: 503


👉bit.ly/3QXp3oh | 🔥 Ultimate Launc


View Profile
June 29, 2017, 04:58:18 AM
 #8

I am confused, why would you think that signing and broadcasting were linked in any way?  Broadcasting is broadcasting and that is the final bit .  The rest is preparing the data for broadcast and the inclusion of this and that into that TX, how could you in any way confuse a single moment of the building of the TX with the sending of that data to the network?

.
.TONUP..
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
▄▄███████▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄█████▄░▄▄▀█████▀▄████▄
▄███████▄▀█▄▀██▀▄███████▄
█████████▄▀█▄▀▄██████████
██████████▄▀█▄▀██████████
██████████▀▄▀█▄▀█████████
▀███████▀▄██▄▀█▄▀███████▀
▀████▀▄█████▄▀▀░▀█████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀███████▀▀
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄█████████████████████▄
▄████▀▀███▀▀███▀▀██▀███▄
████▀███████▀█▀███▀█████
██████████████████████
████▄███████▄█▄███▄█████
▀████▄▄███▄▄███▄▄██▄███▀
▀█████████████████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
.
...JOIN NOW...
deuteragenie (OP)
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
June 29, 2017, 08:48:12 AM
 #9

I am confused, why would you think that signing and broadcasting were linked in any way?

There are probably several reasons for why this is the case:
- Me being stupid, as I mentioned above, is a primary cause of why I would think this could be the case
- Another reason could be the confusion that exists between signing a transaction and signing a message 
- And yet another one could be that the documentation is maybe lacking / unclear

I hope this helps your understanding.
vh
Hero Member
*****
Offline Offline

Activity: 699
Merit: 666


View Profile
June 29, 2017, 02:15:31 PM
 #10

It was a little hard finding a self contained message signing page.   It shouldn't be. 
I cobbled a one pager together a sample based off of some js files I found from other projects.

http://mining.tipsternet.com/sign_message.html

If you don't want to install a full wallet, you can take this route.
Read through the page source and construct your own. 
With existing libraries, it can be compacted down to a few lines of javascript code.


deuteragenie (OP)
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
June 29, 2017, 03:34:53 PM
 #11

It was a little hard finding a self contained message signing page.   It shouldn't be. 
...
If you don't want to install a full wallet, you can take this route.
...

Just installing bitcoind and running bitcoin-cli signmessagewithprivkey offline worked like a charm. 
No need to download the blockchain whatsoever so this is a very fast (2 minutes install time) and secure way to generate signed messages.

Thx to all for the explanations.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!