Topic: How to sign a message?! - page 23. (Read 141621 times)

I couldn't log in my acc after try to changing pass with security question. These are my adress before i posted. Top one is bitpaywallet, other one is copay. Can i have chance to get back my account? I couldn't find way for sign this wallet.

Very nice guide we have here!

Thank you shorena for maintaining this thread updated.

Suggestion: don't forget to add the (very) old time player Blockexplorer.com as one option for verifying BTC signed msgs.

https://blockexplorer.com/messages/verify

Thank for this super guide on how sign a message 
I am now able to do this!

A small update, got an answer from the bither team to my bug report.


-> https://github.com/bither/bither-android/issues/21

Thank you shorena for your helpful thread. Sometimes things are just too obvious so they are overlooked, at least by me but thanks to your explanation I'm a bit wiser today.

So thanks, and bump

Thanks Shorena ! Very helpful topic indeed !

Holy moly thanks for sharing this ill use it keep it up

Sorry for the late reply, yes I was able to confirm it, well done.

From Electrum wallet
Someone PLeaseeee answer me ! I wanna know
Edit: Calimero style, Shorena or anybody, is my message good ?

Sounds like how SSH does auth by keys instead of passwords. The server sends a challenge and only the person with the correct private key can reply with the correct answer. Signed messages can be used similarly I think. You have to make sure the message has some properties though. It might be a good idea to look actually look into common SSH implementations for this. They support ECDSA curves for this, so you might simply adapt this. It could potentially be build into future wallets.

#1 It must have a timestamp, otherwise it could be reused.
#2 It must have a validity period, otherwise it could be reused in quick succession by an attacker. The period must be long enough to make sure the user has enough time to sign, but not too long so an attacker that gets a hold of the message (e.g. 2 hours later) can reuse it. It should essentially single use, time might not be the best choice for that though. Maybe you can keep track of the messages.
#3 possibly more I missed now.

Thanks for the insight.
I was just browsing the forums here, checking out the lending forum and saw some people talk about signed messages...
I looked around until I found this thread...
Very nice tutorial with pictures and such.

Appreciate it.

Shorena,

this is all really helpful. Kudos for making rather complex procedure as simple and idiot proof as humanly possible. You are making this forum a better place. Thank you.

for starters thank you very much for this awesome guide here.
It proves to me you are a person who cares/loves BTC ecosystem and the forum community  

my mind running wild for decades ,and i love to provide ideas and problem solutions
this time for some days i try to find a decentralized 2FA-like procedure
it is a little brick from a bigger project/vision , nvm , here is the question :

anyone can get a new bitcoin address , no need to register any private data/mail etc for that.
in this thread i see you supplied ways to sign and verify messages for that bitcoin address.
many people are concerned about their privacy , and many well established bitcoin sites
asking too much private data already . some months now a new trend came in haste 2FA
the mainstream applications to 2FA so far are big well established companies like Google etc.
such huge companies not care much for freedom of money or privacy for users.

example: i have account nicknamed Me322 at xxx66xxx.ccc site with a password *****
i make a new bitcoin address 1bn... and i sign a message sent to the site as 2FA reference
when me or the site needs to check through 2FA i simply reply signing a new message

register 2fa //signed message from add xxx blah blah//
sign-in with 2fa //signed message : blah blah ... //

question i have for you is : did i miss something or did you see security flaws or ...   potential ?

Have a nice day and thanks in advance - Elias C.

 

Yes, the blockchain mainly stores (different types of) transactions. Signed messages are similar to signed transactions as both are signed with a private key. A signature and the data it signed can be verified with the public key. When signing a message the signature code includes this public key. Thus with a valid signature you give the other person all data they need to verify its legitimacy, no other sources like the blockchain required. Its possible to do this over any kind of data structure and you could use a transaction to store a signed message on the blockchain. It would not give you a significant advantage over other data storage methods (e.g. this forum), besides that it would be very difficult to delete.

It isn't benign stored in the Blockchain due to the fact that it doesn't need to be. It can all be done locally if you know how.

Read this: https://bitcoinmagazine.com/articles/bitcoin-address-sign-1399914228


And read up on public key cryptography.

One noob question :
Signing a message is possible even offline.
Does it mean, it is not being stored in blockchain then how it is universally verifiable at any time from anywhere ?

Yes, I could verify the message.

is this ok?


edited:
added the tag code

<3 thanks for reading it, the message verified just fine.