JSON RPC PHP + blockchain.info + verifymessage

[dexX7]

Hi all,

I'm trying to find out how to verify a message and I'm using the jsonRPCClient combined with blockchain.info. While other stuff works like a charm, I'm unable to verify a message and the result is always false. This is the code I'm using:

Code:

<?php
require_once 'jsonRPCClient.php';
			
$user = "76213f46-6558-4c7f-bcf4-25f6f75e5dd4";
$pass = "testtest23";
$host = "blockchain.info";
$port = 80;
 
$rpc = new jsonRPCClient("http://{$user}:{$pass}@{$host}:{$port}");
	
$address = "14cj3L2PAKd8WTN3zPhwX9qawTEnayqwar";
$signature = "GyQDxL58MYXz6t3JKRWPVVq26wx5BjFIQ/CtLEaGbvZ+GId0c6etp8DbFCPCcttNISBnVAokVnRtmvPHLATmPhg=";
$message = "test";

$addrvalid = $rpc->validateaddress($address);
$msgsigned = $rpc->verifymessage($address, $signature, $message);	

echo "<p>".var_dump($addrvalid)."</p><p>".var_dump($msgsigned)."</p>";
?>

Any hint is appreciated as well as other solutions. Thanks!

P.S.: it's a dummy account, don't even try..

Edit: actually it would be very sufficient, if I'd have a function like verify($message, $signature) -> address.

[nahtnam]

Well I have never used the rpc api, but in coinbase, instead of validating the address, I just try to send a payment, and catch the exception (if any)...

[dexX7]

Well I have never used the rpc api, but in coinbase, instead of validating the address, I just try to send a payment, and catch the exception (if any)...

Hi nahtnam,

thanks for the answer! Actually I don't want to validate an address, but I'd like to know which address belongs to "known message" + "input signature".

[nahtnam]

Well I have never used the rpc api, but in coinbase, instead of validating the address, I just try to send a payment, and catch the exception (if any)...

Hi nahtnam,

thanks for the answer! Actually I don't want to validate an address, but I'd like to know which address belongs to "known message" + "input signature".

Sorry I don't know what that means... 

[bardi.harborow]

Am I the only one who logged in to his blockchain.info account instantly?

[dexX7]

Am I the only one who logged in to his blockchain.info account instantly?

Not a big deal. Feel free to do so.

Sorry I don't know what that means... 

If you take a look at http://brainwallet.org/#verify for example, you enter a message and a signature and the result is a Bitcoin address. I'm looking for something similar and $rpc->verifymessage($address, $signature, $message); is the closest thing I've found, though it doesn't work as mentioned above.

[nahtnam]

Am I the only one who logged in to his blockchain.info account instantly?

Not a big deal. Feel free to do so.

Sorry I don't know what that means... 

If you take a look at http://brainwallet.org/#verify for example, you enter a message and a signature and the result is a Bitcoin address. I'm looking for something similar and $rpc->verifymessage($address, $signature, $message); is the closest thing I've found, though it doesn't work as mentioned above.

I still don't get the point of that... Can you please give me a real life application?

[dexX7]

I still don't get the point of that... Can you please give me a real life application?

Sure. One keyword: user authentication.

[nahtnam]

I still don't get the point of that... Can you please give me a real life application?

Sure. One keyword: user authentication.

Like what? You mean like to check if one person really owns a address?

[dexX7]

Like what? You mean like to check if one person really owns a address?

Sorry to be vague. I'd use it as substitute for a login mechanism.

Instead of a combination of username and password where the username is the internal identifier, I'd use solely a BTC address. For the login a random one-time-challenge string is shown to the user and he or she is asked to sign this string.

Example:

System: "Please sign the following message: login2113njsdfku3h24"
User answers with: G42O9cr+bwzfH71zfmFjIy/UmuQhVOxmqm5HgBglHMK/ceKCKBWSmLLd9sz8ZXpJxtAN0xwbyLyCwRjuUiQ7i/c=
The system verifies the signature and maps it to address: 17mDAmveV5wBwxajBsY7g1trbMW1DVWcgL

This address can then be used to recognize the user like the username before.

[nahtnam]

Like what? You mean like to check if one person really owns a address?

Sorry to be vague. I'd use it as substitute for a login mechanism.

Instead of a combination of username and password where the username is the internal identifier, I'd use solely a BTC address. For the login a random one-time-challenge string is shown to the user and he or she is asked to sign this string.

Example:

System: "Please sign the following message: login2113njsdfku3h24"
User answers with: G42O9cr+bwzfH71zfmFjIy/UmuQhVOxmqm5HgBglHMK/ceKCKBWSmLLd9sz8ZXpJxtAN0xwbyLyCwRjuUiQ7i/c=
The system verifies the signature and maps it to address: 17mDAmveV5wBwxajBsY7g1trbMW1DVWcgL

This address can then be used to recognize the user like the username before.

Oh well sorry I can't help you, since I don't know how to use the json rpc and had never heard of a signed message before... Is it like entering a random string in the public note section?

[dexX7]

Oh well sorry I can't help you, since I don't know how to use the json rpc and had never heard of a signed message before... Is it like entering a random string in the public note section?

You never heard about signed messages? Shame on you..

It's a great way to proof ownership of an address. For example, I claim I do own 1KqNPuC8egqxLdPVksjmSgC4zTdNysrz9p and I'm able to demonstrate this by signing a message.

Code:

Message: Hi, this is dexX7 and I own address 1KqNPuC8egqxLdPVksjmSgC4zTdNysrz9p.
Signature: G7zfExNiKd6KomBZHXJ4sKRJoqfAVsfbHHo8+YJx31YiJQd4cmHrlGuHtGSB0N8hE/ji42SUBmiyJnrdYoU3OLI=

Now head over to http://brainwallet.org/#verify and try to see, if it is legit.

The standard Bitcoin QT client has this feature, too. See: http://imgur.com/a/nUmZ0

[dalek]

Blockchain's RPC interface/server has a tendency to go down for several days at a time, as it just did recently. Verifying a message doesn't require the blockchain, so look into offline solutions, like from this thread: https://bitcointalk.org/index.php?topic=222992.0

[jimbursch]

I am having the same problem that was originally posted here -- getting an incorrect false return on verifymessage().


$address = '1B8QAtcpBkL3jtfeMvfLiz8hnPi2U1KCyf';
$signature = 'HP1aJ5Pnx9WMrFOl9U76u5ZMkjnhqW+cxcIqAnGg1f6JhKX0jKChZnV94ewXnBNb0wA+3sIJdtszALPw8EbcXOc=';
$message = 'test';

$rpc->verifymessage($address, $signature, $message);

this returns
bool(false)

I'm using the api described here:
https://blockchain.info/api/json_rpc_api

Method: verifymessage
Parameters: (String bitcoinaddress, String signature, String message)
Description: Verifies the signature and message matches the bitcoin address provided (See signmessage)
Returns: Boolean