Using a bitcoin as means for authentication

[Nataj]

 Helo Bitcoin Community,

I am a second year IT student. For my specialization minor I chosen IT management and security.

At my college/university we are expected to present a solo project. I am very interested in Bitcoin and am following the developments
rather closely. Though I am not that experienced yet as a programmer to contribute in any significant way. Though It would be really
cool if I could do something related with Bitcoin.


My idea would be to use a bitcoin(or part thereof) as a key that programmatically provides access to a application/system. Sending the bitcoin(key) to an other user would then work as handing the key over.

Would that be feasible or am I overestimating the capabilities of the protocol?

With friendly regards,

Jason

[1714514890]

1714514890

[1714514890]

1714514890

[1714514890]

1714514890

[1714514890]

1714514890

[1714514890]

1714514890

[byt411]

I suppose you can sign a message with a bitcoin address, and use that as a password.
Or I suppose you could set up some kind of system that you can authenticate by sending some bitcoins to it, and it will automatically send them back. But that is a huge waste of transaction fees.

[Nataj]

I was thinking of using an bitcoin address public key to verify true ownership of the bitcoin(they key to the lock).

I understand it possible to track a specific bitcoin/parthereof. If the address is the true owner of the bitcoin then access is given.
My plan is to use a raspberry pi to open a mechanical lock when this validation process is complete. Of course there will be a constant
internet access to make sure the block chain can be scanned.

Correct me if I am wrong.

[shawshankinmate37927]

I was thinking of using an bitcoin address public key to verify true ownership of the bitcoin(they key to the lock).

I understand it possible to track a specific bitcoin/parthereof. If the address is the true owner of the bitcoin then access is given.
My plan is to use a raspberry pi to open a mechanical lock when this validation process is complete. Of course there will be a constant
internet access to make sure the block chain can be scanned.

Correct me if I am wrong.

The Bitcoin network uses digital signatures to authenticate "ownership" of the BTC that belong to a particular BTC Address.  BTC transactions are specially formatted messages that are digitally signed in order to prove you possess the private key associated with a BTC Address.  You don't have to initiate a transaction to prove that you have the private key, you could just sign a message.

More info on digital signatures can be found here.

[Nataj]

How do I sign such a message?

[kjj]

Ask the user to generate and submit an address.  Save it somewhere.

Later, when the user wishes to authenticate, generate a random cookie and present it to the user.

The user signs it using bitcoind signmessage <address> <cookie> and returns the result.

The device then verifies it using bitcoind verifymessage <address> <signature> <message>.

[Nataj]

Ask the user to generate and submit an address.  Save it somewhere.

Later, when the user wishes to authenticate, generate a random cookie and present it to the user.

The user signs it using bitcoind signmessage <address> <cookie> and returns the result.

The device then verifies it using bitcoind verifymessage <address> <signature> <message>.

The address is to be saved and used as the key to the system right?

how do I generate this random cookie?

I take it that address variable  is the address of the user right? the return value is the signature or  the message?

This way of doing things though seems like using the address as the authenticating factor, and not a bitcoin/partherof. I was thinking of a system
where sending that specific bitcoin would grand access to the address for the system.

[kjj]

The address is to be saved and used as the key to the system right?

how do I generate this random cookie?

I take it that address variable  is the address of the user right? the return value is the signature or  the message?

This way of doing things though seems like using the address as the authenticating factor, and not a bitcoin/partherof. I was thinking of a system
where sending that specific bitcoin would grand access to the address for the system.

In that case, just generate the address yourself and present it to the user.  Then use -walletnotify to monitor payments to that address.  Unlock when the payment has enough confirmations.

If you want the transaction to purchase perpetual access rather than instant, just ask for a signing address before presenting the payment address, and tie them together in a database, then use the signmessage/verifymessage scheme above.