How to sign a message?!

[vincent440]

Awesome thread, very useful and complete tutorial 
I need to study hard

[shorena]

-snip-
May be the right word is "delete" and not "close" https://bitcointalk.org/index.php?topic=1029071.msg11126810#msg11126810 and somewhere else now I can't remember.

Yes, I remembered the post as well. Whether or not its possible depends on the wallet you currently use. The newer versions of blockchain.info no longer allow you to export private keys individually and getting the seed in a way that other wallets understand it seems to be complex at least. You can still maintain the blockchain.info wallet if you no longer use it to receive bitcoin though. Its perfectly fine to use several wallets for different reasons or just to keep your funds separated.

Awesome thread, very useful and complete tutorial
I need to study hard

You didnt read it, did you? I recently added a sentence for people like you.

[sportis]

-snip-
May be the right word is "delete" and not "close" https://bitcointalk.org/index.php?topic=1029071.msg11126810#msg11126810 and somewhere else now I can't remember.

Yes, I remembered the post as well. Whether or not its possible depends on the wallet you currently use. The newer versions of blockchain.info no longer allow you to export private keys individually and getting the seed in a way that other wallets understand it seems to be complex at least. You can still maintain the blockchain.info wallet if you no longer use it to receive bitcoin though. Its perfectly fine to use several wallets for different reasons or just to keep your funds separated.

Thank you shorena. Concerning the blockchain.info wallet I found a solution a month ago when I read a thread of the forum with a link about BIP39 Mnemonic Code Converter where I put the passphrase and public keys with their private keys appeared in the screen. So I solved this issue. I asked about how to reuse an address because I don't want the mess. For example, a web wallet, a desktop wallet, a hardware wallet so many passwords and mnemonic codes. Furthermore I want to retain some addresses from previous wallets like the one I have in my profile. Thanks to longbob72 the answer was really simple to follow.

[shorena]

-snip-
May be the right word is "delete" and not "close" https://bitcointalk.org/index.php?topic=1029071.msg11126810#msg11126810 and somewhere else now I can't remember.

Yes, I remembered the post as well. Whether or not its possible depends on the wallet you currently use. The newer versions of blockchain.info no longer allow you to export private keys individually and getting the seed in a way that other wallets understand it seems to be complex at least. You can still maintain the blockchain.info wallet if you no longer use it to receive bitcoin though. Its perfectly fine to use several wallets for different reasons or just to keep your funds separated.

Thank you shorena. Concerning the blockchain.info wallet I found a solution a month ago when I read a thread of the forum with a link about BIP39 Mnemonic Code Converter where I put the passphrase and public keys with their private keys appeared in the screen. So I solved this issue. I asked about how to reuse an address because I don't want the mess. For example, a web wallet, a desktop wallet, a hardware wallet so many passwords and mnemonic codes. Furthermore I want to retain some addresses from previous wallets like the one I have in my profile. Thanks to longbob72 the answer was really simple to follow.

If you spend funds received on an address you have in multiple wallets, you should always make sure the wallets are properly synced before creating another transaction. Besides that I dont think its a problem. In regards to security you have more points that can be attacked, but as long as each is defended well (random, 16+ alphanumerical or 6+ words[1] passwords) it should not give an attacker an advantage. 3 doors one can not crack are not better than one door one can not crack.

Didnt know about the converter[1], Ill have a look at it. Thanks.

[1] e.g. using the eff wordlists https://www.eff.org/de/deeplinks/2016/07/new-wordlists-random-passphrases or one of the electrum ones
[2] I assume this one https://iancoleman.github.io/bip39/

[sportis]

-snip-
May be the right word is "delete" and not "close" https://bitcointalk.org/index.php?topic=1029071.msg11126810#msg11126810 and somewhere else now I can't remember.

Yes, I remembered the post as well. Whether or not its possible depends on the wallet you currently use. The newer versions of blockchain.info no longer allow you to export private keys individually and getting the seed in a way that other wallets understand it seems to be complex at least. You can still maintain the blockchain.info wallet if you no longer use it to receive bitcoin though. Its perfectly fine to use several wallets for different reasons or just to keep your funds separated.

Thank you shorena. Concerning the blockchain.info wallet I found a solution a month ago when I read a thread of the forum with a link about BIP39 Mnemonic Code Converter where I put the passphrase and public keys with their private keys appeared in the screen. So I solved this issue. I asked about how to reuse an address because I don't want the mess. For example, a web wallet, a desktop wallet, a hardware wallet so many passwords and mnemonic codes. Furthermore I want to retain some addresses from previous wallets like the one I have in my profile. Thanks to longbob72 the answer was really simple to follow.

If you spend funds received on an address you have in multiple wallets, you should always make sure the wallets are properly synced before creating another transaction. Besides that I dont think its a problem. In regards to security you have more points that can be attacked, but as long as each is defended well (random, 16+ alphanumerical or 6+ words[1] passwords) it should not give an attacker an advantage. 3 doors one can not crack are not better than one door one can not crack.

Didnt know about the converter[1], Ill have a look at it. Thanks.

[1] e.g. using the eff wordlists https://www.eff.org/de/deeplinks/2016/07/new-wordlists-random-passphrases or one of the electrum ones
[2] I assume this one https://iancoleman.github.io/bip39/

You have right. It's [2] link. With this you wrote "...received on an address you have in multiple wallets..." is complicated enough for me with the knowledge I have at this moment. My issue is that I want to change wallet from web wallet (blockchain.info) to a desktop one (electrum or multibit) but I want one public address from web wallet to be appeared only in my new desktop wallet. So I think to apply the following steps and I would ask you to confirm if these and their chronological order are right or not:

1. Install the desktop wallet (electrum or multibit).
2. Spend all the funds from web wallet to desktop wallet (I don't care the network address).
3. Assume that I want to "transfer" network address: 1NPr3........ from Blockchain.info wallet to Electrum or multibit and I know its private key.
4. I sweep (importing private key), even though there are no funds [spend on step 1.] to Electrum or multibit wallet.
5. I check that address 1NPr3........ appears in Electrum or multibit.
6. I delete address 1NPr3........ from Blockchain.info ( It's complicated for me to check if wallets are synced).
7. This address appears ONLY in my new desktop wallet

Thank you in advance for your time you explain to me.

[shorena]

-snip-
You have right. It's [2] link. With this you wrote "...received on an address you have in multiple wallets..." is complicated enough for me with the knowledge I have at this moment. My issue is that I want to change wallet from web wallet (blockchain.info) to a desktop one (electrum or multibit) but I want one public address from web wallet to be appeared only in my new desktop wallet. So I think to apply the following steps and I would ask you to confirm if these and their chronological order are right or not:

1. Install the desktop wallet (electrum or multibit).

Multibit Classic allows you to import private keys, but its no longer maintained besides critical bugs. Multibit HD does not allow you to import private keys. Youd have to go with electrum.

2. Spend all the funds from web wallet to desktop wallet (I don't care the network address).
3. Assume that I want to "transfer" network address: 1NPr3........ from Blockchain.info wallet to Electrum or multibit and I know its private key.
4. I sweep (importing private key), even though there are no funds [spend on step 1.] to Electrum or multibit wallet.

No, sweep just moves the funds (if any) it does not add the private key into the wallet. Electrum forces you to do this in a different wallet file, to make it obvious that its not covered by the seed. You can have two wallets open at the same time though.

5. I check that address 1NPr3........ appears in Electrum or multibit.
6. I delete address 1NPr3........ from Blockchain.info ( It's complicated for me to check if wallets are synced).
7. This address appears ONLY in my new desktop wallet

Thank you in advance for your time you explain to me.

Id skip step 6, as long as you no longer use the bc.i wallet it should not matter anyway. If you dont delete it, you can think of it as a kind of backup.

[sportis]

-snip-
You have right. It's [2] link. With this you wrote "...received on an address you have in multiple wallets..." is complicated enough for me with the knowledge I have at this moment. My issue is that I want to change wallet from web wallet (blockchain.info) to a desktop one (electrum or multibit) but I want one public address from web wallet to be appeared only in my new desktop wallet. So I think to apply the following steps and I would ask you to confirm if these and their chronological order are right or not:

1. Install the desktop wallet (electrum or multibit).

Multibit Classic allows you to import private keys, but its no longer maintained besides critical bugs. Multibit HD does not allow you to import private keys. Youd have to go with electrum.

2. Spend all the funds from web wallet to desktop wallet (I don't care the network address).
3. Assume that I want to "transfer" network address: 1NPr3........ from Blockchain.info wallet to Electrum or multibit and I know its private key.
4. I sweep (importing private key), even though there are no funds [spend on step 1.] to Electrum or multibit wallet.

No, sweep just moves the funds (if any) it does not add the private key into the wallet. Electrum forces you to do this in a different wallet file, to make it obvious that its not covered by the seed. You can have two wallets open at the same time though.

5. I check that address 1NPr3........ appears in Electrum or multibit.
6. I delete address 1NPr3........ from Blockchain.info ( It's complicated for me to check if wallets are synced).
7. This address appears ONLY in my new desktop wallet

Thank you in advance for your time you explain to me.

Id skip step 6, as long as you no longer use the bc.i wallet it should not matter anyway. If you dont delete it, you can think of it as a kind of backup.

Ok. I didn't imagine but is logical because first creates the seed and after you import an address. Even though there is no protection, in case my computer or HD crashes, covered by the seed for this particular address I will keep blockchain.info wallet as backup. My wish to change wallet begun because of bc.i removed the facility in newer versions to sign a message.

[0x0010]

-----BEGIN BITCOIN SIGNED MESSAGE-
---Address---
1BcBpd8weYM6Ue2X4KpJw8CwRYnSf74rU1
---Message---
Great effort put into the post.
---Signature---
IBZqdzaem4aG17sYEirjkvKQRvbC6EOs8KwIS8RmAqcBSIw3imbeZ8gkiubfoVoMUPovoN8SYFK8/ZktXOxdaCE=
-----END BITCOIN SIGNED MESSAGE-----

Even though I know how to sign a message I had to post this. Must have taken a hell of a long time to do everything. Thanks for the share, here's an extra bump :d

[shorena]

-----BEGIN BITCOIN SIGNED MESSAGE-
---Address---
1BcBpd8weYM6Ue2X4KpJw8CwRYnSf74rU1
---Message---
Great effort put into the post.
---Signature---
IBZqdzaem4aG17sYEirjkvKQRvbC6EOs8KwIS8RmAqcBSIw3imbeZ8gkiubfoVoMUPovoN8SYFK8/ZktXOxdaCE=
-----END BITCOIN SIGNED MESSAGE-----

Even though I know how to sign a message I had to post this. Must have taken a hell of a long time to do everything. Thanks for the share, here's an extra bump :d

<3 thanks for reading it, the message verified just fine.

[nrm4bits]

is this ok?

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is nrm4bits from bitcointalk.org and today is December 26th, 2016 and i posted this in the trhead https://bitcointalk.org/index.php?topic=990345.0 and this is my first try of signing a message
-----BEGIN SIGNATURE-----
1Ja7PcNAQPQrFHEPyHvP7WRsqQcds3Na7t
H+IBSvjfb6o/xV91wNKOLczBLMHDzwVa159FJ4qhLsoOdNRDrAYl/Gd0cd1BIser0IkYZvHQGLjDTg/7BZhSJbo=
-----END BITCOIN SIGNED MESSAGE-----

edited:
added the tag code

[shorena]

is this ok?

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is nrm4bits from bitcointalk.org and today is December 26th, 2016 and i posted this in the trhead https://bitcointalk.org/index.php?topic=990345.0 and this is my first try of signing a message
-----BEGIN SIGNATURE-----
1Ja7PcNAQPQrFHEPyHvP7WRsqQcds3Na7t
H+IBSvjfb6o/xV91wNKOLczBLMHDzwVa159FJ4qhLsoOdNRDrAYl/Gd0cd1BIser0IkYZvHQGLjDTg/7BZhSJbo=
-----END BITCOIN SIGNED MESSAGE-----

edited:
added the tag code

Yes, I could verify the message.

[stepwilli]

One noob question :
Signing a message is possible even offline.
Does it mean, it is not being stored in blockchain then how it is universally verifiable at any time from anywhere ?

[0x0010]

One noob question :
Signing a message is possible even offline.
Does it mean, it is not being stored in blockchain then how it is universally verifiable at any time from anywhere ?

It isn't benign stored in the Blockchain due to the fact that it doesn't need to be. It can all be done locally if you know how.

Read this: https://bitcoinmagazine.com/articles/bitcoin-address-sign-1399914228

Code:

A bitcoin address is in fact the hash of a ECDSA public key

And read up on public key cryptography.

[shorena]

One noob question :
Signing a message is possible even offline.
Does it mean, it is not being stored in blockchain then how it is universally verifiable at any time from anywhere ?

Yes, the blockchain mainly stores (different types of) transactions. Signed messages are similar to signed transactions as both are signed with a private key. A signature and the data it signed can be verified with the public key. When signing a message the signature code includes this public key. Thus with a valid signature you give the other person all data they need to verify its legitimacy, no other sources like the blockchain required. Its possible to do this over any kind of data structure and you could use a transaction to store a signed message on the blockchain. It would not give you a significant advantage over other data storage methods (e.g. this forum), besides that it would be very difficult to delete.

[eli113]

for starters thank you very much for this awesome guide here.
It proves to me you are a person who cares/loves BTC ecosystem and the forum community  

my mind running wild for decades ,and i love to provide ideas and problem solutions
this time for some days i try to find a decentralized 2FA-like procedure
it is a little brick from a bigger project/vision , nvm , here is the question :

anyone can get a new bitcoin address , no need to register any private data/mail etc for that.
in this thread i see you supplied ways to sign and verify messages for that bitcoin address.
many people are concerned about their privacy , and many well established bitcoin sites
asking too much private data already . some months now a new trend came in haste 2FA
the mainstream applications to 2FA so far are big well established companies like Google etc.
such huge companies not care much for freedom of money or privacy for users.

example: i have account nicknamed Me322 at xxx66xxx.ccc site with a password *****
i make a new bitcoin address 1bn... and i sign a message sent to the site as 2FA reference
when me or the site needs to check through 2FA i simply reply signing a new message

register 2fa //signed message from add xxx blah blah//
sign-in with 2fa //signed message : blah blah ... //

question i have for you is : did i miss something or did you see security flaws or ...   potential ?

Have a nice day and thanks in advance - Elias C.

 

[Okurkabinladin]

Shorena,

this is all really helpful. Kudos for making rather complex procedure as simple and idiot proof as humanly possible. You are making this forum a better place. Thank you.

[xxjumperxx]

Thanks for the insight.
I was just browsing the forums here, checking out the lending forum and saw some people talk about signed messages...
I looked around until I found this thread...
Very nice tutorial with pictures and such.

Appreciate it.

[shorena]

-snip-
register 2fa //signed message from add xxx blah blah//
sign-in with 2fa //signed message : blah blah ... //

question i have for you is : did i miss something or did you see security flaws or ...   potential ?

Have a nice day and thanks in advance - Elias C.

Sounds like how SSH does auth by keys instead of passwords. The server sends a challenge and only the person with the correct private key can reply with the correct answer. Signed messages can be used similarly I think. You have to make sure the message has some properties though. It might be a good idea to look actually look into common SSH implementations for this. They support ECDSA curves for this, so you might simply adapt this. It could potentially be build into future wallets.

#1 It must have a timestamp, otherwise it could be reused.
#2 It must have a validity period, otherwise it could be reused in quick succession by an attacker. The period must be long enough to make sure the user has enough time to sign, but not too long so an attacker that gets a hold of the message (e.g. 2 hours later) can reuse it. It should essentially single use, time might not be the best choice for that though. Maybe you can keep track of the messages.
#3 possibly more I missed now.

[whynotbit]

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is whynotbit from bitcointalk.org and today is 06/02/2017 at 00.10 
First ever attempt
-----BEGIN SIGNATURE-----
1LS2NtskhnjvmF6koAitAY1Dt7w5jj6Aqs
HOd1DOMkoym7DDrXISQ2Ia5fUaZEzoIT9JXgl+IQGdx2V/3Oqb/g7zODxM4LF8X0W49/shaZ52Jhmben+rjqSe8=
-----END BITCOIN SIGNED MESSAGE-----

From Electrum wallet
Someone PLeaseeee answer me ! I wanna know
Edit: Calimero style, Shorena or anybody, is my message good ?

[shorena]

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is whynotbit from bitcointalk.org and today is 06/02/2017 at 00.10 
First ever attempt
-----BEGIN SIGNATURE-----
1LS2NtskhnjvmF6koAitAY1Dt7w5jj6Aqs
HOd1DOMkoym7DDrXISQ2Ia5fUaZEzoIT9JXgl+IQGdx2V/3Oqb/g7zODxM4LF8X0W49/shaZ52Jhmben+rjqSe8=
-----END BITCOIN SIGNED MESSAGE-----

From Electrum wallet
Someone PLeaseeee answer me ! I wanna know
Edit: Calimero style, Shorena or anybody, is my message good ?

Sorry for the late reply, yes I was able to confirm it, well done.