For those who need it: Quickly sign a message with your private key in browser

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: Evil-Knievel on August 29, 2016, 07:13:17 PM

I thought we were away from using random numbers to chose the k-values for a long time already.

And I thought we were away from people using bitcoin addresses more than once.

Yet somehow people and programs continue to do things that that are are advised against by the experts.

I suspect your program is fine. There probably aren't many (any?) realistic situations where Bitcore would re-use a k value. But for the ultra-paranoid:

Don't sign anything using a private key that is associated with any address that is currently or ever in the future will be associated with any bitcoins, don't use a private key or an address more than once.

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

Quote

The main concern here that people will want to be aware of is that running something "on a computer that never touches the internet" is not helpful if the signature calculation re-uses a k value. I would hope the bitcore nodejs module won't have such a problem, but bugs happen and mistakes (and malicious behavior) happen.

If people are going to re-use bitcoin addresses, generating multiple signatures with them, then they should be aware that they can leak their private key without ever letting the private key touch an internet connected computer. Wouldn't want anyone to develop a false sense of security now, would we?

I thought we were away from using random numbers to chose the k-values for a long time already. When I sign a message, the signature is always the same no matter how ofter I sign it. Seems that Bitcore uses (correctly) a deterministic signing scheme which is based on the message (or better, the pseudorandomness derived from its cryptographic hash) itself. But that again means, that it is impossible that two different signatures use the same r-value (lets ignore the unlikely case of hash collisions for now)? Am I correct?

I mean we could have a deeper look into Bitcore of course. If in doubt, I would always decide for a deeper investigation!

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: Evil-Knievel on August 29, 2016, 06:54:03 PM

Quote from: DannyHamilton on August 29, 2016, 06:36:55 PM

I have not yet reviewed this code, but IF there is a bug in the code (or introduced into the bitcore nodejs module) that re-uses k values, then running this on a computer that never touches the internet will not protect you. It will be possible to calculate your private key from the combination of 2 signatures.

I appreciate your very kind offer to carefully review the code. I understand that such processes take their time, so that it was not "yet" possible.
To give everyone else the chance here to have a look at the code themselves as well, here it is Grin

Quote

var dumbsign = function(wif,msg){
   var privateKey = bitcore.PrivateKey.fromWIF(wif);
   var signature = Message(msg).sign(privateKey);
   return signature;
}

Any "bug reports", improvement suggestions or reimplementations are welcome

I saw that you included the github link and I was going to take a look tonight. Hadn't even clicked on it yet.

I wasn't aware that it was so short, or else I may have taken a look right away. Wink

The main concern here that people will want to be aware of is that running something "on a computer that never touches the internet" is not helpful if the signature calculation re-uses a k value. I would hope the bitcore nodejs module won't have such a problem, but bugs happen and mistakes (and malicious behavior) happen.

If people are going to re-use bitcoin addresses, generating multiple signatures with them, then they should be aware that they can leak their private key without ever letting the private key touch an internet connected computer. Wouldn't want anyone to develop a false sense of security now, would we?

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

Quote from: DannyHamilton on August 29, 2016, 06:36:55 PM

I have not yet reviewed this code, but IF there is a bug in the code (or introduced into the bitcore nodejs module) that re-uses k values, then running this on a computer that never touches the internet will not protect you. It will be possible to calculate your private key from the combination of 2 signatures.

I appreciate your very kind offer to carefully review the code. I understand that such processes take their time, so that it was not "yet" possible.
To give everyone else the chance here to have a look at the code themselves as well, here it is Grin

Quote

var dumbsign = function(wif,msg){
   var privateKey = bitcore.PrivateKey.fromWIF(wif);
   var signature = Message(msg).sign(privateKey);
   return signature;
}

Yes, that was the entire (relevant) code! Any "bug reports", improvement suggestions or reimplementations are welcome

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: Evil-Knievel on August 21, 2016, 12:31:21 PM

- snip -
Disclaimer: Use at own risk! The software is using the bitcore nodejs module which I am not responsible for and which is too complex for me to verify in terms of security. The paranoid download the code and run it on a computer that never touches the internet!
- snip -

An additional but important warning...

I have not yet reviewed this code, but IF there is a bug in the code (or introduced into the bitcore nodejs module) that re-uses k values, then running this on a computer that never touches the internet will not protect you. It will be possible to calculate your private key from the combination of 2 signatures.

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

Quote from: Lanzador on August 29, 2016, 05:02:04 PM

This is friggin awesome. There are so many times I need to sign messages while I'm at work, but we can't run .exe files here, so a full node or even just a wallet is out of the question - this solves so many problems!

Thanks for the nice feedback Wink

Lanzador

full member

Activity: 140

Merit: 100

This is friggin awesome. There are so many times I need to sign messages while I'm at work, but we can't run .exe files here, so a full node or even just a wallet is out of the question - this solves so many problems!

n691309

legendary

Activity: 1526

Merit: 1001

Quote from: Evil-Knievel on August 21, 2016, 03:47:10 PM

Quote from: n691309 on August 21, 2016, 03:39:44 PM

Quote from: Evil-Knievel on August 21, 2016, 12:31:21 PM

If anyone of you needs to quickly sign a message without having the core client handy, feel free to use https://ordinarydude.github.io/offline-bitcoin-signer/.
The source code can be found at: https://github.com/OrdinaryDude/offline-bitcoin-signer

Disclaimer: Use at own risk! The software is using the bitcore nodejs module which I am not responsible for and which is too complex for me to verify in terms of security. The paranoid download the code and run it on a computer that never touches the internet!

Everything works perfect except one thing, why I can't copy the signature code? People can use this website to sign a message and then copy to send or post somewhere. It would be good if you can modify it and let people copy the entire signed message like this one http://wallet-2sx53n.sakurity.com/#sign

Good catch! Fixed!
I will make a js version tomorrow!

Good that you hear my advice, and I see that now it is fixed and working. What do you think to make a field that will generate the complete signed message format like this one :

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
[This is an example of a signed message.]
-----BEGIN SIGNATURE-----
[Btc Address]
[Signature]
-----END BITCOIN SIGNED MESSAGE-----

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

Quote from: n691309 on August 21, 2016, 03:39:44 PM

Quote from: Evil-Knievel on August 21, 2016, 12:31:21 PM

If anyone of you needs to quickly sign a message without having the core client handy, feel free to use https://ordinarydude.github.io/offline-bitcoin-signer/.
The source code can be found at: https://github.com/OrdinaryDude/offline-bitcoin-signer

Disclaimer: Use at own risk! The software is using the bitcore nodejs module which I am not responsible for and which is too complex for me to verify in terms of security. The paranoid download the code and run it on a computer that never touches the internet!

Everything works perfect except one thing, why I can't copy the signature code? People can use this website to sign a message and then copy to send or post somewhere. It would be good if you can modify it and let people copy the entire signed message like this one http://wallet-2sx53n.sakurity.com/#sign

Good catch! Fixed!
I will make a js version tomorrow!

n691309

legendary

Activity: 1526

Merit: 1001

Quote from: Evil-Knievel on August 21, 2016, 12:31:21 PM

If anyone of you needs to quickly sign a message without having the core client handy, feel free to use https://ordinarydude.github.io/offline-bitcoin-signer/.
The source code can be found at: https://github.com/OrdinaryDude/offline-bitcoin-signer

Disclaimer: Use at own risk! The software is using the bitcore nodejs module which I am not responsible for and which is too complex for me to verify in terms of security. The paranoid download the code and run it on a computer that never touches the internet!

Everything works perfect except one thing, why I can't copy the signature code? People can use this website to sign a message and then copy to send or post somewhere. It would be good if you can modify it and let people copy the entire signed message like this one http://wallet-2sx53n.sakurity.com/#sign

CoinLearn

sr. member

Activity: 329

Merit: 251

Quote from: Evil-Knievel on August 21, 2016, 12:31:21 PM

If anyone of you needs to quickly sign a message without having the core client handy, feel free to use https://ordinarydude.github.io/offline-bitcoin-signer/.
The source code can be found at: https://github.com/OrdinaryDude/offline-bitcoin-signer

Fantastic work! It would be great if u added a JS based signed message verifier as well.

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

Quote from: jak3 on August 21, 2016, 01:54:32 PM

thanks for this project its really very helpful and will save much time by the way are you sure that people will sign messages with there private keys i thought we do it with public keys

No, you have to sign with the private key. The public key is available to the public when you have at least one outgoing transaction and can be viewed on any block explorer. If we could sign messages with public keys only, I could easily sign messages in your name Wink

But you can verify a signature with the public key!

jak3

legendary

Activity: 1274

Merit: 1004

thanks for this project its really very helpful and will save much time by the way are you sure that people will sign messages with there private keys i thought we do it with public keys

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

If anyone of you needs to quickly sign a message without having the core client handy, feel free to use https://ordinarydude.github.io/offline-bitcoin-signer/.
The source code can be found at: https://github.com/OrdinaryDude/offline-bitcoin-signer

Disclaimer: Use at own risk! The software is using the bitcore nodejs module which I am not responsible for and which is too complex for me to verify in terms of security. The paranoid download the code and run it on a computer that never touches the internet!

Topic: For those who need it: Quickly sign a message with your private key in browser (Read 1520 times)