Pages:
Author

Topic: [BOUNTY: 2.0 BTC] [CLAIMED] Message Signing in Armory (Read 8004 times)

full member
Activity: 123
Merit: 100
Found a bug in the FormatText() method. Easy fix:

This line:

Code:
      while len(l) and l[len(l)-1] in [' ', '\t', chr(9)]:

Should include '\r':

Code:
      while len(l) and l[len(l)-1] in [' ', '\r', '\t', chr(9)]:

Without this it fails to strip spaces from the ends of lines terminated with '\r\n'
full member
Activity: 123
Merit: 100
Excellent! Thanks for the confirmation. That's what I ended up doing. Now I can be sure that's the correct solution.
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
JackJack,


I'm reviewing the dash-escape code in jasvet.py, and I'm unsure whether the code in FormatText() follows rfc2440 exactly:

Quote
Dash escaped cleartext is the ordinary cleartext where every line
starting with a dash '-' (0x2D) is prefixed by the sequence dash '-'
(0x2D) and space ' ' (0x20).

The I way interpret this is that ".../n/r-some text..." would be displayed as ".../n/r- -some text..." but FormatText() returns ".../n/r- some text...".

The latter seems better because it's one character closer to the original and achieves the same purpose.

However, I'm concerned that someone might used Armory to verify a message that is cleartext signed by a different application and yield an incorrect response.

Do you think that this is a valid concern? Do you know of any other rfc2440 implementations that indicate which way is correct?
Indeed it seems I understood that the wrong way

I thought the '-' of the line was not part of the prefixed thing, I didn't find any examples of implementations but the rfc is clear enough:
Quote
every line starting with a dash is prefixed
That means the dash is actually part of what is prefixed

Thank you for bringing this to my attention
I'll fix that soon, in the mean time you just have to replace line 506:
from
Quote
l='- '+l[1:]
to
Quote
l='- '+l
full member
Activity: 123
Merit: 100
JackJack,


I'm reviewing the dash-escape code in jasvet.py, and I'm unsure whether the code in FormatText() follows rfc2440 exactly:

Quote
Dash escaped cleartext is the ordinary cleartext where every line
starting with a dash '-' (0x2D) is prefixed by the sequence dash '-'
(0x2D) and space ' ' (0x20).

The I way interpret this is that ".../n/r-some text..." would be displayed as ".../n/r- -some text..." but FormatText() returns ".../n/r- some text...".

The latter seems better because it's one character closer to the original and achieves the same purpose.

However, I'm concerned that someone might used Armory to verify a message that is cleartext signed by a different application and yield an incorrect response.

Do you think that this is a valid concern? Do you know of any other rfc2440 implementations that indicate which way is correct?
full member
Activity: 123
Merit: 100
Thanks. Just pulled it. I'm sure something else will break before this reaches it's limit.
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
The new version is online, I tested only with a message of 400 characters but it should be ok

You're not duplicating anything (sadly)
I think the readme is clear enough but tell me if you have trouble parsing things
full member
Activity: 123
Merit: 100
That's great, and thanks for the speedy response.

Also, I am parsing out the signature and message from the ASv1B64 and ASv1CS outputs to pass into verifySignature. Please let me know if that is included in the latest version. No problem if it's not, I just don't want to duplicate any of your code.
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
I thought I fixed that before releasing the code!
Sorry for that, I'll push an update in the following minutes
full member
Activity: 123
Merit: 100
JackJack,

I am integrating the message signing code you provided into Armory. I am looking at this function:

Code:
def format_msg_to_sign(msg):
   return "\x18Bitcoin Signed Message:\n"+chr(len(msg))+msg  #todo: check 18

It seems to limit the length of the message to 255 characters.

Can we do longer messages using a var int? Is 255 the intended limit?
legendary
Activity: 2126
Merit: 1001
All right, now I'm totally lost.

I used as a privkey:
Quote
5JVNazqC4JucAHUeRLhcqrbGFAro2CySd2ptDaDnPe18G9tmuAs

Message:
Quote
Hello world!

And got as a signature from jasvet.py:
Quote
IHBIv6b+gp+aX1FSQ9vOGfjbh6svVfRzLq2NBlwSu6xQE7sq2cWBQnbRwkOL64IkJguDELeh9nGXKmlHxFgKJiI=

Now comes the funny part:
Both http://brainwallet.org/#verify and bitcoin-qt do verify the signature, but only to the adress
Quote
1N8UThyPpVz8DuZLNx4KbX9rqQhFAFfGRE

The proper pubkeys to the given privkey should be:
uncompressed:
1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz
compressed:
1D6eGU1hudNTkg5eaqYHxgM3NYCbq6MJoy

What the heck is this mystery adress?

As reference, from http://brainwallet.org/#sign I got
Quote
HMkg8LsNsYAC/oTEbgaBZy6kLNjLPSz1cZbCcqlFAL6GqdxRGR2LEg6PofSnpkFVlJTPqFS0amps9t55WBcToNo=
and from bitcoin-qt
Quote
HPM/8W8EhvKMrBfY0X9TrHx8UJQNTl1XBrzH/63jZSoc4tByiOr5U9wkn4KJ8cWKDjF9PJFRl/Kb121OqOq0jQQ=
as signatures, which both are verified valid by the respective other as coming from 1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz, the uncompressed adress.


Is there a different way to do this (signing a text with the privkey, being able to verify it with the pubkey) resulting in an even shorter signature? Doesn't have to be Bitcoin-related at all. Some recognized standard would be nice, so I don't have to print the sourcecode to the backside ;-)

Ente

Bump.
Did anyone observe similar symptoms?

Ente
legendary
Activity: 1593
Merit: 1004
If you want to still use it:  click the address book icon above the message box in the bottom left.  Select the address you want.  Put your message in the box.  Then click "Sign" and type in your passphrase when it asks.  Once the signature is present, you can click "Copy Signature Block."   You can immediately "Import Signature Block" to test it. 

As I said, it's not really made to be used, right now.  But the next version will have it.

It's simply not asking me for my passphrase when I click "Sign Message". It either crashes or fails to create a signature Sad

Me too.  Really disappointed I'll have to go back to Qt.  I really like Armory's layout and all.  Feel better about it's security.  But I have to have signed messages.  Many transactions demand it.
sr. member
Activity: 299
Merit: 250
If you want to still use it:  click the address book icon above the message box in the bottom left.  Select the address you want.  Put your message in the box.  Then click "Sign" and type in your passphrase when it asks.  Once the signature is present, you can click "Copy Signature Block."   You can immediately "Import Signature Block" to test it. 

As I said, it's not really made to be used, right now.  But the next version will have it.

It's simply not asking me for my passphrase when I click "Sign Message". It either crashes or fails to create a signature Sad
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
Can someone please explain to me the procedure for signing messages in Armory? I simply can't seem to generate a signed message block using the method described here: https://bitcointalksearch.org/topic/signing-messages-in-armory-252848

It's crappy.  It was originally a key calculator, with signing as an after-thought.  When it turned out that so few people found it useful (since it wasn't compatible) I stopped doing anythign on it until I had a chance to upgrade it to a compatible one (and isolate message signing from the other stuff).

If you want to still use it:  click the address book icon above the message box in the bottom left.  Select the address you want.  Put your message in the box.  Then click "Sign" and type in your passphrase when it asks.  Once the signature is present, you can click "Copy Signature Block."   You can immediately "Import Signature Block" to test it. 

As I said, it's not really made to be used, right now.  But the next version will have it.
sr. member
Activity: 299
Merit: 250
Can someone please explain to me the procedure for signing messages in Armory? I simply can't seem to generate a signed message block using the method described here: https://bitcointalksearch.org/topic/signing-messages-in-armory-252848
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
That is the intention.  Unless I misunderstood you.  The goal isn't "This message has a valid signature!"  It's "This message has a valid signature from address 1xyZaQb".  Or rather: "This message has been signed by the same person who sent you 42.83 BTC yesterday."  If you have previously transacted with someone, then you know what address you're looking for.  I agree, it's easy to be misused/misunderstood by people who don't understand what they're doing, but that also doesn't mean it's useless. 

The use cases I imagined were anonymous, paid services.  You can use signed messages from the funding address to authorize requests to your account with that service.  They don't care who you are, they only care that the same person that funded that account is signing the message.

Am I missing something? 
staff
Activity: 4284
Merit: 8808
The user should have no idea what's in it until they copy it into their wallet and it will spit out the message only if the signature is valid.  This is considered ideal since users have a tendency to only look for the message header and trust it without checking.  This way, they can't get the message unless they also check the signature.
uh. You realize you can't have what you want here without building a PKI, right?  I mean, you can make them push a button, but all signatures will pass (except where the attacker is incompetent).

The way signmessage was designed in Bitcoin you have to provide both the message you expect to be signed and the address you expect to have signed it... so that the validation passing isn't just tautological— a ritual that just fulfills itself and always returns true—, but actually means indicates that the user's inputs were consistent.

It helps if you actually understand the use-case for signmessage in Bitcoin-QT:  It's used as an authentication mechanism for services which are address based, e.g. for changing configurations settings on the eligius pool, and it was informed by a number of security exploits against openpgp based systems (e.g. some of the ripe address record databases) which allowed any user to impersonate any other user because gpg --validate would pass on all of them, but there was no way to tell it what user was actually required, so any in your keyring would pass.
legendary
Activity: 2126
Merit: 1001
All right, now I'm totally lost.

I used as a privkey:
Quote
5JVNazqC4JucAHUeRLhcqrbGFAro2CySd2ptDaDnPe18G9tmuAs

Message:
Quote
Hello world!

And got as a signature from jasvet.py:
Quote
IHBIv6b+gp+aX1FSQ9vOGfjbh6svVfRzLq2NBlwSu6xQE7sq2cWBQnbRwkOL64IkJguDELeh9nGXKmlHxFgKJiI=

Now comes the funny part:
Both http://brainwallet.org/#verify and bitcoin-qt do verify the signature, but only to the adress
Quote
1N8UThyPpVz8DuZLNx4KbX9rqQhFAFfGRE

The proper pubkeys to the given privkey should be:
uncompressed:
1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz
compressed:
1D6eGU1hudNTkg5eaqYHxgM3NYCbq6MJoy

What the heck is this mystery adress?

As reference, from http://brainwallet.org/#sign I got
Quote
HMkg8LsNsYAC/oTEbgaBZy6kLNjLPSz1cZbCcqlFAL6GqdxRGR2LEg6PofSnpkFVlJTPqFS0amps9t55WBcToNo=
and from bitcoin-qt
Quote
HPM/8W8EhvKMrBfY0X9TrHx8UJQNTl1XBrzH/63jZSoc4tByiOr5U9wkn4KJ8cWKDjF9PJFRl/Kb121OqOq0jQQ=
as signatures, which both are verified valid by the respective other as coming from 1E4PLo2YV33dkG7np78rz3aT3yTQvK7Xkz, the uncompressed adress.


Is there a different way to do this (signing a text with the privkey, being able to verify it with the pubkey) resulting in an even shorter signature? Doesn't have to be Bitcoin-related at all. Some recognized standard would be nice, so I don't have to print the sourcecode to the backside ;-)

Ente
legendary
Activity: 2126
Merit: 1001
Signatures aren't unique Smiley

OH! Of course, without ever thinking about it, I assumed those signatures would be unique! Maybe like a hash with several inputs, one being the privkey and the other being the text.

All right, but even when several different signatures verify "true" to the same adress and text, they all should verify.
I can't figure how to verify

Quote
{'b64-signature': 'ICJNavINw/4nHQId8M6AZ+IyyugUSwdp0RcVbUH+jknO5liYIiv5LolCFOZZSSTOySYasEL8f/hak6poxgB+DmI=', 'message': 'Hello world!', 'signature': ' "Mj\xf2\r\xc3\xfe\'\x1d\x02\x1d\xf0\xce\x80g\xe22\xca\xe8\x14K\x07i\xd1\x17\x15mA\xfe\x8eI\xce\xe6X\

on http://brainwallet.org/#verify

Privkey:
Quote
5KWLD8VF29WR36qR2YM3wWLDuePHJAP4YKgCMcfvNN7TTxSFgFx
Text:
Quote
Hello world!
Pubkey:
Quote
1PRPcHe3fFGjLmaGWFbQ92FtjKuSoUgcyz

I'll dig out bitcoin-qt in a minute, and try to get some result which two out of the three agree upon ;-)

/edit:

Aww man, of course now it works!
Quote
ICJNavINw/4nHQId8M6AZ+IyyugUSwdp0RcVbUH+jknO5liYIiv5LolCFOZZSSTOySYasEL8f/hak6poxgB+DmI=
Quote
Hello world!
Verifies to
Quote
16RiJy3VBjf4bQJiF5UL887pggK1RasMn8

Thank you, jackjack, for the script! Will have some fun with it now! :-)

Ente
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
Signatures aren't unique Smiley
legendary
Activity: 2126
Merit: 1001
I just played a bit with jasvet.py, thank you both, jackjack and Alan.

I try to sign one same message with several addresses. The signature should be somewhat futureproof and "official"
(Like, legally proving the ownership of several addresses).
A short signature is a plus, to be able to queeze more onto one piece of paper.

So, I figured I'll go with the bitcoin-qt v0 method for this.

Adding this to the script:
Code:
def DecodeBase58Check(sec):
vchRet = b58decode(sec, None)
secret = vchRet[0:-4]
csum = vchRet[-4:]
hash = Hash(secret)
cs32 = hash[0:4]
if cs32 != csum:
return None
else:
return secret

#==============================================

pvk1=DecodeBase58Check("5KWLD8VF29WR36qR2YM3wWLDuePHJAP4YKgCMcfvNN7TTxSFgFx")
text1='Hello world!'
FTVerbose=True
sv0=ASv0(pvk1, text1)
print sv0

jasvet.py says:
Quote
{'b64-signature': 'ICJNavINw/4nHQId8M6AZ+IyyugUSwdp0RcVbUH+jknO5liYIiv5LolCFOZZSSTOySYasEL8f/hak6poxgB+DmI=', 'message': 'Hello world!', 'signature': ' "Mj\xf2\r\xc3\xfe\'\x1d\x02\x1d\xf0\xce\x80g\xe22\xca\xe8\x14K\x07i\xd1\x17\x15mA\xfe\x8eI\xce\xe6X\

It seems I got something wrong, or need to convert the output or the like.

http://brainwallet.org/#sign says:

Privkey:
Quote
5KWLD8VF29WR36qR2YM3wWLDuePHJAP4YKgCMcfvNN7TTxSFgFx

Text:
Quote
Hello world!

Signature:
Quote
G+xTV1JL0C3eAtIPQwOETWwKYCALDR2Px0u1S/4CXl1lKhM/0mFEsuYH2BVMlPe/FvJFJmuFue2TfWW8OgacBVo=


Ah, it's no fun to be a noob, I can tell ya!  Cheesy

Ente
Pages:
Jump to: