Topic: Feature request : signing a text with a wallet key - page 2. (Read 7400 times)

sounds like a great idea I can see many uses for it.

+1

The usage of BerkeleyDB make me feel uncomfortable. BDB is known to change format between versions. And this make making alternative implementation harder.  

Exporting to something simpler (i.e. parsable with no external library) would be nice.

+1

I think the same. Since it was chosen to use a specific type of keystore to hold bitcoin keys, there should be a way to manipulate the keys in this keystore.

What would be really ideal from an architectural point of view would be a client that is decoupled from the keystore type. Just by configuring something and implementing an interface you could plug another type of keystore and use it.
But, well, that has a lower priority, I'd say.

Suppose your are auctioning something at the Bidding Pond. Suddenly you get a bid for a million bitcoins. You may want the bidder to flash the cash, to persuade you to take their bid seriously.

Yeah, being able to sign messages with your BitCoin keys would be useful and not redundant with other functionality. All I can do with PGP is attempt to build up trust in my keys through things I write or people I meet, hence the whole web of trust concept.

But for the purposes of business, you don't need to trust somebody anywhere near as much if they can prove they have the money you want at hand. The alternative is to do a small sentinel transaction of some pre-agreed amount to prove you have the cash you claim to, but that'd just pollute the block chain with non economic activity. Being able to sign arbitrary data is better.

It'd potentially also allow for a more user friendly signature format to be developed than what PGP provides, eg, rules that state "remove all whitespace and all formatting before signing" would make signatures more robust in the face of common things like HTML/text conversion and copy/paste.

It is not redundant, balance is linked to a bitcoin private key, not to any PGP one.

No you do not need any trust. Don't take it bad, but please educate yourself a little bit more about bitcoin internals.

Ok, you want to use your private key for bitcoin instead of a private key in PGP; see my first post in this thread. I think you'll face some resistance because this is redundant functionality. As for seeing the amount in a certain account, can't you already do this is blockexplorer (a distinct application)?

But you need to have established trust through some other mechanism beforehand. Establishing trust is an inherently "out of band" process. See my points about PKI and Webs of Trust.

Yeah, the ability to prove without a doubt to a seller that I have control over a given address, and therefore the funds that he can see in his blockchain, would be great.  Particularly without the need to prove that to the entire world.

PGP is cool, but how about signing data with your bitcoin private keys ? Oops, you can't (well you technically can with gavins python tools).
One of the properties of cash is that I can show you the money before you go get the goods, I'd love to be able to do the same thing with bitcoin in a simple way.

This I understand this very well.

Sure. If I have access to the private key (the wallet), then I can spend all my money.

Of course. Nobody needs to know to any degree of certainty which bitcoin accounts are mine. Isn't that rather the point of digital cash? Now, If I want to sign arbitrary data (as per the OP), I would rather use existing software and would hope that such redundancy would be avoided in bitcoin. If I want to make sure that my factory only sends bitcoins that I earned while building Cadillacs to my account, I can make sure by signing a message with one of my bitcoin IDs with my PGP key which they trust is mine.

This is what you are getting wrong :
 - your bitcoin address is derived from your *public* key, there is not point in signing anything with this key or with your bitcoin address
 - you sign outgoing transactions with your *private* key

So if you're able to sign arbitrary data with your *private* key that means you get to spend whatever amount is associated with the *public* key (or its derived form, the bitcoin address) that is visible in the bitcoin block explorer.

There is no need for anyone to trust you to be Helmut, and additionnally trust that 123456 is Helmut's public key.

I think I understand, but can't we already do that via blockexplorer? Why not just do something like this:

I identify myself as Joe and generate a corresponding PGP key (sorry to keep going back to PGP, but it is easier than saying "your public key software of choice"). I can then send a signed message with by bitcoin address to a recipient who already trusts that I am Joe and that it is my PGP key. Simply copy the bitcoin address from your gui or whatever and pgp/gpg away. In fact, I already do exactly this with some regularity, although my name may or may not really be Joe.

Well, I can think of plenty of cases where I want to check that someone actually has the funds he claims before conducting some business. None of them involving taxes.

You seem to think that such a signature would be valid only at a certain point of time, it isn't the case.
If I sign arbitrary data with one of my private keys, it just basically means that I get to spend the funds associated with the bitcoin address, the available amount to an address is publicly visible from the blockchain.

So at the time of signature i can say "okay this person has 10 BTC available", I can also come back two weeks later and see that the signature only credits its owner with 1.42 BTC.

I put this under the category of "I own my data, and should be able to do with it what I want."

Being able to import and export bitcoin keypairs to/from wallets seems an obvious need to me.

You are correct in making the distinction between trust and "proof" via cryptographic transforms, so forgive me if I am repeating something you already understand. I am also writing to others who may not be as familiar with some of these concepts. However, when it comes to a digital ID (be it a bitcoin address or a PGP ID) there are some qualities that you can take at face value. For example, if a digital signature matches a public key, you can be quite certain that the corresponding private key created it. You are less certain, however, about who actually controls the private key. You now face an issue of trust. Do you trust the person to not allow his key to be stolen? Do you trust the people that vouched that a key matches a certain name? Do you trust the ID card or passport that says that John Smith is who he says he is and that the name matches the key? The issues are orthogonal.

So, if I have a bitcoin ID, the question (or at least what I interpreted as the question) is "how do I let someone know that this really is my account number and not to send money to other accounts who claim to be me?" Again, this is a trust issue. Typically, it is handled using either a centralized chain of trust (PKI {SSL certs}) or a distributed chain of trust (Web of Trust {PGP, CaCert(actually a hybrib), etc}). What the OP suggested was essentially to use bitcoin's private keys as a general form of digital ID, similar to the way PGP keys are already used. My point was that such functionality already exists in well-tested and standardized tools, such as GnuPG and that reproducing those features would not help bitcoin. In fact, by invoking well-known arguments pertaining to the unwelcome effects of increasing codebase complexity, I conjecture that the additional code would likely hurt it.

Incidentally, all these issues of trust have been well explored for many years, with much credit to the cypherpunks in the 90s (and digital cash, of course).


The proof is valid while the funds remain in the same address. They may remain there for a long time.