Trezor Suite added Sign & Verify

[dkbit98]

With latest update version 21.10.1 Trezor Suite now added option to Sign and Verify message in similar way like we can do it with Electrum wallet to prove ownership of a specific address.
Navigating to Accounts tab and clicking to 3 dots is opening Sign & Verify popup, and if the signature is correct, you will receive notification message confirming that.
Opening Trezor Suite will show you the update button or you can update manually from official github or website:

New features

- Sign and Verify
- Bitcoin payment links now open in Suite
- Czech language thanks to @foxikk
- Automatically set color scheme and language based on system settings

https://github.com/trezor/trezor-suite/releases/tag/v21.10.1

[1713626119]

1713626119

[1713626119]

1713626119

[1713626119]

1713626119

[1713626119]

1713626119

[HCP]

Just had a chance to have a bit of a play with this functionality... It's pretty slick.

It will sign from Legacy, Nested or Native Segwit addresses (for Bitcoin)... and it even gives you the option of signing with one of your used addresses or the next "fresh" address (and displays the index number of the address being used).



Testing Notes:

- Bitcoin Core only supports verifying using Legacy.
- Electrum cannot verify signed messages from Trezor Suite using Nested or Native Segwit addresses, it will only verify Legacy.
- The same goes for Mycelium. Only Legacy works. Nested and Native Segwit fails.
- However Jochen Hoenicke's (the guy who runs the mempool stats site) BrainwalletX mod that supports P2SH here: https://jhoenicke.github.io/brainwallet.github.io/#verify is able to verify signed messages using a Nested Segwit address in addition to Legacy. (Native Segwit still fails).


And in "reverse":
- Bitcoin Core only supports signing using Legacy addresses
- Trezor Suite cannot verify messages from Electrum Nested or Native Segwit... only Legacy.
- Mycelium doesn't offer the ability to sign as far as I can tell, only verify.
- The JoHoe brainwalletX only allows to sign from Legacy (and this verifies OK in Trezor Suite as you would expect).


TLDR: If the party you need to verify your message doesn't own a Trezor... probably best to stick to signing messages using a Legacy address for now.

[SFR10]

With latest update version 21.10.1 Trezor Suite now added option to Sign and Verify message in similar way like we can do it with Electrum wallet to prove ownership of a specific address.

I thought they failed to meet the deadline that they set before, but I was wrong:

• ^{- Looks like the "Sign & verify" feature will be added to the Trezor Suite's upcoming version [based on the label, I think it'll be on "October 13"], so that's another reason to stick to Trezor Suite.}
  

It will sign from Legacy, Nested or Native Segwit addresses (for Bitcoin)...
~Snipped~
- Electrum cannot verify signed messages from Trezor Suite using Nested or Native Segwit addresses, it will only verify Legacy.
~Snipped~
- Trezor Suite cannot verify messages from Electrum Nested or Native Segwit... only Legacy.

It defeats its purpose to a large extent when you can't verify messages that come from those address formats ^{[apart from Legacy]}, on other wallets... Does anybody know why there are incompatibility issues?
^{- Btw, you might want to replace the pixelated part with a solid colored box instead [there's a small chance that someone could undo/reverse it].}

[dkbit98]

It defeats its purpose to a large extent when you can't verify messages that come from those address formats ^{[apart from Legacy]}, on other wallets... Does anybody know why there are incompatibility issues?

Why would it defeat the purpose?
I think that anyone can download Trezor Suite to verify message from other address types, and Trezor devs once again showed they are pioneers, so I won't be surprised to see other wallets forking their code and enabling this option soon.
It's the beauty of open source code.

[Pmalek]

Does anybody know why there are incompatibility issues?

The response I have have heard on Bitcointalk is always that there is no common standard for signing messages from segwit addresses. Common meaning that it's not used and implemented the same way by all wallets and service providers.

Trezor confirms that in this reddit post I found:

The problem is that there is no standard algorithm for verifying with segwit addresses. In particular, the site you mentioned will never accept a signature for a 3.. or bc1.. address as valid. It doesn't matter what signature you use. I think the same is true for Bitcoin Core. You can't create any signature for a 3.. or bc1.. address that Bitcoin Core would accept.

To solve this, we need a standard algorithm for segwit addresses and we need everyone to accept it.

https://www.reddit.com/r/TREZOR/comments/8vyenv/please_help_cannot_verify_trezor_signed_messages/e1s5tez/

Why would it defeat the purpose?
I think that anyone can download Trezor Suite to verify message from other address types...

Anyone can download Trezor Suite, but you can't open and run the software without a connected Trezor hardware wallet. I was curious about it, so I checked myself. It asks you to connect your wallet and there is no way around it. You have additional options to visit the official website or contact the support. This feature is therefore only available for those who own a Trezor wallet.

[HCP]

Why would it defeat the purpose?
I think that anyone can download Trezor Suite to verify message from other address types

Except that you can't actually get into the main dashboard of the suite (or the wallet.trezor.io website) without a Trezor connected. While there is an option, if you have a Trezor, to have the suite "remember device" etc which will allow you to open it up and work like a watching-only wallet without your device connected, you still need your device connected at least once. AFAIK.

Btw, you might want to replace the pixelated part with a solid colored box instead [there's a small chance that someone could undo/reverse it]

With a pixel size of 8... I doubt anyone could reverse engineer it, good luck to anyone that wants to try... because even if they do, they're only going to get about 12-16 characters of the address anyway... the suite only shows the first half of the address and slowly fades it out from about the 3rd character onwards.

[Pmalek]

I found another relatively old discussion on GitHub about the issues of message signing with Segwit addresses. The message was posted back in 2017, it doesn't clarify the situation any better for me, but @SFR10 maybe it answers your question.

The confusion here comes from the ambiguitiy in whether an address is an identifier of a key, or a shorthand for a script.

In the time when there was only one type of addresses, this was an innocent confusion to have: every address was indeed a shorthand for a P2PKH script, but also uniquely identified a private/public keypair. This is exploited in the signmessage command. It works with keys, not addresses, but uses addresses to refer to these keys.

Since P2SH, and certainly now with P2WSH/P2WPKH, this no longer works. You can't sign with an arbitrary P2SH address - even if you have the key for it - since the receiver wouldn't have the public key to verify with.

Source:https://github.com/bitcoin/bitcoin/issues/10542#issuecomment-306576290

[dkbit98]

Anyone can download Trezor Suite, but you can't open and run the software without a connected Trezor hardware wallet. I was curious about it, so I checked myself. It asks you to connect your wallet and there is no way around it. You have additional options to visit the official website or contact the support. This feature is therefore only available for those who own a Trezor wallet.

Obviously you need to own or make your own DIY Trezor device if you want to use this feature now with Trezor Suite, but I said that other wallets will fork this option and enable it in future.
I am not sure how complicated this would be, but post posting a suggestion on their github page may be a good idea.
Let's remember that Trezor devs also created BIP39 mnemonic code that almost all other wallets support now.

[SFR10]

Why would it defeat the purpose?

In addition to what @Pmalek and @HCP posted, I said the above line ^{["to a large extent"]} because of the fact that the feature in question, is only capable of doing those tasks partially "unless it meets all of the above conditions"!

The response I have have heard on Bitcointalk is always that there is no common standard for signing messages from segwit addresses. Common meaning that it's not used and implemented the same way by all wallets and service providers.
~Snipped~

To solve this, we need a standard algorithm for segwit addresses and we need everyone to accept it.

Thank you for providing that information... It's quite interesting and weird that there's no consensus yet!

[HCP]

I just did a test with Electrum. I created a wallet using the import key feature:

Code:

p2pkh:KwLJicJMybtSJMLqRRJ4fUAwKcfVZ2WPQJPVnsfD9K8gK5rVDRCi
p2wpkh-p2sh:KwLJicJMybtSJMLqRRJ4fUAwKcfVZ2WPQJPVnsfD9K8gK5rVDRCi
p2wpkh:KwLJicJMybtSJMLqRRJ4fUAwKcfVZ2WPQJPVnsfD9K8gK5rVDRCi

That is to say, I used the same private key to generate a Legacy, Nested and Native Segwit address:

Code:

1FjqJDbtkU7EWJ6iknmnMRv42tBV4vTrYK
3ExF2mJdNJye5DtLbEr2WtDEMGz2Mbw2Ne
bc1q5x4cctq424jjk6rpl3ty5hgzhk8t79crtcknxx

I then created a test message using each "address"... they all created identical signatures:

Code: (Message)

HCP Testing 20211015

Code: (Signature)

H1Mfv8yUXfb6MZflsVkaurSza9BXA7FiZw80sCXUs2tkdW9I7lOUb7OisNsM0mRe5adNLmXLC/I7xp8VDTUJIJA=

Which isn't too surprising, I guess... given that the same private key should create the same public key... and it's just the different encoding of that public key that results in a different address. So, theoretically, a wallet would just need to check the specific encoding of the public key provided in the signature that matches the address type provided to confirm if the message is valid. ie. if the message uses an address starting with a "1", then use the P2PKH encoding of the public key, "3" = use the P2SH-P2WPKH encoding, "bc1" = use the P2WPKH encoding. Which is more or less what Electrum does. (It actually checks against each address type.)


So, I don't really understand why this is such an issue still? Is it because P2SH addresses may not even have a private key (ie. pure script) or may have several (ie. multisig)? Is it just that no-one really cares because they're busy implementing other things?

[Pmalek]

Is it just that no-one really cares because they're busy implementing other things?

This might be it. We can already sign messages with legacy addresses. Developers probably think that's enough. Why bother and spend time creating an algorithm and contacting everyone to get aboard with it when there is already a standard with legacy addresses. It's not that I agree with it, but I understand if they don't consider it a feature that's really needed.

[SFR10]

It's worth noting that Trezor has quickly released an update ^[21.10.2] to fix the following bugs:
^{- Differences}

• [PSA] ETH bump fee error in Trezor Suite
  
  • fix: fix eth bump fee runtime err
• [PSA] Trezor Suite error on Android
  
  • fix: webusb on android