Bitcoin Forum
December 11, 2016, 02:39:34 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: using timestamps to link a bitcoin address and a RSA public key  (Read 1484 times)
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
December 24, 2010, 07:55:26 PM
 #1

I am currently programming a bitcoin asset exchange plateform, and during this process I came up with an idea which is, in my opnion, pretty good.

I needed some way to identify the owner.  He should be able to prove he is the owner of the asset, and he should be able to transfer his ownership to someone else.

Using passwords is the quick-and-dirty way to do so.  But there are many drawbacks to this method.  I won't discuss them here.

At some point I wanted to use ECDSA signing capabilities of bitcoin address.  But it's not easy, and the bitcoin client doesn't provide any tool for that.  And I was convinced that it should not.

Using GnuPG would be nice, but I realised that it's a pain in the ass to program with.  It realy doesn't seem to me that it is suitable for scripting.

So I decided to use RSA keys, using the openssl command.  It was much easier than I thought, and particularly easier than GnuPG.

Anyway, here is the idea I came up with.

At some point I have to associate a bitcoin address (where future dividends are to be paid) to a public RSA key.  Keeping a database of these relations is necessary, but not sufficient.  Basically it would give exactly the same problems as with passwords.  Anybody who would access to the database could modify it and then claim ownership of the assets.

So the idea is to timestamp the relations into the bitcoin block chain.

Here is an exemple.

I want to associate this bitcoin address :

1Hy9dexzNzjvQYkYy6zKRVZMU8k2j5vuPt

to this RSA public key :

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67nZtqz41rGFdUsVMC/E
HsvhfyG7dreTeIfOO+tA1fUuyooiodsYw73qM4qKZFJduBdtrMqAiQhGkfUjhqbf
aIlc/5yR+0ZUHI6eiCcPtDi95MdpmDtlXg/9YkQ36ACZX2ccCIiUIaHVK4lc2MzT
6Io9FaXCejkoZiEsAK+XqUxc3X5B0VFVxyq4i/S7qOQKABfEDaF56OhtW3URGX7V
LTOxMmSccL/tVeN3cwUfNOHsoVF7g1bqPGYvdEGOzEklzJ3i2IYMah7d4So3BlXr
OMI6HCZTfCd+J64c5h6dh2ciQr27XDUKBVQhm3s5gwQl0WRcQhQ4LRG3ur+Rud5q
2QIDAQAB
-----END PUBLIC KEY-----


All I have to do is to use a timestamping function like this one :

timestamp() {
    wget -O - -q http://blockexplorer.com/q/hashtoaddress/$(openssl dgst -rmd160)
}

this way :

{ echo 1Hy9dexzNzjvQYkYy6zKRVZMU8k2j5vuPt ; echo "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67nZtqz41rGFdUsVMC/E
HsvhfyG7dreTeIfOO+tA1fUuyooiodsYw73qM4qKZFJduBdtrMqAiQhGkfUjhqbf
aIlc/5yR+0ZUHI6eiCcPtDi95MdpmDtlXg/9YkQ36ACZX2ccCIiUIaHVK4lc2MzT
6Io9FaXCejkoZiEsAK+XqUxc3X5B0VFVxyq4i/S7qOQKABfEDaF56OhtW3URGX7V
LTOxMmSccL/tVeN3cwUfNOHsoVF7g1bqPGYvdEGOzEklzJ3i2IYMah7d4So3BlXr
OMI6HCZTfCd+J64c5h6dh2ciQr27XDUKBVQhm3s5gwQl0WRcQhQ4LRG3ur+Rud5q
2QIDAQAB
-----END PUBLIC KEY-----"
} | timestamp

And I get a bitcoin address :

13CWM9MmeyP1MA6SgAiqAq7cGxXaLWhnTG

Now, the owner of the RSA just have to send a small amount to this address, so that no-one could claim ownership of this bitcoin address.  Why would anyone claim ownership of someone else's bitcoin address ?  Only because this could give him the right to transfer it to an other bitcoin address, one that he actually owns.

The whole point of all this is that with such a method ownership of assets can be identified by bitcoin addresses, providing that these addresses are timestamped with a RSA public key.


PS.  Hum... as I write this, I realise that this method might make the use of GnuPG easier than I thought.  Maybe finally easier than RSA.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
adulau
Newbie
*
Offline Offline

Activity: 12


View Profile
December 25, 2010, 04:42:18 PM
 #2


At some point I wanted to use ECDSA signing capabilities of bitcoin address.  But it's not easy, and the bitcoin client doesn't provide any tool for that.  And I was convinced that it should not.

Using GnuPG would be nice, but I realised that it's a pain in the ass to program with.  It realy doesn't seem to me that it is suitable for scripting.


I felt your pain when dealing with GnuPG scripting especially with how file handles are managed.

Until I discovered the Perl API to access GnuPG called GnuPG::Interface (made by Jesse Vincent):

http://search.cpan.org/dist/GnuPG-Interface/
http://search.cpan.org/dist/GnuPG-Interface/lib/GnuPG/Interface.pm

This is working great and avoid the classical glitches.

Hope this helps,
 
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
December 25, 2010, 04:57:27 PM
 #3

I felt your pain when dealing with GnuPG scripting especially with how file handles are managed.

Until I discovered the Perl API to access GnuPG called GnuPG::Interface (made by Jesse Vincent):

http://search.cpan.org/dist/GnuPG-Interface/
http://search.cpan.org/dist/GnuPG-Interface/lib/GnuPG/Interface.pm

This is working great and avoid the classical glitches.

Hope this helps,
 

Thanks but unfortunately I can't use Perl, Python or any of this kind of advanced scripting language on my web server.  I have to stick to shell scripting.

I'm slowly working my way through though.  I will definitely use GnuPG and not RSA finally, for GnuPG is much more known.  I'll just have to read the manual page many times.
adulau
Newbie
*
Offline Offline

Activity: 12


View Profile
December 25, 2010, 05:07:07 PM
 #4


I'm slowly working my way through though.  I will definitely use GnuPG and not RSA finally, for GnuPG is much more known.  I'll just have to read the manual page many times.


The nice thing with OpenPGP messages (GnuPG is mainly a good implementation of the OpenPGP standard - http://tools.ietf.org/html/rfc4880)
that you can extend the algorithms (check section 9.1 of the standard) used to make the signature while still using the same message format.
Don't forget that is depending of the OpenPGP private key used you might use RSA as signing algorithm as the key might be in RSA...

Kind regards,

PS: Thank you for the BC donation to Forban.


Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!