How to sign a message?!

[Decoded]

-----BEGIN BITCOIN SIGNED MESSAGE-----
Im syndria owner of this address today is October,03,2015
-----BEGIN SIGNATURE-----
17FWb5uqJRP5EkPDjwBzcMQAecHi36Jv1D
IB2RRGYJ9frwm2tKxbVpz1P+crqguOIHfsytFTmos8xuGh/rL0glgm1vYX9DsDhP8fJozT/VyVRRKC4zMRKfwck=
-----END BITCOIN SIGNED MESSAGE-----

Please Quote and verify thank you for your help

you should post your signed message here instead https://bitcointalk.org/index.php?topic=996318.0

[joksim299]

-----BEGIN BITCOIN SIGNED MESSAGE-----
Im syndria owner of this address today is October,03,2015
-----BEGIN SIGNATURE-----
17FWb5uqJRP5EkPDjwBzcMQAecHi36Jv1D
IB2RRGYJ9frwm2tKxbVpz1P+crqguOIHfsytFTmos8xuGh/rL0glgm1vYX9DsDhP8fJozT/VyVRRKC4zMRKfwck=
-----END BITCOIN SIGNED MESSAGE-----

Please Quote and verify thank you for your help

The message was signed by the specified address.
However, there is dedicated thread to stake your address https://bitcointalk.org/index.php?topic=996318.0

[shorena]

-----BEGIN BITCOIN SIGNED MESSAGE-----
Im syndria owner of this address today is October,03,2015
-----BEGIN SIGNATURE-----
17FWb5uqJRP5EkPDjwBzcMQAecHi36Jv1D
IB2RRGYJ9frwm2tKxbVpz1P+crqguOIHfsytFTmos8xuGh/rL0glgm1vYX9DsDhP8fJozT/VyVRRKC4zMRKfwck=
-----END BITCOIN SIGNED MESSAGE-----

Please Quote and verify thank you for your help

I quoted it in the proper thread -> https://bitcointalk.org/index.php?topic=996318.msg12592997#msg12592997

[syndria]

-----BEGIN BITCOIN SIGNED MESSAGE-----
Im syndria owner of this address today is October,03,2015
-----BEGIN SIGNATURE-----
17FWb5uqJRP5EkPDjwBzcMQAecHi36Jv1D
IB2RRGYJ9frwm2tKxbVpz1P+crqguOIHfsytFTmos8xuGh/rL0glgm1vYX9DsDhP8fJozT/VyVRRKC4zMRKfwck=
-----END BITCOIN SIGNED MESSAGE-----

Please Quote and verify thank you for your help

I quoted it in the proper thread -> https://bitcointalk.org/index.php?topic=996318.msg12592997#msg12592997

Thank you above you told me that its not the proper thread and since they already have quoted my post i didnt deleted it.

Btw your thread helped alot

[Hellacopter]

Intro:

Welcome to the world of bitcoin.

I have been a Newbie like you, looking for scrap, asking questions, working faucets. Faucets are a waste of time. Yes, it was a bit easier in the past. I could join a signature campaign with only 19 posts. Spammers have ruined this pretty much for Newbies though and if they continue I am afraid they will ruin it for all of us. This is not the topic though, sorry for the distraction. You dont believe me that I joined a campaign as Newbie? Well I can proof it to you and I can show you how. By signing a message.

The post quoted below was written by me. It was not edited and it contains a bitcoin address. If you click on its link you will see that it has no dotted line below the time and date. See here for an edited post. I changed it today. Here is a picture.

19 posts... im in

18uTXyQubfaYrkbQDdaXhzd2ALEY5YN77B

And I can sign a message with this address to prove that I still have access to the private key that belongs to this address.

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is shorena from bitcointalk.org and today is 2015.03.14
or as some of you might write it 03/14/15 pi day 2015
-----BEGIN SIGNATURE-----
18uTXyQubfaYrkbQDdaXhzd2ALEY5YN77B
IFtLgDZCpvfw0DT70RCLcYXj3Dbjf68sc6pj/C+u5K6IC8PIhHE4Y/ldllt1/yhrZpVW/shFRf7rxQYdsW/CcBM=
-----END BITCOIN SIGNED MESSAGE-----

You are probably not impressed. So what, a signed message, you might think, but its very important here if you want to trade with someone. There are currently at least 3 accounts in the meta section that are contested. The main problem with all of them is: someone was unable to sign a message, someone did not request a signed message for a trade or someone has no idea how to sign a message. I will try my very best to show you how to sign a message and how to verify a signed message. For this I will use pictures as I know not everyone here speaks english. I will also update this thread over time.

If you want to get your address witnessed somewhere for the future, use this thread by Tomatocage -> https://bitcointalk.org/index.php?topic=996318.0
Someone will quote your post there to make sure a hacker that has control over your account can not change it. Make sure you only post addresses you can sign a message with. You can use this thread to test signing message, I will verify them all and Im sure other users will chime in when I am not online as well.


Index:

• Intro
• Format
• Dos and Don'ts
• Creating a signature (ordered by date [oldest 1st])
  
  • Bitcoin Core version v0.10.0
  • Electrum v 1.9.8 (& 2.3.1)
  • MultiBit v 0.5.18
  • MultiBit HD v 0.1
  • Blockchain.info 2015.03.17
  • Mycelium 2.3.0 - 2.5.2 on Android Lollipop
  • Coinbase
  • Bither v.1.3.7.1
• Verifying a signature (in alphabetical order)
  
  • Blocktrail
  • Chain Query Alpha
  • coinig.com
  • Brainwallet.org
• Translations
• License (CC BY-SA 3.0)
  
• Services/wallets that can (currently) not be used to sign a message
  
  • ANX Vault v. 1.6 for iOS 7.1.2
  • Bitcoin Vault for iOS 7.1.2
  • Bither Hot v 1.3.9 for iOS 7.1.2
  • bitWallet for iOS 7.1.2
  • BitX Wallet 1.2.6 for iOS 7.1.2
  • Breadwallet by Aaron Voisine for iOS 7.1.2
  • Coinbase for iOS 7.1.2
  • Coinbase for Android
  • Coins v0.1 for iOS 7.1.2
  • Coins.ph v1.31 B 84 for iOS 7.1.2
  • Copay v. 1.1.3 for Windows (tested with 8.1 Pro 64 bit)
  • Copay v. 1.1.3 for Linux (tested with Ubuntu 14.04. LTS Desktop 64 Bit)
  • Copay v. 1.1.3 Chrome Plugin
  • GreenAddress/GreenBits
  • GreenAddress for iOS 7.1.2
  • Hotwallet v0.5.2 for iOS 7.1.2
  • mSIGNA
  • Wallet by Blocktrail v 1.0.9 for iOS 7.1.2
  • Xapo.com
  • Yallet for iOS 7.1.2
• Services/wallets that I did not bother to or could not test.
  
  • BitGo v1.5 - Chrome plugin, forces E-Mail verification.
  • Hive Wallet for iOS 7.1.2. - did not sync, thus I could not start the wallet in a way that would allow testing it.
  • Ninki v1.5 - Chrome plugin, forces security mechanisms in a way that makes testing for me impossible.

Format:

Note: Always include the date and reason when creating a message. If you sign a generic message it could be reused by someone else.

When you sign a message you want to present it to someone else and they want to verify the message. In order to make this extra easy its important to use a certain format. You can modify it as needed, but there are certain things to keep in mind.
Every symbol is important. The symbols > and < in my examples have to be removed. When you sign a message and somewhere have two spaces between two words, both are important for the signature. Thats the whole point of a signature. It detects whether someone changed the message or not. The board here has a "code" environment thats perfect for this. It will make sure no linebreaks are added and the other person can easily copy it. I used the same format above.

If you write a post/PM it should look like on the picture below:


and for everyone else reading, it looks like this:

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
<insert message here>
-----BEGIN SIGNATURE-----
<insert address here>
<insert signature here>
-----END BITCOIN SIGNED MESSAGE-----

I added an example how to post the signed message for the blockchain.info part here.


Dos and Don'ts:
return to index

• DO include the current date. This ensures the signature can not be reused on a different day.
• DO include the reason and be specific. This ensures the signature can not be resued for a different reason.
• DO include your nickname and where you use it. This ensures the signature can not be reused, e.g. by Shorena on AcmeCorpTalk.

• DO NOT use a compromised machine (virus, keylogger, etc.) to create a signature. Signing unlocks your wallets protection the same way spending bitcoin does.
• DO NOT upload your private key somewhere in order to create a signature.
• DO NOT give your private key to someone else in order to create a signature for you.

You think something is missing here? Leave a reply below.


Creating a Signature:
return to index

Bitcoin Core version v0.10.0
return to index

link to picture -> https://i.imgur.com/qx3C9zl.png




Electrum v 1.9.8
return to index
Note: Electrum 2.3.1 is exactly the same in this regard.

link to picture -> https://i.imgur.com/qXbURuy.png




MultiBit v 0.5.18
return to index

link to picture -> https://i.imgur.com/ftumD67.png




MultiBit HD v 0.1
return to index

link to picture -> https://i.imgur.com/MtDpQjq.png




Blockchain.info 2015.03.17
return to index

Note: Blockchain.info is an online wallet, thus their interface could change. Since there is no version number to indicate a change I added the date. I used the stock Tor browser for this (see the URL), but its identical to the regular version. The black bar masks the wallet identifier. Its a throwaway wallet, but I tend to remove stuff like this.

link to picture -> https://i.imgur.com/cNr6wOp.png



Mycelium 2.3.0 - 2.5.2 on Android Lollipop
return to index

Note: In order to get a preformatted message select "Share Text + Signature" at the last step, open with e.g. your Mail programm and copy the complete message from there.

link to picture -> https://i.imgur.com/lNgSoEq.png



Coinbase
return to index

See their how to for now: https://support.coinbase.com/customer/portal/articles/1526413-how-do-i-sign-a-message-with-a-bitcoin-address-

Bither v.1.3.7.1
return to index

link to picture -> https://i.imgur.com/7Ceew9W.png




Verifying a Signature:
return to index

Blocktrail
return to index

link: https://www.blocktrail.com/BTC?verifysignedmessage=1

Note: This service requires JavaScript and might not work with all browsers.

Correct Signature

link to picture -> https://i.imgur.com/CSI1CeX.png



Incorrect Address

link to picture -> https://i.imgur.com/4aWAAau.png



Incorrect Signature & Modified Message

link to picture -> https://i.imgur.com/eA5Zl5e.png



Incorrect & Modified Signature

link to picture -> https://i.imgur.com/fPS8V0w.png




Chain Query Alpha
return to index

link: http://chainquery.com/bitcoin-api/verifymessage

Correct Signature

link to picture -> https://i.imgur.com/Wxtg5gD.png



Incorrect Signature & Modifed Address

link to picture -> https://i.imgur.com/AnDpyYW.png



Incorrect Signature & Modified Message

link to picture -> https://i.imgur.com/kOLx0K8.png



Incorrect & Modified Signature

link to picture -> https://i.imgur.com/Nvs7wtY.png




coinig.com
return to index

Will be added ASAP Seem to be bugged when verifying messages with at least one linebreak. Will add them once its fixed.


Brainwallet.github.io
return to index

Note: 2015.08.08: Brainwallet is no longer operational, old pictures still linked below.

Note: 2015.04.03: I noticed the site was improved since I made the picture below. The updated version now allows to input the address, the message and the signature seperately as bitcoin-qt/core would. Since the old way is still working, I did not update the picture.

link: https://brainwallet.github.io/#verify

Correct Signature

link to picture -> https://i.imgur.com/75MFIiH.png

Incorrect Signature & Missing Address

link to picture -> https://i.imgur.com/GD2tzVJ.png

Incorrect Signature

link to picture -> https://i.imgur.com/okc8Q2K.png



License (CC BY-SA 3.0):
return to index

You are free to:

• Share - copy and redistribute the material in any medium or format
• Adapt - remix, transform, and build upon the material

for any purpose, even commercially. I cannot revoke these freedoms as long as you follow the license terms.

Under the following terms:

• Attribution - You must give appropriate credit (mentioning my name [shorena] is enough), provide a link to the license, and indicate if changes were made.
• ShareAlike - If you remix, transform, or build upon the material, you must distribute your contributions under the same license (see link).

link -> https://creativecommons.org/licenses/by-sa/3.0/

Signed version:

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is shorena from bitcointalk.org and today is the 24th of April 2015.
I publish my guide to sign message with bitcoin addresses and all related pictures under CC BY-SA 3.0
link to guide  : https://bitcointalk.org/index.php?topic=990345.0
link to license: https://creativecommons.org/licenses/by-sa/3.0/
-----BEGIN SIGNATURE-----
18uTXyQubfaYrkbQDdaXhzd2ALEY5YN77B
IDYQyGOx2rG9aJ3bZH/SJSRFZJMZiMrIxiNNY1Hv9geHLlYeGdYbH+AxNbT+qXGmEzojFt//loC+sj8yGo6AV9A=
-----END BITCOIN SIGNED MESSAGE-----

todo:

Code:

Bither v 1.3.7.1 - verify
Bitcoin Core version v0.11.0 - verify
Electrum 2.4 - verify
Blockchain.info - verify
Multibit - verify
Multibit HD - verify
list more wallets/services that currently not support signing, add reference where possible
coinbase (own w/o text)
armory
(when fixed) coinig.com - verify

changelog:

Code:

2015.10.01 - problem with blocktrail was fixed, removed the warning and reinstated the pictures
2015.10.01 - added warning because blocktrail has problems verifying certain messages
2015.09.17 - added notes how each section is sorted
2015.09.17 - changed all imgur links/sources to https
2015.09.17 - added Bither v 1.3.7.1 (screenshots Ubuntu, Windows identical)
2015.09.17 - added several Copay (several version) to cant sign
2015.09.17 - added didnt bother to test section
2015.09.16 - added blocktrail.com - verify
2015.09.11 - sorted cant sign by name
2015.09.11 - added several more iOS 7.1.2 wallet to cant sign: Coins, ANX Vault, GreenAddress, BitX, Bitcoin Vault, Coins.ph
2015.09.11 - added Coinbase for Android thanks to prodigy8
2015.09.11 - updated todo list (blocktrail verify)
2015.09.10 - added several iOS 7.1.2 wallets to cant sign: bitWallet, breadwallet, Coinbase, Yallet, Wallet by Blocktrail, Bither Hot and Hotwallet
2015.08.12 - updated todo
2015.08.12 - added chain query alpha - verify - pictures
2015.08.11 - added link to chain query alpha - verify
2015.08.10 - added greenbits/-address to cant sign
2015.08.09 - temp removed coinig.com as it seems to be broken when verifying messages with linebreaks
2015.08.08 - temp added coinig.com to replace brainwallet - no pictures
2015.08.08 - brainwallet - verify no longer operational
2015.08.07 - added mSIGN and xapo to cant sign
2015.08.07 - added "cant sign" section
2015.07.27 - added first translation to romanian - thanks to Saruman
2015.07.27 - added list of translations
2015.07.20 - improved formatting - thanks to Muhammed Zakir
2015.07.09 - added link to coinbase how to - thanks to camelson
2015.06.22 - added multibit hd 0.1 - sig
2015.06.15 - did not add electrum 2.3.1 because its idential to 1.9.8, added text accordingly
2015.04.25 - added don't "compromised sys" - thanks to Muhammed Zakir
2015.04.24 - slightly changed license text (cosmetical changes)
2015.04.24 - added dos and don'ts - thanks to GreenStox
2015.04.19 - added link address stake thread - thanks to Muhammed Zakir
2015.04.12 - added license CC BY-SA 3.0
2015.04.03 - format, added note: use a date
2015.04.03 - brainwallet verify, added note: new "Bitcoin-QT"-Button
2015.04.03 - added Mycelium 2.3.0 on Android Lollipop
2015.03.17 - updated todo
2015.03.17 - added bc.i - sig
2015.03.15 - MultiBit 0.5.18 - sig
2015.03.15 - Electrum 1.9.8 - sig
2015.03.14 - Brainwallet online verify (Tor) - verify
2015.03.14 - Bitcoin Core version v0.10.0 - sig
2015.03.14 - Index
2015.03.14 - added Intro

This is helpful article, i would like to thank the OP to help many members with this interesting informations about how to sign a message.
This is often asked, and really needed to complete various trades here, so this thread can help a lot.

[dothebeats]

A great and very detailed how-to for newbies in this forum. I suggest that this should be stickied for the users to see and notice it especially if they don't know how to sign a message. As always, a great post.

[CanIHazBitcoin777]

I have a question about signed messages so please answer.

If the signable message is short and non random, then can somebody reverse-engineer my private key?

How long has a signed message be to be safe and not leak the private key?

[shorena]

I have a question about signed messages so please answer.

If the signable message is short and non random, then can somebody reverse-engineer my private key?

No.

How long has a signed message be to be safe and not leak the private key?

The length does not matter, the private key can not be reversed from the public key. You would have to brute force it, which would take longer than our solar system will ever exist and requires more energy than our sun ever created.

[shorena]

-snip-
No but I mean if my message is 1 letter, and I sign that is pretty vulnerable no?

For example:

Message:

Code:

A

Signature:

Code:

HIIm9O/U1dSNYzGY7m+lOGeNQqUPGDsFK6Bt5Z0LuCZzELT4DAKSaGJ4d8BbmI/AkLulkpf8FJPfVSC4B7jUC64=

Address:

Code:

1DsnfQmQ8muzJD4wv8G3rkUYnRCCe6ysPq

Private Key:

Code:

-priv key-

The critical part here is that you publicly post your private key not that the message has a single symbol. DO NOT post your private key, ever. I will assume that you are smart enough and had a test private key setup for this.

Is there any way to reverse engineer the private key if I sign the message A with the private key, and reverse engineer the private key from the message with the public key?

No.

Here is this example i signed the message "A" with that private key and you get that signature. So i`m just curious if its possible to reverse engineer it because the message is very short?

No, as I said above it does not matter how long or short the message is you sign. Reversing the private key from a signed message is impossble.

[snipie]

Nice topic shorena, don't know how i didn't notice it.
I think that if someone could stick all useful links of the important posts in btctalk like this one in 1 sticky topic (like newbie readme which contains only the basics info) , it will be way helpful for all the forums members.

[shorena]

Nice topic shorena, don't know how i didn't notice it.
I think that if someone could stick all useful links of the important posts in btctalk like this one in 1 sticky topic (like newbie readme which contains only the basics info) , it will be way helpful for all the forums members.

Thanks,

the thread is linked here -> https://bitcointalk.org/index.php?topic=703657.0#post_faq

[defaultking]

Maybe I missed this or just don't understand, but what's the point in adding this signature?

[omahapoker]

Maybe I missed this or just don't understand, but what's the point in adding this signature?

Only the owner with access to the bitcoin address, can sign a message with that address.

Other people can see that the signed message comes from the true owner...

[equator]

it is really good thread i was having doubt of how to create sign message of my account and in this thread it clear gives me full details, thanks a lot

[midmir]

This is what I was looking for. Really helpful thread.
Thank you!

[helloeverybody]

very informative thread, this should be stickied for future reference.

[shorena]

Brainwallet is back on the list via a mirror at http://wallet-2sx53n.sakurity.com/#verify

Since it was very popular I reinstated the pictures.

[shorena]

hi shorena,Can you help me restore my account has been stolen ?
name: Altynbekova
btc address: 16DGWwDyKcd4jsig7ehvTkeLmVTmebduAy
email: lalurizkirno@gmail.com
and everything has been replaced.

No, only admins can do that. They usually require a signed message though. If the guides above are not helping, let me know which wallet software/service you use. I can check whether they allow signing and make a guide is possible.

[Celendion]

hi shorena,Can you help me restore my account has been stolen ?
name: Altynbekova
btc address: 16DGWwDyKcd4jsig7ehvTkeLmVTmebduAy
email: lalurizkirno@gmail.com
and everything has been replaced.

No, only admins can do that. They usually require a signed message though. If the guides above are not helping, let me know which wallet software/service you use. I can check whether they allow signing and make a guide is possible.

no signed message, its addres on yobit

[shorena]

hi shorena,Can you help me restore my account has been stolen ?
name: Altynbekova
btc address: 16DGWwDyKcd4jsig7ehvTkeLmVTmebduAy
email: lalurizkirno@gmail.com
and everything has been replaced.

No, only admins can do that. They usually require a signed message though. If the guides above are not helping, let me know which wallet software/service you use. I can check whether they allow signing and make a guide is possible.

no signed message, its addres on yobit

Sorry, that means admins will probably not restore your account.