Bitcoin Forum
November 02, 2024, 10:21:25 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 »
  Print  
Author Topic: How to sign a message?!  (Read 141589 times)
shorena (OP)
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
March 14, 2015, 11:30:18 PM
Last edit: September 29, 2018, 07:06:07 PM by shorena
Merited by Murat (50), Welsh (30), LoyceV (26), krogothmanhattan (25), dbshck (20), Wusolini (20), vapourminer (13), EFS (10), Vod (10), mprep (10), hahay (10), pooya87 (10), xandry (10), Mr. Big (10), zazarb (6), Cyrus (5), suchmoon (5), franckuestein (5), EcuaMobi (5), BitcoinMarshal (5), paxmao (3), Woshib (3), theunbeatable (3), butka (3), DogecoinMachine (2), pawel7777 (2), bL4nkcode (2), TMAN (2), lulucrypto (2), YourNeko (2), OgNasty (1), Timelord2067 (1), bitbollo (1), ralle14 (1), u9y42 (1), johhnyUA (1), o_e_l_e_o (1), InvoKing (1), redsn0w (1), Cluster2k (1), digit (1), Inwestour (1), apoorvlathey (1), HabBear (1), JohnUser (1), risatrakib (1), JeremyB (1), uelque (1), Financisto (1), Quite (1), Zedxxx (1), MK-BTC (1), wnet (1)
 #1

Intro:

Welcome to the world of bitcoin.

I have been a Newbie like you, looking for scrap, asking questions, working faucets. Faucets are a waste of time. Yes, it was a bit easier in the past. I could join a signature campaign with only 19 posts. Spammers have ruined this pretty much for Newbies though and if they continue I am afraid they will ruin it for all of us. This is not the topic though, sorry for the distraction. You dont believe me that I joined a campaign as Newbie? Well I can proof it to you and I can show you how. By signing a message.

The post quoted below was written by me. It was not edited and it contains a bitcoin address. If you click on its link you will see that it has no dotted line below the time and date. See here for an edited post. I changed it today. Here is a picture.

19 posts... im in

18uTXyQubfaYrkbQDdaXhzd2ALEY5YN77B

And I can sign a message with this address to prove that I still have access to the private key that belongs to this address.

Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is shorena from bitcointalk.org and today is 2015.03.14
or as some of you might write it 03/14/15 pi day 2015
-----BEGIN SIGNATURE-----
18uTXyQubfaYrkbQDdaXhzd2ALEY5YN77B
IFtLgDZCpvfw0DT70RCLcYXj3Dbjf68sc6pj/C+u5K6IC8PIhHE4Y/ldllt1/yhrZpVW/shFRf7rxQYdsW/CcBM=
-----END BITCOIN SIGNED MESSAGE-----

You are probably not impressed. So what, a signed message, you might think, but its very important here if you want to trade with someone. There are currently at least 3 accounts in the meta section that are contested. The main problem with all of them is: someone was unable to sign a message, someone did not request a signed message for a trade or someone has no idea how to sign a message. I will try my very best to show you how to sign a message and how to verify a signed message. For this I will use pictures as I know not everyone here speaks english. I will also update this thread over time.

If you want to get your address witnessed somewhere for the future, use this thread by Tomatocage -> https://bitcointalk.org/index.php?topic=996318.0
Someone will quote your post there to make sure a hacker that has control over your account can not change it. Make sure you only post addresses you can sign a message with. You can use this thread to test signing message, I will verify them all and Im sure other users will chime in when I am not online as well.



If you want to thank me because this thread has helped you, post a signed message. If you just tell me it helped you, Ill probably think you never even bothered to read this.




Index:




Format:

Note: Always include the date and reason when creating a message. If you sign a generic message it could be reused by someone else.

When you sign a message you want to present it to someone else and they want to verify the message. In order to make this extra easy its important to use a certain format. You can modify it as needed, but there are certain things to keep in mind.
Every symbol is important. The symbols > and < in my examples have to be removed. When you sign a message and somewhere have two spaces between two words, both are important for the signature. Thats the whole point of a signature. It detects whether someone changed the message or not. The board here has a "code" environment thats perfect for this. It will make sure no linebreaks are added and the other person can easily copy it. I used the same format above.

If you write a post/PM it should look like on the picture below:


and for everyone else reading, it looks like this:
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
<insert message here>
-----BEGIN SIGNATURE-----
<insert address here>
<insert signature here>
-----END BITCOIN SIGNED MESSAGE-----

I added an example how to post the signed message for the blockchain.info part here.




Dos and Don'ts:
return to index

  • DO include the current date. This ensures the signature can not be reused on a different day.
  • DO include the reason and be specific. This ensures the signature can not be resued for a different reason.
  • DO include your nickname and where you use it. This ensures the signature can not be reused, e.g. by Shorena on AcmeCorpTalk.

  • DO NOT use a compromised machine (virus, keylogger, etc.) to create a signature. Signing unlocks your wallets protection the same way spending bitcoin does.
  • DO NOT upload your private key somewhere in order to create a signature.
  • DO NOT give your private key to someone else in order to create a signature for you.

You think something is missing here? Leave a reply below.




Pay to script hash (P2SH) addresses:
return to index

There is no way for pay to script hash addresses without private key (yes, they are possible) to sign a message. For multi-sig-addresses (a subset of P2SH addresses) there are private keys, but there is no consistent definition on how a signature for a message would be verified. Thus, its impossible to sign a message with an address starting with a 3 in a realiable way. With the addition of P2SH-P2WPKH addresses (SegWit, but starting with a 3) this did not change. At least it did not in bitcoin core, other wallets may still allow signing or verification.





Creating a Signature:
return to index

Bitcoin Core version v0.10.0
return to index

link to picture -> https://i.imgur.com/qx3C9zl.png





Electrum v 1.9.8
return to index
Note: Electrum 2.3.1 and 2.5.4 are exactly the same in this regard.

link to picture -> https://i.imgur.com/qXbURuy.png





MultiBit v 0.5.18
return to index

link to picture -> https://i.imgur.com/ftumD67.png





MultiBit HD v 0.1
return to index

link to picture -> https://i.imgur.com/MtDpQjq.png





Blockchain.info
return to index

Note: Blockchain.info is an online wallet, thus their interface could change. Since there is no version number to indicate a change I added the date. I used the stock Tor browser for this (see the URL), but its identical to the regular version. The black bar masks the wallet identifier. Its a throwaway wallet, but I tend to remove stuff like this.

link to picture -> https://i.imgur.com/cNr6wOp.png





Blockchain.info v2 2016.05.11
return to index

Update (2017.5.13): According to user apoorvlathey it is now possible to sign messages with the new version as it was in the past. User sHeRiLyN1618 reports that this is only possible for imported addresses, but not addresses generated with the service. For more information read the posts starting from here -> https://bitcointalk.org/index.php?topic=990345.msg18991565#msg18991565

Update (2016.5.11): It is now possible to sign messages with imported private keys.
Th0ur007 wrote a step by step here -> https://bitcointalk.org/index.php?topic=1467458

Note: Blockchain.info's new wallet does not allow you to sign a message, nor does it allow you to easily export the private key in order to sign with a different wallet. There is a crude work around here -> https://docs.google.com/document/d/1-2l6xOqcbjs9QWEqSh72RD1d8EEdvG_hQuEXw_f_o6w/edit
Use at your own risk!



Mycelium 2.3.0 - 2.5.2 on Android Lollipop
return to index

Note: In order to get a preformatted message select "Share Text + Signature" at the last step, open with e.g. your Mail programm and copy the complete message from there.

link to picture -> https://i.imgur.com/lNgSoEq.png




Coinbase
return to index

Note: 2018.03.04 coinbase has removed the tutorial.

See their how to for now: https://support.coinbase.com/customer/portal/articles/1526413-how-do-i-sign-a-message-with-a-bitcoin-address-



Bither v.1.3.7.1
return to index

link to picture -> https://i.imgur.com/7Ceew9W.png




Ledger Wallet Bitcoin v.1.10.1
return to index
Note! full credit for this section goes to JeremyB. Go thank them, not me!

Link to picture -> https://i.imgur.com/2h22aN6.png




Trezor Wallet
return to index
Note: full credit for this section goes to JeremyB. Go thank them, not me!

Link to picture -> https://i.imgur.com/mvg884g.png






Verifying a Signature:
return to index

Blocktrail
return to index

link: https://www.blocktrail.com/BTC?verifysignedmessage=1

Note: This service requires JavaScript and might not work with all browsers.

Correct Signature

link to picture -> https://i.imgur.com/CSI1CeX.png



Incorrect Address

link to picture -> https://i.imgur.com/4aWAAau.png



Incorrect Signature & Modified Message

link to picture -> https://i.imgur.com/eA5Zl5e.png



Incorrect & Modified Signature

link to picture -> https://i.imgur.com/fPS8V0w.png





Chain Query Alpha
return to index

link: http://chainquery.com/bitcoin-api/verifymessage

Correct Signature

link to picture -> https://i.imgur.com/Wxtg5gD.png



Incorrect Signature & Modifed Address

link to picture -> https://i.imgur.com/AnDpyYW.png



Incorrect Signature & Modified Message

link to picture -> https://i.imgur.com/kOLx0K8.png



Incorrect & Modified Signature

link to picture -> https://i.imgur.com/Nvs7wtY.png





coinig.com
return to index

Will be added ASAP Seem to be bugged when verifying messages with at least one linebreak. Will add them once its fixed.



Brainwallet.github.io
return to index

Note: 2018.03.02: New link https://brainwalletx.github.io/#verify

Note: 2015.12.20: Brainwallet has a copy here -> http://wallet-2sx53n.sakurity.com/#verify

Note: 2015.08.08: Brainwallet is no longer operational, old pictures still linked below.

Note: 2015.04.03: I noticed the site was improved since I made the picture below. The updated version now allows to input the address, the message and the signature seperately as bitcoin-qt/core would. Since the old way is still working, I did not update the pictures. Thanks 2 [/url=https://bitcointalk.org/index.php?topic=990345.msg31257348#msg31257348]JeremyB[/url] for updating the pictures.

link: https://brainwallet.github.io/#verify copy: http://wallet-2sx53n.sakurity.com/#verify

(Bitcoin-QT) Correct Signature


Link to picture -> https://i.imgur.com/hlkBkji.png

(Bitcoin-QT) Incorrect Signature


Link to picture -> https://i.imgur.com/VEqKAeE.png

(Bitcoin-QT) Correct Signature & Missing address


Link to picture -> https://i.imgur.com/LefpKPC.png



Correct Signature


link to picture -> https://i.imgur.com/75MFIiH.png

Incorrect Signature & Missing Address


link to picture -> https://i.imgur.com/GD2tzVJ.png

Incorrect Signature


link to picture -> https://i.imgur.com/okc8Q2K.png



Trezor
return to index
Note: full credit for this section goes to JeremyB. Go thank them, not me!

Correct Signature

Link to picture -> https://i.imgur.com/XgICUy7.png


Incorrect Signature

Link to picture -> https://i.imgur.com/Y3LIVPT.png





License (CC BY-SA 3.0):
return to index

You are free to:
  • Share - copy and redistribute the material in any medium or format
  • Adapt - remix, transform, and build upon the material
for any purpose, even commercially. I cannot revoke these freedoms as long as you follow the license terms.

Under the following terms:
  • Attribution - You must give appropriate credit (mentioning my name [shorena] is enough), provide a link to the license, and indicate if changes were made.
  • ShareAlike - If you remix, transform, or build upon the material, you must distribute your contributions under the same license (see link).

link -> https://creativecommons.org/licenses/by-sa/3.0/

Signed version:

Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is shorena from bitcointalk.org and today is the 24th of April 2015.
I publish my guide to sign message with bitcoin addresses and all related pictures under CC BY-SA 3.0
link to guide  : https://bitcointalk.org/index.php?topic=990345.0
link to license: https://creativecommons.org/licenses/by-sa/3.0/
-----BEGIN SIGNATURE-----
18uTXyQubfaYrkbQDdaXhzd2ALEY5YN77B
IDYQyGOx2rG9aJ3bZH/SJSRFZJMZiMrIxiNNY1Hv9geHLlYeGdYbH+AxNbT+qXGmEzojFt//loC+sj8yGo6AV9A=
-----END BITCOIN SIGNED MESSAGE-----



todo:
Code:
https://tools.bitcoin.com/verifier.html - verify
https://blockexplorer.com/messages/verify - verify
Bither v 1.3.7.1 - verify
Bitcoin Core version v0.12.0 - verify
Electrum 2.x - verify
Blockchain.info - verify
Multibit - verify
Multibit HD - verify
list more wallets/services that currently not support signing, add reference where possible
coinbase (own w/o text)
armory
(when fixed) coinig.com - verify


changelog:
Code:
2018.03.04 - added Filipino translation done by uelque, coinbase how to no longer available.
2018.03.02 - added Trezor sign/verify, ledger sign, brainwalletx updated pictures & french translation all done by JeremyB
2017.05.13 - bc.iv2 - working
2017.03.24 - Bither Android HD -> cant sign
2016.12.14 - "thanks" w/o signed message = idiot/spammer/or worse
2016.12.11 - added btc.com, freewallet.org, GreenAddress, breadwallet, Coinomi, Electrum, Coins.ph. Samourai and blockchain.info for android as cant sign.
2016.07.31 - added bitgo.com as cant sign.
2016.05.11 - Updated bc.i v2 with link to Th0ur007's guide.
2016.04.17 - added a few sentences on p2sh addresses
2016.03.04 - added work around for bc.i v2
2015.12.20 - readded brainwallet via a mirror, reinstated the pictures
2015.10.01 - problem with blocktrail was fixed, removed the warning and reinstated the pictures
2015.10.01 - added warning because blocktrail has problems verifying certain messages
2015.09.17 - added notes how each section is sorted
2015.09.17 - changed all imgur links/sources to https
2015.09.17 - added Bither v 1.3.7.1 (screenshots Ubuntu, Windows identical)
2015.09.17 - added several Copay (several version) to cant sign
2015.09.17 - added didnt bother to test section
2015.09.16 - added blocktrail.com - verify
2015.09.11 - sorted cant sign by name
2015.09.11 - added several more iOS 7.1.2 wallet to cant sign: Coins, ANX Vault, GreenAddress, BitX, Bitcoin Vault, Coins.ph
2015.09.11 - added Coinbase for Android thanks to prodigy8
2015.09.11 - updated todo list (blocktrail verify)
2015.09.10 - added several iOS 7.1.2 wallets to cant sign: bitWallet, breadwallet, Coinbase, Yallet, Wallet by Blocktrail, Bither Hot and Hotwallet
2015.08.12 - updated todo
2015.08.12 - added chain query alpha - verify - pictures
2015.08.11 - added link to chain query alpha - verify
2015.08.10 - added greenbits/-address to cant sign
2015.08.09 - temp removed coinig.com as it seems to be broken when verifying messages with linebreaks
2015.08.08 - temp added coinig.com to replace brainwallet - no pictures
2015.08.08 - brainwallet - verify no longer operational
2015.08.07 - added mSIGN and xapo to cant sign
2015.08.07 - added "cant sign" section
2015.07.27 - added first translation to romanian - thanks to Saruman
2015.07.27 - added list of translations
2015.07.20 - improved formatting - thanks to Muhammed Zakir
2015.07.09 - added link to coinbase how to - thanks to camelson
2015.06.22 - added multibit hd 0.1 - sig
2015.06.15 - did not add electrum 2.3.1 because its idential to 1.9.8, added text accordingly
2015.04.25 - added don't "compromised sys" - thanks to Muhammed Zakir
2015.04.24 - slightly changed license text (cosmetical changes)
2015.04.24 - added dos and don'ts - thanks to GreenStox
2015.04.19 - added link address stake thread - thanks to Muhammed Zakir
2015.04.12 - added license CC BY-SA 3.0
2015.04.03 - format, added note: use a date
2015.04.03 - brainwallet verify, added note: new "Bitcoin-QT"-Button
2015.04.03 - added Mycelium 2.3.0 on Android Lollipop
2015.03.17 - updated todo
2015.03.17 - added bc.i - sig
2015.03.15 - MultiBit 0.5.18 - sig
2015.03.15 - Electrum 1.9.8 - sig
2015.03.14 - Brainwallet online verify (Tor) - verify
2015.03.14 - Bitcoin Core version v0.10.0 - sig
2015.03.14 - Index
2015.03.14 - added Intro
2018.09.29 - Link to russian version by an@sha

Im not really here, its just your imagination.
shorena (OP)
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
March 14, 2015, 11:30:35 PM
Last edit: September 29, 2018, 07:07:17 PM by shorena
Merited by OgNasty (1)
 #2

Translations:

Language|Credit|Link
Romanian|Saruman|Thread
French|JeremyB|Thread
Filipino|uelque|Thread
Russian|an@sha|Thread

Im not really here, its just your imagination.
bensam123
Sr. Member
****
Offline Offline

Activity: 423
Merit: 250


View Profile
March 14, 2015, 11:37:14 PM
 #3

Quote
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is shorena from bitcointalk.org and today is 2015.03.14
or as some of you might write it 03/14/15 pi day 2015
-----BEGIN SIGNATURE-----
18uTXyQubfaYrkbQDdaXhzd2ALEY5YN77B
IFtLgDZCpvfw0DT70RCLcYXj3Dbjf68sc6pj/C+u5K6IC8PIhHE4Y/ldllt1/yhrZpVW/shFRf7rxQYdsW/CcBM=
-----END BITCOIN SIGNED MESSAGE-----

If I leave out one of the "-"s in the message, will that signed message be considered invalid?

e.g.

Code:
----BEGIN BITCOIN SIGNED MESSAGE-----
This is shorena from bitcointalk.org and today is 2015.03.14
or as some of you might write it 03/14/15 pi day 2015
-----BEGIN SIGNATURE-----
18uTXyQubfaYrkbQDdaXhzd2ALEY5YN77B
IFtLgDZCpvfw0DT70RCLcYXj3Dbjf68sc6pj/C+u5K6IC8PIhHE4Y/ldllt1/yhrZpVW/shFRf7rxQYdsW/CcBM=
-----END BITCOIN SIGNED MESSAGE-----
shorena (OP)
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
March 14, 2015, 11:41:09 PM
 #4

Quote
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is shorena from bitcointalk.org and today is 2015.03.14
or as some of you might write it 03/14/15 pi day 2015
-----BEGIN SIGNATURE-----
18uTXyQubfaYrkbQDdaXhzd2ALEY5YN77B
IFtLgDZCpvfw0DT70RCLcYXj3Dbjf68sc6pj/C+u5K6IC8PIhHE4Y/ldllt1/yhrZpVW/shFRf7rxQYdsW/CcBM=
-----END BITCOIN SIGNED MESSAGE-----

If I leave out one of the "-"s in the message, will that signed message be invalid?

e.g.

Code:
----BEGIN BITCOIN SIGNED MESSAGE-----
This is shorena from bitcointalk.org and today is 2015.03.14
or as some of you might write it 03/14/15 pi day 2015
-----BEGIN SIGNATURE-----
18uTXyQubfaYrkbQDdaXhzd2ALEY5YN77B
IFtLgDZCpvfw0DT70RCLcYXj3Dbjf68sc6pj/C+u5K6IC8PIhHE4Y/ldllt1/yhrZpVW/shFRf7rxQYdsW/CcBM=
-----END BITCOIN SIGNED MESSAGE-----

No the three lines are just to make it easier for humans to understand what is up. The brainwallet verifier will however not work if you remove it, but thats because they only have a single field for all 3 pieces of information. The address, the signature and the message usually have different boxes when using a programm.

Im not really here, its just your imagination.
bensam123
Sr. Member
****
Offline Offline

Activity: 423
Merit: 250


View Profile
March 14, 2015, 11:42:41 PM
 #5

So when verifying, do I copy the whole thing into the verifier, or do I copy them one by one?
shorena (OP)
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
March 15, 2015, 12:17:53 AM
 #6

So when verifying, do I copy the whole thing into the verifier, or do I copy them one by one?

With brainwallet you can just copy everything if it has the correct format. For other programms and tools you need to copy each string individually. E.g. if you verify with Multibit/Electrum/Bitcoin Core it has 3 fields for address, message and signature. If the whol message with signature and address is not in the format you would have to create it for brainwallet to work.

Im not really here, its just your imagination.
Karartma1
Legendary
*
Offline Offline

Activity: 2310
Merit: 1422



View Profile
March 15, 2015, 01:57:10 AM
 #7

Wow, this is a great tutorial shorena! I think mods should sticky this, because every new user have to learn this basic thing before it's too late. I see a lot of users got hacked or lost password and they end up losing their account forever.

I'll send you a small tip when I get my wage.
twister
Hero Member
*****
Offline Offline

Activity: 672
Merit: 502



View Profile WWW
March 15, 2015, 06:12:26 AM
 #8

Great tutorial, very helpful for newbies who I have seen having trouble understanding the difference between signing a message and signing a post.

Can you make one for 'How to get a PGP Key', as well?

 

██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
 
Get Free Bitcoin Now!
  ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦   
0.8%-1% House Edge
[/
pooya87
Legendary
*
Offline Offline

Activity: 3626
Merit: 10996


Crypto Swap Exchange


View Profile
March 15, 2015, 10:46:46 AM
 #9

wow, thank you shorena it was pretty usefull. actually i was looking for something like this

i have one question though. what is the difference between the message signed this way and the one called PGP that i've seen most escrows use and they link to keybase.io website

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
March 15, 2015, 10:53:26 AM
 #10

Well done shorena, ths guide is very good and full of useful information. Do you still own this address 1Le5jXpxvANv3v5Vfx9FY3XZjHjRm8fvzg ? A little donation will arrive in minutes Wink, take it just for your efforts in try to keep/help a good community.
shorena (OP)
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
March 15, 2015, 01:21:48 PM
 #11

Great tutorial, very helpful for newbies who I have seen having trouble understanding the difference between signing a message and signing a post.

Can you make one for 'How to get a PGP Key', as well?

I have added it for the to do list for now, not sure yet.

wow, thank you shorena it was pretty usefull. actually i was looking for something like this

i have one question though. what is the difference between the message signed this way and the one called PGP that i've seen most escrows use and they link to keybase.io website

Note the explanation below is simplified to give a rough idea about PGP. There are many detailed aspects to it that I dont want to go into here.

PGP is used since the early 90's. Its an asymmetric encryption / signature system that is used for a multitude of things now. Its now most commonly used for its intended use, to encrypt and sign mails. The encryption was so powerful that it was against USA law to export the software for a while unless significantly weakened. It had to leave the country via source code printed in a book. This is typically refered to as the crypto wars.

Without going into technical details, the main difference is how people use it. Its more likely for someone here to post a bitcoin address than it is for someone to post a full PGP key. While many of us have several bitcoin addresses to sign something with, you usually only have one or very few PGP keys (1 personal, 1 business, 1 software development, etc.). For PGP there also exists what is called the Web of Trust (WoT). If used correctly it allows you to be 100% sure that the person you are exchanging message with is exactly the person they claim, as in: it has been verified in person by someone you trust and have met in person. The biggest problem with PGP keys is to verify its owner. Same like a bitcoin address anyone can just create a PGP key pair and claim to be Bill Murray.

But, say Bill Murray (B) meets Christoph Waltz (C) in person. They sign each others keys to verify the respective owner. Should I ever meet C I can personally verify C's key and thus know B's key belongs indeed to Bill Murray. These chains are typically longer and form a complex network, the Web of Trust.

Well done shorena, ths guide is very good and full of useful information. Do you still own this address 1Le5jXpxvANv3v5Vfx9FY3XZjHjRm8fvzg ? A little donation will arrive in minutes Wink, take it just for your efforts in try to keep/help a good community.

Code:
----BEGIN BITCOIN SIGNED MESSAGE-----
Hi redsn0w,
today is 2015.03.15 and I am in control
of the address 1Le5jXpxvANv3v5Vfx9FY3XZjHjRm8fvzg
Shorena
-----BEGIN SIGNATURE-----
1Le5jXpxvANv3v5Vfx9FY3XZjHjRm8fvzg
INgOLoHP97AbQDN46R6/0Y73SXOW2lcnjaYoppubBY2sCGEqaylfvJrtAlqcN0sm/1v96YHuU7xcEYgKX7wxoQQ=
-----END BITCOIN SIGNED MESSAGE-----

Im not really here, its just your imagination.
Gisado
Full Member
***
Offline Offline

Activity: 168
Merit: 100

Yoohoo


View Profile
March 15, 2015, 03:37:00 PM
 #12

Great tutorial, very helpful for newbies who I have seen having trouble understanding the difference between signing a message and signing a post.

Can you make one for 'How to get a PGP Key', as well?
If you use GNU/Linux, this is easy guide. If Windows, use gpg4win. Just follow the instructions from gpg4win, and you're all set.

(Make sure not to use SHA-1 while creating!)
bitgeek
Sr. Member
****
Offline Offline

Activity: 462
Merit: 251



View Profile
March 15, 2015, 03:58:37 PM
 #13

It's about time someone did this, good job! I've seen people, who had a wallet for months and still didn't know how to sign and verify a message. This thread should remain on top of the section.


███████████████████████████████
███████████████████████████████
████████████████████████████████
████████████████████████████████
██████████████████████████████████
██████████████████████████████████████████
█████████████████████████████████████████
███████████████████████████████████████
█████████████████████████████████████
█████████████████████████████████████
█████████████████████████████████████
███████████████████████████████████
█████████████████████████████████████
█████████████████████████████████████

.

.

.

Online.BTC.Bingo

.

.

.*500%.CASH.BACK.+.INSTANT.BONUS
..PROGRESSIVE.JACKPOT
..NO-DOWNLOAD.CLIENT
.

.

.

EPIC.FUN.
elliwilli
Sr. Member
****
Offline Offline

Activity: 307
Merit: 250


et rich or die tryi


View Profile WWW
March 15, 2015, 04:32:40 PM
 #14

Dude awesome tutorial.
Signing with bitcoin is a pretty secure system and it needs more adoption IMHO, this will hopefuly make it more commonplace.
I was thinking about writing a tutorial for this within the week but you already took my place so TY for saving me some work  Grin

erikalui
Legendary
*
Offline Offline

Activity: 2632
Merit: 1094



View Profile WWW
March 15, 2015, 05:29:12 PM
 #15

Is it safe to connect your account with the bitcoin address? I have heard some people say that they don't want to take the risk of connecting the account as it could be hacked.

ikydesu
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500

fb.com/Bitky.shop | Bitcoin Merch!Premium Quality!


View Profile WWW
March 15, 2015, 05:54:43 PM
 #16

Awesome thread, very useful and complete tutorial Smiley
also i found this tutorial for PGP (PDF file) , its that right tutorial for use PGP?


~iki
shorena (OP)
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
March 15, 2015, 06:05:27 PM
 #17

-snip-
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
Hi redsn0w,
today is 2015.03.15 and I am in control
of the address 1Le5jXpxvANv3v5Vfx9FY3XZjHjRm8fvzg
Shorena
-----BEGIN SIGNATURE-----
1Le5jXpxvANv3v5Vfx9FY3XZjHjRm8fvzg
INgOLoHP97AbQDN46R6/0Y73SXOW2lcnjaYoppubBY2sCGEqaylfvJrtAlqcN0sm/1v96YHuU7xcEYgKX7wxoQQ=
-----END BITCOIN SIGNED MESSAGE-----

For everyone that tried to verify this, but couldnt get it working on brainwallet. Its missing a "-"
it should be:
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----

but its:
Code:
----BEGIN BITCOIN SIGNED MESSAGE-----

Every other tool used to verify should not have that problem. I just copied the modified version from bensam123.

Is it safe to connect your account with the bitcoin address? I have heard some people say that they don't want to take the risk of connecting the account as it could be hacked.

An unedited message or post with a bitcoin address can actually help you to recover a hacked account. Theymos mentions this in the thread about restoring accounts[1]. Its not fail safe though.

Regarding PGP, there are probably over 9000 good tutorials. If you find one that works for you thats great. Just be carefull what you download. If you feel you need someone to show you the way, attent a local cryptoparty[2]. I will focus on signatures with bitcoin addresses first and once that todo list is processed start with PGP.


[1] https://bitcointalk.org/index.php?topic=497545.0
[2] https://www.cryptoparty.in/

Im not really here, its just your imagination.
erikalui
Legendary
*
Offline Offline

Activity: 2632
Merit: 1094



View Profile WWW
March 15, 2015, 06:23:58 PM
 #18

An unedited message or post with a bitcoin address can actually help you to recover a hacked account. Theymos mentions this in the thread about restoring accounts[1]. Its not fail safe though.

Regarding PGP, there are probably over 9000 good tutorials. If you find one that works for you thats great. Just be carefull what you download. If you feel you need someone to show you the way, attent a local cryptoparty[2]. I will focus on signatures with bitcoin addresses first and once that todo list is processed start with PGP.


[1] https://bitcointalk.org/index.php?topic=497545.0
[2] https://www.cryptoparty.in/

The post you mentioned of Theymos reads as

-----BEGIN BITCOIN SIGNED MESSAGE-----
My account <account> has been hacked/lost. Please reset the email to <email>. The current date is <date>.
-----BEGIN SIGNATURE-----
<insert address here>
<insert signature here>
-----END BITCOIN SIGNED MESSAGE-----

Here is the unedited post where I posted that address: ...
OR
I sent that address to someone in a PM with PM ID#...


-------------------------------------------------------

But here in case if my account is hacked, the person may edit my post where my bitcoin address is present and I wont have any access to my PMs then. So in this case, I will have to note the post ID and the PM ID to be on a safe side?

Gisado
Full Member
***
Offline Offline

Activity: 168
Merit: 100

Yoohoo


View Profile
March 15, 2015, 07:02:03 PM
 #19

Awesome thread, very useful and complete tutorial Smiley
also i found this tutorial for PGP (PDF file) , its that right tutorial for use PGP?


~iki
Tutorials here(GNU Privacy Handbook) seem to be official one.
Gisado
Full Member
***
Offline Offline

Activity: 168
Merit: 100

Yoohoo


View Profile
March 15, 2015, 07:07:20 PM
 #20

An unedited message or post with a bitcoin address can actually help you to recover a hacked account. Theymos mentions this in the thread about restoring accounts[1]. Its not fail safe though.

Regarding PGP, there are probably over 9000 good tutorials. If you find one that works for you thats great. Just be carefull what you download. If you feel you need someone to show you the way, attent a local cryptoparty[2]. I will focus on signatures with bitcoin addresses first and once that todo list is processed start with PGP.


[1] https://bitcointalk.org/index.php?topic=497545.0
[2] https://www.cryptoparty.in/

The post you mentioned of Theymos reads as

-----BEGIN BITCOIN SIGNED MESSAGE-----
My account <account> has been hacked/lost. Please reset the email to <email>. The current date is <date>.
-----BEGIN SIGNATURE-----
<insert address here>
<insert signature here>
-----END BITCOIN SIGNED MESSAGE-----

Here is the unedited post where I posted that address: ...
OR
I sent that address to someone in a PM with PM ID#...


-------------------------------------------------------

But here in case if my account is hacked, the person may edit my post where my bitcoin address is present and I wont have any access to my PMs then. So in this case, I will have to note the post ID and the PM ID to be on a safe side?
Make a thread on reputations board (it looks like there is common place to post it) and ask someone to quote it (so even if your post is edited cracker have to crack quoter's account to successfully fool others - and of course, they will notice that it has been edited too.) and lock. I asked mods to move it to Archival to be extra sure. (I don't know if it can be edited after unlocking on Archival boards.)
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!