Bitcoin Forum
November 05, 2024, 10:43:27 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: JSON RPC PHP + blockchain.info + verifymessage  (Read 1623 times)
dexX7 (OP)
Legendary
*
Offline Offline

Activity: 1106
Merit: 1026



View Profile WWW
September 19, 2013, 01:52:44 AM
 #1

Hi all,

I'm trying to find out how to verify a message and I'm using the jsonRPCClient combined with blockchain.info. While other stuff works like a charm, I'm unable to verify a message and the result is always false. This is the code I'm using:

Code:
<?php
require_once 'jsonRPCClient.php';

$user "76213f46-6558-4c7f-bcf4-25f6f75e5dd4";
$pass "testtest23";
$host "blockchain.info";
$port 80;
 
$rpc = new jsonRPCClient("http://{$user}:{$pass}@{$host}:{$port}");

$address "14cj3L2PAKd8WTN3zPhwX9qawTEnayqwar";
$signature "GyQDxL58MYXz6t3JKRWPVVq26wx5BjFIQ/CtLEaGbvZ+GId0c6etp8DbFCPCcttNISBnVAokVnRtmvPHLATmPhg=";
$message "test";

$addrvalid $rpc->validateaddress($address);
$msgsigned $rpc->verifymessage($address$signature$message);

echo 
"<p>".var_dump($addrvalid)."</p><p>".var_dump($msgsigned)."</p>";
?>

Any hint is appreciated as well as other solutions. Thanks!

P.S.: it's a dummy account, don't even try.. Wink

Edit: actually it would be very sufficient, if I'd have a function like verify($message, $signature) -> address.

nahtnam
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000


nahtnam.com


View Profile WWW
September 19, 2013, 04:38:38 AM
 #2

Well I have never used the rpc api, but in coinbase, instead of validating the address, I just try to send a payment, and catch the exception (if any)...

dexX7 (OP)
Legendary
*
Offline Offline

Activity: 1106
Merit: 1026



View Profile WWW
September 19, 2013, 09:10:06 AM
 #3

Well I have never used the rpc api, but in coinbase, instead of validating the address, I just try to send a payment, and catch the exception (if any)...

Hi nahtnam,

thanks for the answer! Actually I don't want to validate an address, but I'd like to know which address belongs to "known message" + "input signature".

nahtnam
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000


nahtnam.com


View Profile WWW
September 19, 2013, 03:55:10 PM
 #4

Well I have never used the rpc api, but in coinbase, instead of validating the address, I just try to send a payment, and catch the exception (if any)...

Hi nahtnam,

thanks for the answer! Actually I don't want to validate an address, but I'd like to know which address belongs to "known message" + "input signature".

Sorry I don't know what that means...  Tongue

bardi.harborow
Member
**
Offline Offline

Activity: 114
Merit: 10



View Profile
September 19, 2013, 10:14:32 PM
 #5

Am I the only one who logged in to his blockchain.info account instantly? Smiley
dexX7 (OP)
Legendary
*
Offline Offline

Activity: 1106
Merit: 1026



View Profile WWW
September 20, 2013, 09:07:52 PM
 #6

Am I the only one who logged in to his blockchain.info account instantly? Smiley

Not a big deal. Feel free to do so. Wink

Sorry I don't know what that means...  Tongue

If you take a look at http://brainwallet.org/#verify for example, you enter a message and a signature and the result is a Bitcoin address. I'm looking for something similar and $rpc->verifymessage($address, $signature, $message); is the closest thing I've found, though it doesn't work as mentioned above.

nahtnam
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000


nahtnam.com


View Profile WWW
September 20, 2013, 09:13:12 PM
 #7

Am I the only one who logged in to his blockchain.info account instantly? Smiley

Not a big deal. Feel free to do so. Wink

Sorry I don't know what that means...  Tongue

If you take a look at http://brainwallet.org/#verify for example, you enter a message and a signature and the result is a Bitcoin address. I'm looking for something similar and $rpc->verifymessage($address, $signature, $message); is the closest thing I've found, though it doesn't work as mentioned above.

I still don't get the point of that... Can you please give me a real life application?

dexX7 (OP)
Legendary
*
Offline Offline

Activity: 1106
Merit: 1026



View Profile WWW
September 23, 2013, 06:06:06 AM
 #8

I still don't get the point of that... Can you please give me a real life application?

Sure. One keyword: user authentication. Smiley

nahtnam
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000


nahtnam.com


View Profile WWW
September 23, 2013, 01:51:44 PM
 #9

I still don't get the point of that... Can you please give me a real life application?

Sure. One keyword: user authentication. Smiley

Like what? You mean like to check if one person really owns a address?

dexX7 (OP)
Legendary
*
Offline Offline

Activity: 1106
Merit: 1026



View Profile WWW
September 24, 2013, 03:14:03 PM
 #10

Like what? You mean like to check if one person really owns a address?

Sorry to be vague. I'd use it as substitute for a login mechanism.

Instead of a combination of username and password where the username is the internal identifier, I'd use solely a BTC address. For the login a random one-time-challenge string is shown to the user and he or she is asked to sign this string.

Example:

System: "Please sign the following message: login2113njsdfku3h24"
User answers with: G42O9cr+bwzfH71zfmFjIy/UmuQhVOxmqm5HgBglHMK/ceKCKBWSmLLd9sz8ZXpJxtAN0xwbyLyCwRjuUiQ7i/c=
The system verifies the signature and maps it to address: 17mDAmveV5wBwxajBsY7g1trbMW1DVWcgL

This address can then be used to recognize the user like the username before.

nahtnam
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000


nahtnam.com


View Profile WWW
September 24, 2013, 03:46:29 PM
 #11

Like what? You mean like to check if one person really owns a address?

Sorry to be vague. I'd use it as substitute for a login mechanism.

Instead of a combination of username and password where the username is the internal identifier, I'd use solely a BTC address. For the login a random one-time-challenge string is shown to the user and he or she is asked to sign this string.

Example:

System: "Please sign the following message: login2113njsdfku3h24"
User answers with: G42O9cr+bwzfH71zfmFjIy/UmuQhVOxmqm5HgBglHMK/ceKCKBWSmLLd9sz8ZXpJxtAN0xwbyLyCwRjuUiQ7i/c=
The system verifies the signature and maps it to address: 17mDAmveV5wBwxajBsY7g1trbMW1DVWcgL

This address can then be used to recognize the user like the username before.

Oh well sorry I can't help you, since I don't know how to use the json rpc and had never heard of a signed message before... Is it like entering a random string in the public note section?

dexX7 (OP)
Legendary
*
Offline Offline

Activity: 1106
Merit: 1026



View Profile WWW
September 24, 2013, 05:53:50 PM
 #12

Oh well sorry I can't help you, since I don't know how to use the json rpc and had never heard of a signed message before... Is it like entering a random string in the public note section?

You never heard about signed messages? Shame on you.. Grin

It's a great way to proof ownership of an address. For example, I claim I do own 1KqNPuC8egqxLdPVksjmSgC4zTdNysrz9p and I'm able to demonstrate this by signing a message.

Code:
Message: Hi, this is dexX7 and I own address 1KqNPuC8egqxLdPVksjmSgC4zTdNysrz9p.
Signature: G7zfExNiKd6KomBZHXJ4sKRJoqfAVsfbHHo8+YJx31YiJQd4cmHrlGuHtGSB0N8hE/ji42SUBmiyJnrdYoU3OLI=

Now head over to http://brainwallet.org/#verify and try to see, if it is legit. Smiley

The standard Bitcoin QT client has this feature, too. See: http://imgur.com/a/nUmZ0

dalek
Sr. Member
****
Offline Offline

Activity: 382
Merit: 250



View Profile
September 24, 2013, 06:54:54 PM
 #13

Blockchain's RPC interface/server has a tendency to go down for several days at a time, as it just did recently. Verifying a message doesn't require the blockchain, so look into offline solutions, like from this thread: https://bitcointalk.org/index.php?topic=222992.0

           ▄▄█████████▄▄
       ▄████▀▀       ▀▀████▄
     ▄██▀▀               ▀▀██▄
    ██▀                    ████
   ██                     ███▀██
  ██                    ▄██▀   ██
 ██                    ▄██      ██
██▀                  ▄██▀      ▄███
██                  ▄██      ▄██▀██
██                 ██▀    ▄███▀  ██
██               ▄██▀   ▄██▀     ██
██▄             ▄██  ▄███▀      ▄██
 ██           ▄██▀ ▄██▀         ██
  ██         ▄██▄███▀          ██
   ██       █████▀            ██
    ██▄   ▄████▀            ▄██
     ▀██▄███▀            ▄▄██▀
       ▀████▄▄       ▄▄████▀
           ▀▀█████████▀▀
L I V E T R E E   A D E P T TM
Own the future of entertainment
The World's 1st Community-Powered,
Film, TV and Content Network  ★
jimbursch
Member
**
Offline Offline

Activity: 66
Merit: 10


View Profile WWW
March 31, 2014, 07:16:49 PM
 #14

I am having the same problem that was originally posted here -- getting an incorrect false return on verifymessage().


$address = '1B8QAtcpBkL3jtfeMvfLiz8hnPi2U1KCyf';
$signature = 'HP1aJ5Pnx9WMrFOl9U76u5ZMkjnhqW+cxcIqAnGg1f6JhKX0jKChZnV94ewXnBNb0wA+3sIJdtszALPw8EbcXOc=';
$message = 'test';

$rpc->verifymessage($address, $signature, $message);

this returns
bool(false)

I'm using the api described here:
https://blockchain.info/api/json_rpc_api

Method: verifymessage
Parameters: (String bitcoinaddress, String signature, String message)
Description: Verifies the signature and message matches the bitcoin address provided (See signmessage)
Returns: Boolean

MyMindshare -- a commercial messaging system -- check it out at  *Link Removed*
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!