[BOUNTY: 2.0 BTC] [CLAIMED] Message Signing in Armory

CircusPeanut

full member

Activity: 123

Merit: 100

Found a bug in the FormatText() method. Easy fix:

This line:

Code:

while len(l) and l[len(l)-1] in [' ', '\t', chr(9)]:

Should include '\r':

Code:

while len(l) and l[len(l)-1] in [' ', '\r', '\t', chr(9)]:

Without this it fails to strip spaces from the ends of lines terminated with '\r\n'

CircusPeanut

full member

Activity: 123

Merit: 100

Excellent! Thanks for the confirmation. That's what I ended up doing. Now I can be sure that's the correct solution.

jackjack

legendary

Activity: 1176

Merit: 1260

May Bitcoin be touched by his Noodly Appendage

Quote from: CircusPeanut on March 06, 2014, 03:56:46 PM

JackJack,

I'm reviewing the dash-escape code in jasvet.py, and I'm unsure whether the code in FormatText() follows rfc2440 exactly:

Quote

Dash escaped cleartext is the ordinary cleartext where every line
starting with a dash '-' (0x2D) is prefixed by the sequence dash '-'
(0x2D) and space ' ' (0x20).

The I way interpret this is that ".../n/r-some text..." would be displayed as ".../n/r- -some text..." but FormatText() returns ".../n/r- some text...".

The latter seems better because it's one character closer to the original and achieves the same purpose.

However, I'm concerned that someone might used Armory to verify a message that is cleartext signed by a different application and yield an incorrect response.

Do you think that this is a valid concern? Do you know of any other rfc2440 implementations that indicate which way is correct?

Indeed it seems I understood that the wrong way

I thought the '-' of the line was not part of the prefixed thing, I didn't find any examples of implementations but the rfc is clear enough:

Quote

every line starting with a dash is prefixed

That means the dash is actually part of what is prefixed

Thank you for bringing this to my attention
I'll fix that soon, in the mean time you just have to replace line 506:
from

Quote

l='- '+l[1:]

to

Quote

l='- '+l

CircusPeanut

full member

Activity: 123

Merit: 100

JackJack,

I'm reviewing the dash-escape code in jasvet.py, and I'm unsure whether the code in FormatText() follows rfc2440 exactly:

Quote

Dash escaped cleartext is the ordinary cleartext where every line
starting with a dash '-' (0x2D) is prefixed by the sequence dash '-'
(0x2D) and space ' ' (0x20).

The I way interpret this is that ".../n/r-some text..." would be displayed as ".../n/r- -some text..." but FormatText() returns ".../n/r- some text...".

The latter seems better because it's one character closer to the original and achieves the same purpose.

However, I'm concerned that someone might used Armory to verify a message that is cleartext signed by a different application and yield an incorrect response.

Do you think that this is a valid concern? Do you know of any other rfc2440 implementations that indicate which way is correct?

CircusPeanut

full member

Activity: 123

Merit: 100

Thanks. Just pulled it. I'm sure something else will break before this reaches it's limit.

jackjack

legendary

Activity: 1176

Merit: 1260

May Bitcoin be touched by his Noodly Appendage

The new version is online, I tested only with a message of 400 characters but it should be ok

You're not duplicating anything (sadly)
I think the readme is clear enough but tell me if you have trouble parsing things

CircusPeanut

full member

Activity: 123

Merit: 100

That's great, and thanks for the speedy response.

Also, I am parsing out the signature and message from the ASv1B64 and ASv1CS outputs to pass into verifySignature. Please let me know if that is included in the latest version. No problem if it's not, I just don't want to duplicate any of your code.

jackjack

legendary

Activity: 1176

Merit: 1260

May Bitcoin be touched by his Noodly Appendage

I thought I fixed that before releasing the code!
Sorry for that, I'll push an update in the following minutes

CircusPeanut

full member

Activity: 123

Merit: 100

JackJack,

I am integrating the message signing code you provided into Armory. I am looking at this function:

Code:

def format_msg_to_sign(msg):
return "\x18Bitcoin Signed Message:\n"+chr(len(msg))+msg #todo: check 18

It seems to limit the length of the message to 255 characters.

Can we do longer messages using a var int? Is 255 the intended limit?

Ente

legendary

Activity: 2126

Merit: 1001

Quote from: Ente on September 17, 2013, 06:34:21 PM

All right, now I'm totally lost.

I used as a privkey:

Quote

5JVNazqC4JucAHUeRLhcqrbGFAro2CySd2ptDaDnPe18G9tmuAs

Message:

Quote

Hello world!

And got as a signature from jasvet.py:

Quote

IHBIv6b+gp+aX1FSQ9vOGfjbh6svVfRzLq2NBlwSu6xQE7sq2cWBQnbRwkOL64IkJguDELeh9nGXKmlHxFgKJiI=

Now comes the funny part:
Both http://brainwallet.org/#verify and bitcoin-qt do verify the signature, but only to the adress

Quote

1N8UThyPpVz8DuZLNx4KbX9rqQhFAFfGRE

The proper pubkeys to the given privkey should be:
uncompressed:
1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz
compressed:
1D6eGU1hudNTkg5eaqYHxgM3NYCbq6MJoy

What the heck is this mystery adress?

As reference, from http://brainwallet.org/#sign I got

Quote

HMkg8LsNsYAC/oTEbgaBZy6kLNjLPSz1cZbCcqlFAL6GqdxRGR2LEg6PofSnpkFVlJTPqFS0amps9t55WBcToNo=

and from bitcoin-qt

Quote

HPM/8W8EhvKMrBfY0X9TrHx8UJQNTl1XBrzH/63jZSoc4tByiOr5U9wkn4KJ8cWKDjF9PJFRl/Kb121OqOq0jQQ=

as signatures, which both are verified valid by the respective other as coming from 1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz, the uncompressed adress.

Is there a different way to do this (signing a text with the privkey, being able to verify it with the pubkey) resulting in an even shorter signature? Doesn't have to be Bitcoin-related at all. Some recognized standard would be nice, so I don't have to print the sourcecode to the backside ;-)

Ente

Bump.
Did anyone observe similar symptoms?

Ente

Swimmer63

legendary

Activity: 1593

Merit: 1004

Quote from: LogicalUnit on September 25, 2013, 12:15:45 AM

Quote from: etotheipi on September 24, 2013, 11:38:28 AM

If you want to still use it: click the address book icon above the message box in the bottom left. Select the address you want. Put your message in the box. Then click "Sign" and type in your passphrase when it asks. Once the signature is present, you can click "Copy Signature Block." You can immediately "Import Signature Block" to test it.

As I said, it's not really made to be used, right now. But the next version will have it.

It's simply not asking me for my passphrase when I click "Sign Message". It either crashes or fails to create a signature Sad

Me too. Really disappointed I'll have to go back to Qt. I really like Armory's layout and all. Feel better about it's security. But I have to have signed messages. Many transactions demand it.

LogicalUnit

sr. member

Activity: 299

Merit: 250

Quote from: etotheipi on September 24, 2013, 11:38:28 AM

If you want to still use it: click the address book icon above the message box in the bottom left. Select the address you want. Put your message in the box. Then click "Sign" and type in your passphrase when it asks. Once the signature is present, you can click "Copy Signature Block." You can immediately "Import Signature Block" to test it.

As I said, it's not really made to be used, right now. But the next version will have it.

It's simply not asking me for my passphrase when I click "Sign Message". It either crashes or fails to create a signature Sad

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

Quote from: LogicalUnit on September 24, 2013, 02:45:30 AM

Can someone please explain to me the procedure for signing messages in Armory? I simply can't seem to generate a signed message block using the method described here: https://bitcointalksearch.org/topic/signing-messages-in-armory-252848

It's crappy. It was originally a key calculator, with signing as an after-thought. When it turned out that so few people found it useful (since it wasn't compatible) I stopped doing anythign on it until I had a chance to upgrade it to a compatible one (and isolate message signing from the other stuff).

If you want to still use it: click the address book icon above the message box in the bottom left. Select the address you want. Put your message in the box. Then click "Sign" and type in your passphrase when it asks. Once the signature is present, you can click "Copy Signature Block." You can immediately "Import Signature Block" to test it.

As I said, it's not really made to be used, right now. But the next version will have it.

LogicalUnit

sr. member

Activity: 299

Merit: 250

Can someone please explain to me the procedure for signing messages in Armory? I simply can't seem to generate a signed message block using the method described here: https://bitcointalksearch.org/topic/signing-messages-in-armory-252848

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

That is the intention. Unless I misunderstood you. The goal isn't "This message has a valid signature!" It's "This message has a valid signature from address 1xyZaQb". Or rather: "This message has been signed by the same person who sent you 42.83 BTC yesterday." If you have previously transacted with someone, then you know what address you're looking for. I agree, it's easy to be misused/misunderstood by people who don't understand what they're doing, but that also doesn't mean it's useless.

The use cases I imagined were anonymous, paid services. You can use signed messages from the funding address to authorize requests to your account with that service. They don't care who you are, they only care that the same person that funded that account is signing the message.

Am I missing something?

gmaxwell

staff

Activity: 4242

Merit: 8672

Quote from: etotheipi on May 11, 2013, 02:30:11 PM

The user should have no idea what's in it until they copy it into their wallet and it will spit out the message only if the signature is valid. This is considered ideal since users have a tendency to only look for the message header and trust it without checking. This way, they can't get the message unless they also check the signature.

uh. You realize you can't have what you want here without building a PKI, right? I mean, you can make them push a button, but all signatures will pass (except where the attacker is incompetent).

The way signmessage was designed in Bitcoin you have to provide both the message you expect to be signed and the address you expect to have signed it... so that the validation passing isn't just tautological— a ritual that just fulfills itself and always returns true—, but actually means indicates that the user's inputs were consistent.

It helps if you actually understand the use-case for signmessage in Bitcoin-QT: It's used as an authentication mechanism for services which are address based, e.g. for changing configurations settings on the eligius pool, and it was informed by a number of security exploits against openpgp based systems (e.g. some of the ripe address record databases) which allowed any user to impersonate any other user because gpg --validate would pass on all of them, but there was no way to tell it what user was actually required, so any in your keyring would pass.

Ente

legendary

Activity: 2126

Merit: 1001

All right, now I'm totally lost.

I used as a privkey:

Quote

5JVNazqC4JucAHUeRLhcqrbGFAro2CySd2ptDaDnPe18G9tmuAs

Message:

Quote

Hello world!

And got as a signature from jasvet.py:

Quote

IHBIv6b+gp+aX1FSQ9vOGfjbh6svVfRzLq2NBlwSu6xQE7sq2cWBQnbRwkOL64IkJguDELeh9nGXKmlHxFgKJiI=

Now comes the funny part:
Both http://brainwallet.org/#verify and bitcoin-qt do verify the signature, but only to the adress

Quote

1N8UThyPpVz8DuZLNx4KbX9rqQhFAFfGRE

The proper pubkeys to the given privkey should be:
uncompressed:
1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz
compressed:
1D6eGU1hudNTkg5eaqYHxgM3NYCbq6MJoy

What the heck is this mystery adress?

As reference, from http://brainwallet.org/#sign I got

Quote

HMkg8LsNsYAC/oTEbgaBZy6kLNjLPSz1cZbCcqlFAL6GqdxRGR2LEg6PofSnpkFVlJTPqFS0amps9t55WBcToNo=

and from bitcoin-qt

Quote

HPM/8W8EhvKMrBfY0X9TrHx8UJQNTl1XBrzH/63jZSoc4tByiOr5U9wkn4KJ8cWKDjF9PJFRl/Kb121OqOq0jQQ=

as signatures, which both are verified valid by the respective other as coming from 1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz, the uncompressed adress.

Is there a different way to do this (signing a text with the privkey, being able to verify it with the pubkey) resulting in an even shorter signature? Doesn't have to be Bitcoin-related at all. Some recognized standard would be nice, so I don't have to print the sourcecode to the backside ;-)

Ente

Ente

legendary

Activity: 2126

Merit: 1001

Quote from: jackjack on September 17, 2013, 12:47:58 PM

Signatures aren't unique

OH! Of course, without ever thinking about it, I assumed those signatures would be unique! Maybe like a hash with several inputs, one being the privkey and the other being the text.

All right, but even when several different signatures verify "true" to the same adress and text, they all should verify.
I can't figure how to verify

Quote

{'b64-signature': 'ICJNavINw/4nHQId8M6AZ+IyyugUSwdp0RcVbUH+jknO5liYIiv5LolCFOZZSSTOySYasEL8f/hak6poxgB+DmI=', 'message': 'Hello world!', 'signature': ' "Mj\xf2\r\xc3\xfe\'\x1d\x02\x1d\xf0\xce\x80g\xe22\xca\xe8\x14K\x07i\xd1\x17\x15mA\xfe\x8eI\xce\xe6X\

on http://brainwallet.org/#verify

Privkey:

Quote

5KWLD8VF29WR36qR2YM3wWLDuePHJAP4YKgCMcfvNN7TTxSFgFx

Text:

Quote

Hello world!

Pubkey:

Quote

1PRPcHe3fFGjLmaGWFbQ92FtjKuSoUgcyz

I'll dig out bitcoin-qt in a minute, and try to get some result which two out of the three agree upon ;-)

/edit:

Aww man, of course now it works!

Quote

ICJNavINw/4nHQId8M6AZ+IyyugUSwdp0RcVbUH+jknO5liYIiv5LolCFOZZSSTOySYasEL8f/hak6poxgB+DmI=

Quote

Hello world!

Verifies to

Quote

16RiJy3VBjf4bQJiF5UL887pggK1RasMn8

Thank you, jackjack, for the script! Will have some fun with it now! :-)

Ente

jackjack

legendary

Activity: 1176

Merit: 1260

May Bitcoin be touched by his Noodly Appendage

Signatures aren't unique

Ente

legendary

Activity: 2126

Merit: 1001

I just played a bit with jasvet.py, thank you both, jackjack and Alan.

I try to sign one same message with several addresses. The signature should be somewhat futureproof and "official"
(Like, legally proving the ownership of several addresses).
A short signature is a plus, to be able to queeze more onto one piece of paper.

So, I figured I'll go with the bitcoin-qt v0 method for this.

Adding this to the script:

Code:

def DecodeBase58Check(sec):
vchRet = b58decode(sec, None)
secret = vchRet[0:-4]
csum = vchRet[-4:]
hash = Hash(secret)
cs32 = hash[0:4]
if cs32 != csum:
return None
else:
return secret

#==============================================

pvk1=DecodeBase58Check("5KWLD8VF29WR36qR2YM3wWLDuePHJAP4YKgCMcfvNN7TTxSFgFx")
text1='Hello world!'
FTVerbose=True
sv0=ASv0(pvk1, text1)
print sv0

jasvet.py says:

Quote

{'b64-signature': 'ICJNavINw/4nHQId8M6AZ+IyyugUSwdp0RcVbUH+jknO5liYIiv5LolCFOZZSSTOySYasEL8f/hak6poxgB+DmI=', 'message': 'Hello world!', 'signature': ' "Mj\xf2\r\xc3\xfe\'\x1d\x02\x1d\xf0\xce\x80g\xe22\xca\xe8\x14K\x07i\xd1\x17\x15mA\xfe\x8eI\xce\xe6X\

It seems I got something wrong, or need to convert the output or the like.

http://brainwallet.org/#sign says:

Privkey:

Quote

5KWLD8VF29WR36qR2YM3wWLDuePHJAP4YKgCMcfvNN7TTxSFgFx

Text:

Quote

Hello world!

Signature:

Quote

G+xTV1JL0C3eAtIPQwOETWwKYCALDR2Px0u1S/4CXl1lKhM/0mFEsuYH2BVMlPe/FvJFJmuFue2TfWW8OgacBVo=

Ah, it's no fun to be a noob, I can tell ya! Cheesy

Ente

Topic: [BOUNTY: 2.0 BTC] [CLAIMED] Message Signing in Armory (Read 7978 times)