Bitcoin Forum
November 12, 2024, 07:33:04 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Bitcoin-qt Sign Message Feature -- Put header/footer around message.  (Read 1594 times)
Economics (OP)
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
May 28, 2013, 04:59:43 PM
 #1

It seems to me the Bitcoin-qt 'Sign Message' feature is a little harder to use than it should be.  Once all of the fields are filled in, it would be more convenient to output a block of text that contains all of the information that should be pasted in to a message.  Also a simple parser that expects this format should be put into the Verify Message side of things.  For example (taken from a PGP Signed message):

-----BEGIN BITCOIN SIGNED MESSAGE-----
Address:  1Bitcoinasdfasdfsadfsadfsadf

Because anyone can claim to be me. There's no validation of the user
name or email address when someone posts a comment. While I do try to
remove imposters, some may slip through. By signing my comments using
this technique, anyone can independently verify that I was the author of
the message by validating the signature.
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)

iD8DBQFFxqRFCMEe9B/8oqERAqA2AJ91Tx4RziVzY4eR4Ms4MFsKAMqOoQCgg7y6e5AJIRuLUIUikjNWQIW
-----END BITCOIN SIGNATURE-----


--E
slashopt
Newbie
*
Offline Offline

Activity: 12
Merit: 0



View Profile
May 28, 2013, 09:36:41 PM
 #2

I was just thinking the same thing.
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
May 28, 2013, 10:59:57 PM
 #3

I hate the current incarnation of message signing.  This is why I put out a bounty to get a module implemented in Armory that is backwards compatible with the current Bitcoin-Qt signing (v0), but then expands it (v1) with RFC2440-like formatting, both a clearsign and a base64-encoded version.  The idea was that if I implement it in Armory and try to follow an existing standard, the others might follow:

https://bitcointalk.org/index.php?topic=179422.0

So jackjack got the bounty, and it looks like his solution does exactly what was requested.  I just have to integrate it into Armory and then brag about it.  Then maybe the other apps will do it.  For sure, you should never have to type/copy multiple fields, and what you do end up with should spit out a single window that says "The following message has a valid signature from address X: <...>".  And not show the message if it's not a valid signature. 

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Economics (OP)
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
May 30, 2013, 04:35:57 PM
 #4

Let us know when it's in Armory and we can push for this to be placed into the standard bitcoin client.

--E
jim618
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
June 03, 2013, 03:43:26 PM
 #5

I've started using "Economics style" Bitcoin signed messages.

Have a look at the latest release text for MultiBit 0.5.11:

https://bitcointalk.org/index.php?topic=143274.msg2358117#msg2358117

It is virtually identical to your proposed structure except I have moved the signing address into the signature block. This I think has two advantages:

+ The message section purely contains the user's message
+ You can have multiple, independent signatures of the same message and just append the signature blocks.

It is hand crafted at the moment but if it becomes more widely used I expect parsers will appear for the format.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
June 04, 2013, 01:28:48 AM
 #6

The bitcoin signature, as implemented, merely proves that whoever made the signature has the private key to the bitcoin address. That is all. No matter what the text or message says, you can't prove what is the veracity or truthfulness of that statement.

So, I've merely used the signing feature to ask people to prove to me that they own the address, by signing a "secret" or something. I usually limit it to one single line, so we don't encounter problems. For example, I can sign the hash string.

Quote
1Lotto3CMJwLLpRUPHxkmDXbXqhHC9Jffo
5aa63308ef80e79e36fcab72fd8c043f9b75cf0e6e79b037b31d22c192ddd2d5
H4RGT4OQNT1cBD4viC5T0kggPztqqpETSjgtPY+he3TyrP0INQMFli5ZWOtVhR42HnGaf16icfSSQFTX/EtejpE=

Or in the case of a gambling site like Satoshi Dice or similar, where they normally pay out your winnings to the same address you sent from, I can ask users to sign the new address.

Quote
19svkxfDSoNXM5tVjAGojavZQ4H5N9z4Q
1DabsXmraEr18jdEryck8jzcFku873xmRf
H7aUR3JilvL8RewrwVisHoZkz8kf6r3n7TqdkhZ2aStBe0BH6DP4D0a5oNXmrvxv7xteEOA5bvLho0D 46v/hdb4=

The above gives me enough proof that:
1. The owner of 19sv wants to send any possible winnings to 1Dabs.
2. It doesn't matter who 1Dabs is, whether that is another address the same person controls, or a charity, or even a dead-end address.

The format is bitcoin address, message, signature, one per line, just like above. But the bitcoin-qt client does not give an easy way to get all that data in one click.

I understand that this must also be possible to implement on the bitcoind command line client (or daemon or server) so having it output multiple lines might be a problem, especially when it breaks the lines in the middle or something.

jim618
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
June 04, 2013, 06:51:49 AM
 #7

I don't think it is a good idea to encourage people to sign binary data / hex. Only get people to sign text they can read. Couple of reasons:

+ signing could very well be legally binding. You should know what you are signing.
+ an attacker might figure out how to get you to sign a valid transaction. You just signed away your money!


MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1280


May Bitcoin be touched by his Noodly Appendage


View Profile
June 04, 2013, 07:33:10 AM
 #8

I don't think it is a good idea to encourage people to sign binary data / hex. Only get people to sign text they can read. Couple of reasons:

+ signing could very well be legally binding. You should know what you are signing.
+ an attacker might figure out how to get you to sign a valid transaction. You just signed away your money!
Do you want to stop selling knives too because people can hurt themselves?

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
June 04, 2013, 08:08:34 AM
 #9

Bitcoin signing doesn't do anything. Nothing is legally binding as far as bitcoin signing is. All it does is prove that someone controls the private key to that particular bitcoin address.

Sending bitcoin is exactly signing a valid transaction. That's how it works.

jim618
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
June 04, 2013, 10:27:05 AM
 #10

Re: 'nothing is legally binding'

IANAL but I think it is probably similar to a signed email so it depends what you are signing.

If I sign a message saying:

'I, jim618, will send you, Dabs, $100 to your bank account (your bank account details are specified here) if you send 1.0 bitcoin to my address 1abcdef... by eob 10 June 2013' and sign it with a well known address I control I think that would stand up in court. Also if you posted it saying the money never arrived and gave the txid and your bank statement I think most people would agree as to what happened.

The point I am making is that you only want people to sign things they understand and not encourage them to sign hex.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1280


May Bitcoin be touched by his Noodly Appendage


View Profile
June 04, 2013, 10:28:28 AM
 #11

Re: 'nothing is legally binding'

IANAL but I think it is probably similar to a signed email so it depends what you are signing.

If I sign a message saying:

'I will send you, Dabs, $100 to your bank account (your bank account details are specified here) if you send 1.0 bitcoin to my address 1abcdef... by eob 10 June 2013' and sign it with a well known address I control I think that would stand up in court.

The point I am making is that you only want people to sign things they understand and not encourage them to sign hex.
Why not hex if they understand what they are signing?

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
jim618
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
June 04, 2013, 10:32:53 AM
 #12

I lived in China for a year. It was drummed into you not to sign anything written in Mandarin without getting a native Chinese speaker to check it over.

Sure if you know what the hex/Mandarin/Tamil/Thai says sign it. If you don't, don't.

I don't think I am being radical here, it's just common sense.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1280


May Bitcoin be touched by his Noodly Appendage


View Profile
June 04, 2013, 10:56:39 AM
 #13

I lived in China for a year. It was drummed into you not to sign anything written in Mandarin without getting a native Chinese speaker to check it over.

Sure if you know what the hex/Mandarin/Tamil/Thai says sign it. If you don't, don't.

I don't think I am being radical here, it's just common sense.
I see we agree
I just don't understand why you mention hex: "don't sign what you don't understand" is just common sense as you just said, should that be hex, text, picture, mandarin, etc.

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
June 04, 2013, 01:39:06 PM
 #14

All it does is prove that someone controls the private key to that particular bitcoin address.

I've seen this a couple times.  It does not prove that someone owns a particular public key:  it proves that the owner of the particular public key approves of the message that was signed.  It's similar to [the intention of] a regular hand-written signature -- you don't sign blank sheets of paper to prove who you are, but you do sign sheets of paper that identify something you agree with.


Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
freemoney458
Member
**
Offline Offline

Activity: 62
Merit: 10


View Profile
June 04, 2013, 09:52:05 PM
 #15

All it does is prove that someone controls the private key to that particular bitcoin address.

I've seen this a couple times.  It does not prove that someone owns a particular public key:  it proves that the owner of the particular public key approves of the message that was signed.  It's similar to [the intention of] a regular hand-written signature -- you don't sign blank sheets of paper to prove who you are, but you do sign sheets of paper that identify something you agree with.



I think it really depends on the content of the message.
If the message just contains hex-like lists of addresses or the like without any meaningful statement, then the signer just prooves that he controls the private key to the address.
If the message contains a meaningful statement like e.g. a contract, the signature prooves that the owner of the public key approves of the message.

I want to point out, though, that it will still remain difficult to proove e.g. in court that the claimed owner of the public key is really the 'real' owner. If e.g. Jim's private key was stolen, the thief could sign messages instead of Jim. So Jim could claim in court that his private key was stolen and that somebody else (not Jim) signed the message with the stolen key. Regardless if a court or people will believe it, I just want to point out that prooving the ownership of the private keys is not the same as prooving your identity.

In some European countries the governments have started to incorporate the ability of electronic signatures into the identity cards. This is intended to identify yourself online in combination with a PIN. A thief would need to steal the ID card and get hold of the PIN. In the above example of Jim, as soon as Jim detects the theft, he will inform the ID card issuer to invalidate the electronic signature. Later in court he will be able to proove that he informed the issuer, freeing him of any responsibility of his stolen electronic signature. Failing to do so will make him liable in court, because he had the ability and the responsibility to inform the card issuer.
Since invalidating public keys is not possible with bitcoin, Jim will have a chance to claim in court that somebody else signed the message.
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
June 09, 2013, 12:20:05 PM
 #16

OK ok. Bitcoin signing should not be considered binding except as far as the message is concerned, and common sense will tell you what you should or should not sign with bitcoin.

GPG / PGP signing, can be, or should be considered "legally binding". That one uses more bits (typically 2048 up to 4096) of RSA / El G / whatever public/private key crypto, and most all contracts on this forum and important statements are signed with GPG.

So far, the purposes of bitcoin signing are:
1. prove ownership or control of bitcoin address.
2. approve of message signed, or transfer interest (dividends, shares, chips, prizes, whatever) to another address.
3. sign some hex, which doesn't mean anything or can mean something specific, or is the SHA256 result of a longer string of text, (because this is easier to verify compared to signing an entire paragraph because of line breaks, formatting and stuff like that.)

As far as I am aware, there is no revocation of compromised bitcoin addresses, and private keys are sometimes sold (like I'm selling one, because its the sending address of a transaction I made a few weeks ago for some mining thing.)

I can sign a statement or message that says I am someone else, but that doesn't mean anything (or it should not be mistaken for the truth.) It's better to just sign to prove control or ownership.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!