What is a "signed message" how/why to send one w/ bitcoin?

[ThrillHou]

Hi. I am having trouble understanding a concept which seems to be second nature to many Bitcoin users, and that is "signed messages". My current understanding is that it occupies some fuzzy area between sending a Bitcoin and sending a digital letter which is known to be from you.

There is a practical reason why I ask this question, but the general question is obviously useful for reasons other than the reason I am asking.
Backstory:
I bought some ASICMiner shares, which I had sent to cold storage( a paper wallet). Now I want the SHARES transferred(NOT BTC imported) to my Electrum address.

Now, to do this, as I understand it, I need to send Friedcat a "signed message" authorizing the share transfer(which he then manually does) which somehow indicates that I am not just some goon pretending like someone else's shares are my own.

How do I do this? Conceptually how does the concept of "signed message" play into me needing to do this? How does it work?

[1715306681]

1715306681

[1715306681]

1715306681

[1715306681]

1715306681

[🏰 TradeFortress 🏰]

A signed message is a cryptographic message that anyone can independently verify if an address signed it or not.

You can use brainwallet.org, input your cold storage wallet private key, and then sign a message. For security purposes I suggest discarding the private key after getting your shares transferred.

[cp1]

Bitcoin consists of two keys.  A private key that can sign messages and a public key that can verify messages.  The private key is in your wallet and the public key is your bitcoin address.  You can sign a message using your wallet.  Bitcoin-qt has a sign command, electrum does too.  So let's say your wallet has the following:

public key:  1J34kfk39dhkf3fl4545l4  (your address)
private key:  5L39adfk4l44vDDF34fkk3299fdkfk433  (your private key)

To sign a message you'll need the private key.  It'll combine it with your message to generate a signature.

Message:
Hello this is Bob and own these shares please transfer them to a new address:  1RunDMC30r94rfdk404331
Combined with private key = Signature:  G40fsadljk309dvlk4lkgG23r32r32rL=

Anyone with the public key (bitcoin address) can verify the message

./electrum verify 1J34kfk39dhkf3fl4545l4  "Hello this is Bob and own these shares please transfer them to a new address:  1RunDMC30r94rfdk404331" G40fsadljk309dvlk4lkgG23r32r32rL=
will return true if it was signed with the private key corresponding to 1J34kfk39dhkf3fl4545l4

This is actually how bitcoin works in the first place -- you sign a message that says "send so and so 15 BTC from this address"

Which wallet did you use to make the original purchase?

[dwdoc]

Anyone can use blockchain explorer to claim they initiated transaction "X" to send bitcoin amount "Y" to wallet address "Z."  That is public information.  Therefore the only way to prove you sent the bitcoins is to create a signed message within your bitcoin client which you copy and paste and email to the recipient which proves you own the wallet address that the bitcoins came from.

[dwdoc]

Well You can to import that paper wallet's private key into a wallet. (A fresh wallet/Offline for more safety) then right click on your that bitcoin address and select "Sign Message"

It will open a window like this


You just need to fill message and click on sign button. It will generate a signature key and you need to send wallet's address, message and signature key to friedcat.

Eg:

Address:
16m49pTkuxQ3zh2x24N5564mVpPHmYgaoiu

Message:
It's me escrow.ms

Signature:
HMSmtZ74dJAhDq4e7RABqJmz7jW8JrQbWFVRNNyGpaldkYSGikju/98643/c6VV

After this you can delete that wallet safely.

I have used electrum for this demo but you can use any wallet like QT/Armory etc.
And as you said you are already using electrum you will need it, so don't import it in electrum.

It is important to copy and paste and send the message in the text box exactly as it appears. Sometimes it is lengthy (for example you might want to include a shipping address).  In the example above you might want to send an email like this:

Address:
16m49pTkuxQ3zh2x24N5mVpPHmYgaG65

Message:

***********begin message***********
It's me escrow.ms
*************end message**********

Signature:
HMSmtZ74dJAhDq4e7RABqJmz7jW8JrQbWFVRNNyGpaldkYSGpygBy7

[escrow.ms]

It is important to copy and paste and send the message in the text box exactly as it appears. Sometimes it is lengthy (for example you might want to include a shipping address).  In the example above you might want to send of an email like this:

Address:
16m49pTkuxQ3zh2x24N5mVpPHmYgaG65

Message:

***********begin message***********
It's me escrow.ms
*************end message**********

Signature:
HMSmtZ74dJAhDq4e7RABqJmz7jW8JrQbWFVRNNyGpaldkYSGpygBy7

^ Yes, btw i deleted my post as i thought tradefortress's suggestion was better.

[dwdoc]

Ha. I thought you deleted it to hide your address and signature keys. So I changed them all.  I thought your instructions were useful.

[johny1976]

I still don't understand it!

[cp1]

I still don't understand it!

Think of the private key as the password to encrypt a message and the public key can be used to decrypt it.  It's not quite right, but close enough.

[ThrillHou]

Thanks guys! I think I got it (let me know if my message looks Kosher below).

As a side note, people often suggest I use brainwallet but some people have poor memories like myself making that a completely insecure and unviable option! But its always cool to see how BTC problems can always be solved a multitude of ways.
Ok here is my sample message to Friedcat:


Address: xxxxx

Message:
***********begin message***********
It's me Thrillhou. I currently own X shares at address Q, and would like them transferred to this address, xxxxx. Thank you
*************end message**********


Signature: GwkWltytys8yeCBmXcaKK/jE4FW81Y+glZ3sG3oaUfmQGvFfsf3hhNa+7fyi42kHBEHhI6F90ORsqGmsHweymVE=
 


Look good?

[dwdoc]

That should do it!

[ThrillHou]

When I try to verify  in Electrum the message which I created and signed in Eectrum, it doesn't seem to work. It says "Wallet instance has no attribute 'verify _message' ? What am I doin wrong?

[dwdoc]

When I try to verify  in Electrum the message which I created and signed in Eectrum, it doesn't seem to work. It says "Wallet instance has no attribute 'verify _message' ? What am I doin wrong?

Did you enter the message into the text field exactly the same both times?

[ThrillHou]

Yup, wrote my msg, clicked sign, entered my PW, and it generated the signature. then I copied and pasted everything into the "verify" side of Electrum to verify my own recently generated msg and still get the error message. Tried it a few times just to make sure it wasn't a fluke...

any ideas?

[dwdoc]

When I try to verify  in Electrum the message which I created and signed in Eectrum, it doesn't seem to work. It says "Wallet instance has no attribute 'verify _message' ? What am I doin wrong?

Do you have the latest version of Electrum?

https://bitcointalk.org/index.php?topic=192412.0

[ThrillHou]

I did not have the latest version. getting it now. Looks like this may solve it thanks!

[cp1]

You can use the command line to do it with electrum also.

[ThrillHou]

Got it with the latest version of Electrum! I am good to go on this one. Now that I've done it, it makes sense to me conceptually.


 My understanding now is that a signed message proves you are the owner of the address you claim to be the owner of, without giving up the private key, and also allows you to send a message that cannot be altered without "ruining" the signature. Hence no forgery/alteration of message and a way to prove you own a particular BTC address.

[dwdoc]

Congrats.