Bitcoin Forum
December 06, 2016, 04:11:02 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Feature request : signing a text with a wallet key  (Read 6561 times)
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
December 20, 2010, 02:48:28 PM
 #21

What if the private keys are stored in a tamper-proof "trusted security module" hardware doo-hickey, and are impossible to export?

If it's impossible it's impossible Smiley Nothing to be done.
But why not being able to export them when it is possible? It's your keystore anyway, you should be able to manipulate it.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
1481040662
Hero Member
*
Offline Offline

Posts: 1481040662

View Profile Personal Message (Offline)

Ignore
1481040662
Reply with quote  #2

1481040662
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481040662
Hero Member
*
Offline Offline

Posts: 1481040662

View Profile Personal Message (Offline)

Ignore
1481040662
Reply with quote  #2

1481040662
Report to moderator
1481040662
Hero Member
*
Offline Offline

Posts: 1481040662

View Profile Personal Message (Offline)

Ignore
1481040662
Reply with quote  #2

1481040662
Report to moderator
1481040662
Hero Member
*
Offline Offline

Posts: 1481040662

View Profile Personal Message (Offline)

Ignore
1481040662
Reply with quote  #2

1481040662
Report to moderator
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
December 20, 2010, 02:59:59 PM
 #22

I agree with gene when he says it should not be a bitcoin feature.  I was wrong to ask for an other subcommand of the bitcoind command.


But could someone please work on a completely separate application that would read the wallet and use private ECDSA keys to sign documents ?
gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
December 20, 2010, 05:16:11 PM
 #23

That's where trust comes in. The old PKI/WOT issue.

If you depend on trust you're not proving anything. Normally proofs are asked exactly when there isn't enough confidence.
You are correct in making the distinction between trust and "proof" via cryptographic transforms, so forgive me if I am repeating something you already understand. I am also writing to others who may not be as familiar with some of these concepts. However, when it comes to a digital ID (be it a bitcoin address or a PGP ID) there are some qualities that you can take at face value. For example, if a digital signature matches a public key, you can be quite certain that the corresponding private key created it. You are less certain, however, about who actually controls the private key. You now face an issue of trust. Do you trust the person to not allow his key to be stolen? Do you trust the people that vouched that a key matches a certain name? Do you trust the ID card or passport that says that John Smith is who he says he is and that the name matches the key? The issues are orthogonal.

So, if I have a bitcoin ID, the question (or at least what I interpreted as the question) is "how do I let someone know that this really is my account number and not to send money to other accounts who claim to be me?" Again, this is a trust issue. Typically, it is handled using either a centralized chain of trust (PKI {SSL certs}) or a distributed chain of trust (Web of Trust {PGP, CaCert(actually a hybrib), etc}). What the OP suggested was essentially to use bitcoin's private keys as a general form of digital ID, similar to the way PGP keys are already used. My point was that such functionality already exists in well-tested and standardized tools, such as GnuPG and that reproducing those features would not help bitcoin. In fact, by invoking well-known arguments pertaining to the unwelcome effects of increasing codebase complexity, I conjecture that the additional code would likely hurt it.

Incidentally, all these issues of trust have been well explored for many years, with much credit to the cypherpunks in the 90s (and digital cash, of course).

Quote
Maybe I am overlooking something critical. What is the point of telling somebody how much money you have at some instant, when at any subsequent time, the proof is no longer valid?

The proof is valid while the funds remain in the same address. They may remain there for a long time.
Emphasis mine. In general, the balance can change immediately. If you are saying what I think you are saying, then this functionality offers sharply limited practical use. If I am trying to buy something that costs 20BTC and I only have 10BTC, the transaction will fail immediately. At no point does the seller need to know how much money I have in my account. All he really has to know is if I produce enough to complete the transaction. Bitcoin is not a system of credit, it is a currency. Its entire appeal is that it behaves like cash.

Quote
<lots of stuff by davout>
I think that we're talking past each other.

Can you please explain a situation where one would like to prove the amount of money in an account at some point in time? Are you planning on paying taxes? The benefits would have to outweigh the considerable drawbacks of implementation and maintenance, requiring a compelling argument.

Quote
That is pretty much what is being requested as a feature.
The OP requested (very concisely) the ability to use a bitcoin private key to sign data. I can detect no mention of anything else in what he wrote.

Quote
I agree with gene when he says it should not be a bitcoin feature.  I was wrong to ask for an other subcommand of the bitcoind command.
It wasn't wrong for you to ask. That's what discussions are for.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
jgarzik
Legendary
*
qt
Offline Offline

Activity: 1470


View Profile
December 20, 2010, 05:20:53 PM
 #24

Oh, and RE: extracting private keys from the wallet:

I'm less excited about that idea.  What if the private keys are stored in a tamper-proof "trusted security module" hardware doo-hickey, and are impossible to export?

I put this under the category of "I own my data, and should be able to do with it what I want."

Being able to import and export bitcoin keypairs to/from wallets seems an obvious need to me.

Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
December 20, 2010, 05:53:10 PM
 #25

Can you please explain a situation where one would like to prove the amount of money in an account at some point in time? Are you planning on paying taxes? The benefits would have to outweigh the considerable drawbacks of implementation and maintenance, requiring a compelling argument.

Well, I can think of plenty of cases where I want to check that someone actually has the funds he claims before conducting some business. None of them involving taxes.

You seem to think that such a signature would be valid only at a certain point of time, it isn't the case.
If I sign arbitrary data with one of my private keys, it just basically means that I get to spend the funds associated with the bitcoin address, the available amount to an address is publicly visible from the blockchain.

So at the time of signature i can say "okay this person has 10 BTC available", I can also come back two weeks later and see that the signature only credits its owner with 1.42 BTC.

gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
December 20, 2010, 06:04:18 PM
 #26

Can you please explain a situation where one would like to prove the amount of money in an account at some point in time? Are you planning on paying taxes? The benefits would have to outweigh the considerable drawbacks of implementation and maintenance, requiring a compelling argument.

Well, I can think of plenty of cases where I want to check that someone actually has the funds he claims before conducting some business. None of them involving taxes.

You seem to think that such a signature would be valid only at a certain point of time, it isn't the case.
If I sign arbitrary data with one of my private keys, it just basically means that I get to spend the funds associated with the bitcoin address, the available amount to an address is publicly visible from the blockchain.

So at the time of signature i can say "okay this person has 10 BTC available", I can also come back two weeks later and see that the signature only credits its owner with 1.42 BTC.

I think I understand, but can't we already do that via blockexplorer? Why not just do something like this:

I identify myself as Joe and generate a corresponding PGP key (sorry to keep going back to PGP, but it is easier than saying "your public key software of choice"). I can then send a signed message with by bitcoin address to a recipient who already trusts that I am Joe and that it is my PGP key. Simply copy the bitcoin address from your gui or whatever and pgp/gpg away. In fact, I already do exactly this with some regularity, although my name may or may not really be Joe.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
December 20, 2010, 06:11:14 PM
 #27

I understand, but can't we already do that via blockexplorer? Why not just do something like this:

I identify myself as Joe and generate a corresponding PGP key (sorry to keep going back to PGP, but it is easier than saying "your public key software of choice"). I can then send a signed message with by bitcoin address to a recipient who already trusts that I am Joe and that it is my PGP key. Simply copy the bitcoin address from your gui or whatever and pgp/gpg away. In fact, I already do exactly this with some regularity, although my name may or may not really be Joe.

This is what you are getting wrong :
 - your bitcoin address is derived from your *public* key, there is not point in signing anything with this key or with your bitcoin address
 - you sign outgoing transactions with your *private* key

So if you're able to sign arbitrary data with your *private* key that means you get to spend whatever amount is associated with the *public* key (or its derived form, the bitcoin address) that is visible in the bitcoin block explorer.

There is no need for anyone to trust you to be Helmut, and additionnally trust that 123456 is Helmut's public key.


gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
December 20, 2010, 06:24:06 PM
 #28

I understand, but can't we already do that via blockexplorer? Why not just do something like this:

I identify myself as Joe and generate a corresponding PGP key (sorry to keep going back to PGP, but it is easier than saying "your public key software of choice"). I can then send a signed message with by bitcoin address to a recipient who already trusts that I am Joe and that it is my PGP key. Simply copy the bitcoin address from your gui or whatever and pgp/gpg away. In fact, I already do exactly this with some regularity, although my name may or may not really be Joe.

This is what you are getting wrong :
 - your bitcoin address is derived from your *public* key, there is not point in signing anything with this key or with your bitcoin address
 - you sign outgoing transactions with your *private* key
This I understand this very well.

Quote
So if you're able to sign arbitrary data with your *private* key that means you get to spend whatever amount is associated with the *public* key (or its derived form, the bitcoin address) that is visible in the bitcoin block explorer.
Sure. If I have access to the private key (the wallet), then I can spend all my money.

Quote
There is no need for anyone to trust you to be Helmut, and additionnally trust that 123456 is Helmut's public key.
Of course. Nobody needs to know to any degree of certainty which bitcoin accounts are mine. Isn't that rather the point of digital cash? Now, If I want to sign arbitrary data (as per the OP), I would rather use existing software and would hope that such redundancy would be avoided in bitcoin. If I want to make sure that my factory only sends bitcoins that I earned while building Cadillacs to my account, I can make sure by signing a message with one of my bitcoin IDs with my PGP key which they trust is mine.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
December 20, 2010, 06:40:06 PM
 #29

Of course. Nobody needs to know to any degree of certainty which bitcoin accounts are mine. Isn't that rather the point of digital cash? Now, If I want to sign arbitrary data (as per the OP), I would rather use existing software and would hope that such redundancy would be avoided in bitcoin. If I want to make sure that my factory only sends bitcoins that I earned while building Cadillacs to my account, I can make sure by signing a message with one of my bitcoin IDs with my PGP key which they trust is mine.

PGP is cool, but how about signing data with your bitcoin private keys ? Oops, you can't (well you technically can with gavins python tools).
One of the properties of cash is that I can show you the money before you go get the goods, I'd love to be able to do the same thing with bitcoin in a simple way.

MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
December 20, 2010, 06:45:04 PM
 #30

Yeah, the ability to prove without a doubt to a seller that I have control over a given address, and therefore the funds that he can see in his blockchain, would be great.  Particularly without the need to prove that to the entire world.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
December 20, 2010, 06:55:28 PM
 #31

Quote
PGP is cool, but how about signing data with your bitcoin private keys ? Oops, you can't (well you technically can with gavins python tools).
One of the properties of cash is that I can show you the money before you go get the goods, I'd love to be able to do the same thing with bitcoin in a simple way.

Ok, you want to use your private key for bitcoin instead of a private key in PGP; see my first post in this thread. I think you'll face some resistance because this is redundant functionality. As for seeing the amount in a certain account, can't you already do this is blockexplorer (a distinct application)?

Quote
Yeah, the ability to prove without a doubt to a seller that I have control over a given address, and therefore the funds that he can see in his blockchain, would be great.  Particularly without the need to prove that to the entire world.
But you need to have established trust through some other mechanism beforehand. Establishing trust is an inherently "out of band" process. See my points about PKI and Webs of Trust.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
December 20, 2010, 07:57:34 PM
 #32

Quote
PGP is cool, but how about signing data with your bitcoin private keys ? Oops, you can't (well you technically can with gavins python tools).
One of the properties of cash is that I can show you the money before you go get the goods, I'd love to be able to do the same thing with bitcoin in a simple way.

Ok, you want to use your private key for bitcoin instead of a private key in PGP; see my first post in this thread. I think you'll face some resistance because this is redundant functionality. As for seeing the amount in a certain account, can't you already do this is blockexplorer (a distinct application)?
It is not redundant, balance is linked to a bitcoin private key, not to any PGP one.

Quote
Yeah, the ability to prove without a doubt to a seller that I have control over a given address, and therefore the funds that he can see in his blockchain, would be great.  Particularly without the need to prove that to the entire world.
But you need to have established trust through some other mechanism beforehand. Establishing trust is an inherently "out of band" process. See my points about PKI and Webs of Trust.
No you do not need any trust. Don't take it bad, but please educate yourself a little bit more about bitcoin internals.

Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
December 20, 2010, 08:12:01 PM
 #33

Yeah, being able to sign messages with your BitCoin keys would be useful and not redundant with other functionality. All I can do with PGP is attempt to build up trust in my keys through things I write or people I meet, hence the whole web of trust concept.

But for the purposes of business, you don't need to trust somebody anywhere near as much if they can prove they have the money you want at hand. The alternative is to do a small sentinel transaction of some pre-agreed amount to prove you have the cash you claim to, but that'd just pollute the block chain with non economic activity. Being able to sign arbitrary data is better.

It'd potentially also allow for a more user friendly signature format to be developed than what PGP provides, eg, rules that state "remove all whitespace and all formatting before signing" would make signatures more robust in the face of common things like HTML/text conversion and copy/paste.
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
December 20, 2010, 08:29:10 PM
 #34

Can you please explain a situation where one would like to prove the amount of money in an account at some point in time?

Suppose your are auctioning something at the Bidding Pond. Suddenly you get a bid for a million bitcoins. You may want the bidder to flash the cash, to persuade you to take their bid seriously.
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
December 20, 2010, 09:01:58 PM
 #35

I put this under the category of "I own my data, and should be able to do with it what I want."

Being able to import and export bitcoin keypairs to/from wallets seems an obvious need to me.

+1

I think the same. Since it was chosen to use a specific type of keystore to hold bitcoin keys, there should be a way to manipulate the keys in this keystore.

What would be really ideal from an architectural point of view would be a client that is decoupled from the keystore type. Just by configuring something and implementing an interface you could plug another type of keystore and use it.
But, well, that has a lower priority, I'd say.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
j16sdiz
Jr. Member
*
Offline Offline

Activity: 37


View Profile
December 21, 2010, 12:21:59 AM
 #36

I put this under the category of "I own my data, and should be able to do with it what I want."

Being able to import and export bitcoin keypairs to/from wallets seems an obvious need to me.

+1

The usage of BerkeleyDB make me feel uncomfortable. BDB is known to change format between versions. And this make making alternative implementation harder.  

Exporting to something simpler (i.e. parsable with no external library) would be nice.
da2ce7
Legendary
*
Offline Offline

Activity: 1218


Live and Let Live


View Profile
December 21, 2010, 12:28:37 AM
 #37

sounds like a great idea Cheesy I can see many uses for it.

One off NP-Hard.
da2ce7
Legendary
*
Offline Offline

Activity: 1218


Live and Let Live


View Profile
December 21, 2010, 01:49:02 AM
 #38

sounds like a great idea Cheesy I can see many uses for it.

It should be easy to extract the Public Keys, in a standard Armor format.

There should be a way to sign, or decrepit 'anything' with the bitcoin program.

3rd, the bitcoin client should be able to import 3rd party public keys.  Allowing it to 'encrypt to address'.  This could be very useful for sending private messages to people you trade with.

One off NP-Hard.
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
December 21, 2010, 01:57:04 AM
 #39

3rd, the bitcoin client should be able to import 3rd party public keys.  Allowing it to 'encrypt to address'.  This could be very useful for sending private messages to people you trade with.

ECDSA doesn't support encryption.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
ByteCoin
Sr. Member
****
expert
Offline Offline

Activity: 416


View Profile
December 21, 2010, 03:36:05 AM
 #40

ECDSA doesn't support encryption.

There are many elliptic curve encryption schemes for which the public and private keys are compatible with the ECDSA keys.
One could use ElGamal or MQV or one of the newer signcryption schemes. There are no technical obstacles to implementing encryption.

ByteCoin
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!