FYI: I have added a message signing
and verification interface into Armory, as part of the the ECDSA calculator. The interface is a little weird, because it was merged with a privatekey/publickey/address calculator, but it is very functional.
Why is this useful?It's not so much for "verifying ownership of a wallet," but it is a good way to send messages that the receiver can verify came from the owner of an address. Here's a couple excellent uses for it:
- You purchase something online for 1,000 BTC and the seller needs a shipping address. Send them a signature block with your shipping address via email, signed with one of the addresses you used to pay them. They know it must've come from the same person who paid them, which is the only important part. No one can spoof an email from you to have them ship it somewhere else.
- If this functionality had existed at the time, it would've been a brilliant way for MtGox to verify users' accounts after the hacking last year! All they had to do was send out emails saying "Account #0582921 was originally funded with address 1Ahgk48sfQz. Please provide your name, address, and Dwolla acct number in a signed message by Bitcoin address 1Ahgk48sfQz to claim ownership." Again, the only person that can provide such a message, must be the same person that originally funded the account!
- Expanding on the Mt.Gox idea: services can start using this for anonymous account management, especially online gambling. A user funds an online gambling account completely anonymously using Bitcoins. Then, they decide they want move money around, buy stuff, play big games, or cash out to a different address. The only requirement for doing so is that they make the request using a signature block signed with the very first address that ever funded the account. They never have to identify their own name, address, make any kind of account login&password, password recovery, not even email address! All that matters is that the same person who funded the account, is the person making the current request!
To Sign a Message with Armory (works fine in offline mode):
- Open Armory, go to the menu, "Tools"-->"Message Signing"
- Put your address into the "Bitcoin Address" box. If this key is yours, a message will pop up saying "This key is in one of your wallets!".
- Type in your message into the message box. You can use the buttons to insert random hex characters, or the current datetime. The only restriction is to not use any newlines in the message.
- Click "Get keys from Wallet" at the top of the window to pull in your private key for signing. (I will remove this step in the next version, it's unnecessary)
- Click the "Sign Message" button which will dump a raw signature in the box to the right.
- Click the "Create Signature Block" button which will copy the signature block to the clipboard.
- You can test it by clicking "Import Signature Block" and pasting the clipboard into it. You will see what the verification window looks like.
- Send the signature block in an email or pastebin.
To Verify a Signature Block with Armory (works fine in offline mode):
- Open Armory, go to the menu, "Tools"-->"Message Signing"
- Click on "Import Signature Block" at the bottom of the screen.
- Paste the signature block, and click "Okay"
- Address will be checked against public key, public key checked against signature for the given message
None of this requires the blockchain, so if you are on a system that couldn't normally run Armory, you only need to run with the "--noblockchain" option. This allows you to verify Armory signature blocks without even having an Armory wallet! If you're intrigued, try this one: (
get Armory if necessary)
-----BEGIN-SIGNATURE-BLOCK-------------------------------------
Address: 1ArmoryXcfq7TnCSuZa9fQjRYwJ4bkRKfv
Message: "Armory version 0.60-alpha was released 2012-Mar-"
"19 07:40pm. Windows binaries have been released "
"in zip files with the following MD5 hashes: [Wi"
"n32::7b6e3dd0e9114523e303db304a87c0d6] [Win64::e"
"930159411483428da40c127f654bf69] Please do not u"
"se any zip files whose hash values do not match!"
PublicKey: 0411d14f8498d11c33d08b0cd7b312fb2e6fc9aebd479f8e9a
b62b5333b2c395c5f7437cab5633b5894c4a5c2132716bc36b
7571cbe492a7222442b75df75b9a84
Signature: 842590674c06b8712bd9aa04ae7e3fd4c09410f6881ec5a361
fcab55433f1d28f569b3771216754f400a5674e24984943d62
9079a8d56b3c5285ee533f8f4f16
-----END-SIGNATURE-BLOCK---------------------------------------
Btw, these signatures are not compatible with the Satoshi client signatures. I will make an effort to synchronize them later after RAM-reduction.
P.S. - This works with offline wallets, too, since it doesn't require the blockchain. Just get on your offline computer, create the signature block as above, and copy it to a USB key to take to the online computer. It's even easier than an offline transaction because you can start on the offline computer and only need to move data one direction.
