Topic: How to sign a message?! - page 45. (Read 141309 times)

Great tutorial, very helpful for newbies who I have seen having trouble understanding the difference between signing a message and signing a post.

Can you make one for 'How to get a PGP Key', as well?

Wow, this is a great tutorial shorena! I think mods should sticky this, because every new user have to learn this basic thing before it's too late. I see a lot of users got hacked or lost password and they end up losing their account forever.

I'll send you a small tip when I get my wage.

With brainwallet you can just copy everything if it has the correct format. For other programms and tools you need to copy each string individually. E.g. if you verify with Multibit/Electrum/Bitcoin Core it has 3 fields for address, message and signature. If the whol message with signature and address is not in the format you would have to create it for brainwallet to work.

So when verifying, do I copy the whole thing into the verifier, or do I copy them one by one?

No the three lines are just to make it easier for humans to understand what is up. The brainwallet verifier will however not work if you remove it, but thats because they only have a single field for all 3 pieces of information. The address, the signature and the message usually have different boxes when using a programm.

If I leave out one of the "-"s in the message, will that signed message be considered invalid?

e.g.

Translations:

Language	|	Credit	|	Link
Romanian	|	Saruman	|	Thread
French	|	JeremyB	|	Thread
Filipino	|	uelque	|	Thread

Intro:

Welcome to the world of bitcoin.

I have been a Newbie like you, looking for scrap, asking questions, working faucets. Faucets are a waste of time. Yes, it was a bit easier in the past. I could join a signature campaign with only 19 posts. Spammers have ruined this pretty much for Newbies though and if they continue I am afraid they will ruin it for all of us. This is not the topic though, sorry for the distraction. You dont believe me that I joined a campaign as Newbie? Well I can proof it to you and I can show you how. By signing a message.

The post quoted below was written by me. It was not edited and it contains a bitcoin address. If you click on its link you will see that it has no dotted line below the time and date. See here for an edited post. I changed it today. Here is a picture.


And I can sign a message with this address to prove that I still have access to the private key that belongs to this address.


You are probably not impressed. So what, a signed message, you might think, but its very important here if you want to trade with someone. There are currently at least 3 accounts in the meta section that are contested. The main problem with all of them is: someone was unable to sign a message, someone did not request a signed message for a trade or someone has no idea how to sign a message. I will try my very best to show you how to sign a message and how to verify a signed message. For this I will use pictures as I know not everyone here speaks english. I will also update this thread over time.

If you want to get your address witnessed somewhere for the future, use this thread by Tomatocage -> https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318
Someone will quote your post there to make sure a hacker that has control over your account can not change it. Make sure you only post addresses you can sign a message with. You can use this thread to test signing message, I will verify them all and Im sure other users will chime in when I am not online as well.

---

If you want to thank me because this thread has helped you, post a signed message. If you just tell me it helped you, Ill probably think you never even bothered to read this.

---

---

Index:

• Intro
• Format
• Dos and Don'ts
• "multi-sig" or pay to script hash addresses (those with the 3)
• Creating a signature (ordered by date [oldest 1st])
  
  • Bitcoin Core version v0.10.0
  • Electrum v 1.9.8 (& 2.5.4)
  • MultiBit v 0.5.18
  • MultiBit HD v 0.1
  • Blockchain.info
  • Blockchain.info v2
  • Mycelium 2.3.0 - 2.5.2 on Android Lollipop
  • Coinbase
  • Bither v.1.3.7.1
  • Ledger Wallet Bitcoin v.1.10.1 (thx 2 JeremyB!)
  • Trezor Wallet (thx 2 JeremyB!)
• Verifying a signature (in alphabetical order)
  
  • Blocktrail
  • Brainwallet.org
  • Chain Query Alpha
  • coinig.com
  • Trezor (thx 2 JeremyB!)
• Translations
• License (CC BY-SA 3.0)
  
• Services/wallets that can (currently) not be used to sign a message
  
  • ANX Vault v. 1.6 for iOS 7.1.2
  • Bitcoin Vault for iOS 7.1.2
  • BitGo.com (2016.07.31)
  • Bither Hot v 1.3.9 for iOS 7.1.2
  • Bither Hot v 1.6.1 for Android 6.0.1 with HD Wallet
  • bitWallet for iOS 7.1.2
  • BitX Wallet 1.2.6 for iOS 7.1.2
  • Blockchain.info v6.1.38 for Android 6
  • Breadwallet by Aaron Voisine for iOS 7.1.2
  • Breadwallet v34 for Android 6
  • BTC wallet by freewallet.org v1.0.38 for Android 6
  • Coinbase for iOS 7.1.2
  • Coinbase for Android
  • Coinomi v1.6.5 for Android 6
  • Coins v0.1 for iOS 7.1.2
  • Coins.ph v1.31 B 84 for iOS 7.1.2
  • Coins.ph v2.6.08 for Andoird 6
  • Copay v. 1.1.3 for Windows (tested with 8.1 Pro 64 bit)
  • Copay v. 1.1.3 for Linux (tested with Ubuntu 14.04. LTS Desktop 64 Bit)
  • Copay v. 1.1.3 Chrome Plugin
  • Electrum 2.7.12 for Android 6
  • GreenAddress/GreenBits
  • GreenAddress 0.0.82 for Android 6
  • GreenAddress for iOS 7.1.2
  • Hotwallet v0.5.2 for iOS 7.1.2
  • mSIGNA
  • Samourai v0.89 for Android 6
  • Wallet by Blocktrail v 1.0.9 for iOS 7.1.2
  • Wallet by BTC.com v 2.2.7 for Android 6.0.1
  • Xapo.com
  • Yallet for iOS 7.1.2
• Services/wallets that I did not bother to or could not test.
  
  • BitGo v1.5 - Chrome plugin, forces E-Mail verification.
  • Hive Wallet for iOS 7.1.2. - did not sync, thus I could not start the wallet in a way that would allow testing it.
  • Ninki v1.5 - Chrome plugin, forces security mechanisms in a way that makes testing for me impossible.

---

---

Format:

Note: Always include the date and reason when creating a message. If you sign a generic message it could be reused by someone else.

When you sign a message you want to present it to someone else and they want to verify the message. In order to make this extra easy its important to use a certain format. You can modify it as needed, but there are certain things to keep in mind.
Every symbol is important. The symbols > and < in my examples have to be removed. When you sign a message and somewhere have two spaces between two words, both are important for the signature. Thats the whole point of a signature. It detects whether someone changed the message or not. The board here has a "code" environment thats perfect for this. It will make sure no linebreaks are added and the other person can easily copy it. I used the same format above.

If you write a post/PM it should look like on the picture below:


and for everyone else reading, it looks like this:

I added an example how to post the signed message for the blockchain.info part here.

---

---

Dos and Don'ts:
return to index

• DO include the current date. This ensures the signature can not be reused on a different day.
• DO include the reason and be specific. This ensures the signature can not be resued for a different reason.
• DO include your nickname and where you use it. This ensures the signature can not be reused, e.g. by Shorena on AcmeCorpTalk.

---

• DO NOT use a compromised machine (virus, keylogger, etc.) to create a signature. Signing unlocks your wallets protection the same way spending bitcoin does.
• DO NOT upload your private key somewhere in order to create a signature.
• DO NOT give your private key to someone else in order to create a signature for you.

You think something is missing here? Leave a reply below.

---

---

Pay to script hash (P2SH) addresses:
return to index

There is no way for pay to script hash addresses without private key (yes, they are possible) to sign a message. For multi-sig-addresses (a subset of P2SH addresses) there are private keys, but there is no consistent definition on how a signature for a message would be verified. Thus, its impossible to sign a message with an address starting with a 3 in a realiable way. With the addition of P2SH-P2WPKH addresses (SegWit, but starting with a 3) this did not change. At least it did not in bitcoin core, other wallets may still allow signing or verification.

---

---

Creating a Signature:
return to index

Bitcoin Core version v0.10.0
return to index

link to picture -> https://i.imgur.com/qx3C9zl.png

---

Electrum v 1.9.8
return to index
Note: Electrum 2.3.1 and 2.5.4 are exactly the same in this regard.

link to picture -> https://i.imgur.com/qXbURuy.png

---

MultiBit v 0.5.18
return to index

link to picture -> https://i.imgur.com/ftumD67.png

---

MultiBit HD v 0.1
return to index

link to picture -> https://i.imgur.com/MtDpQjq.png

---

Blockchain.info
return to index

Note: Blockchain.info is an online wallet, thus their interface could change. Since there is no version number to indicate a change I added the date. I used the stock Tor browser for this (see the URL), but its identical to the regular version. The black bar masks the wallet identifier. Its a throwaway wallet, but I tend to remove stuff like this.

link to picture -> https://i.imgur.com/cNr6wOp.png

---

Blockchain.info v2 2016.05.11
return to index

Update (2017.5.13): According to user apoorvlathey it is now possible to sign messages with the new version as it was in the past. User sHeRiLyN1618 reports that this is only possible for imported addresses, but not addresses generated with the service. For more information read the posts starting from here -> https://bitcointalksearch.org/topic/m.18991565

Update (2016.5.11): It is now possible to sign messages with imported private keys.
Th0ur007 wrote a step by step here -> https://bitcointalksearch.org/topic/guide-how-to-signverify-message-in-new-blockchain-wallet-1467458

Note: Blockchain.info's new wallet does not allow you to sign a message, nor does it allow you to easily export the private key in order to sign with a different wallet. There is a crude work around here -> https://docs.google.com/document/d/1-2l6xOqcbjs9QWEqSh72RD1d8EEdvG_hQuEXw_f_o6w/edit
Use at your own risk!

---

Mycelium 2.3.0 - 2.5.2 on Android Lollipop
return to index

Note: In order to get a preformatted message select "Share Text + Signature" at the last step, open with e.g. your Mail programm and copy the complete message from there.

link to picture -> https://i.imgur.com/lNgSoEq.png

---

Coinbase
return to index

Note: 2018.03.04 coinbase has removed the tutorial.

See their how to for now: https://support.coinbase.com/customer/portal/articles/1526413-how-do-i-sign-a-message-with-a-bitcoin-address-

---

Bither v.1.3.7.1
return to index

link to picture -> https://i.imgur.com/7Ceew9W.png

---

Ledger Wallet Bitcoin v.1.10.1
return to index
Note! full credit for this section goes to JeremyB. Go thank them, not me!

Link to picture -> https://i.imgur.com/2h22aN6.png

---

Trezor Wallet
return to index
Note: full credit for this section goes to JeremyB. Go thank them, not me!

Link to picture -> https://i.imgur.com/mvg884g.png

---

---

Verifying a Signature:
return to index

Blocktrail
return to index

link: https://www.blocktrail.com/BTC?verifysignedmessage=1

Note: This service requires JavaScript and might not work with all browsers.

Correct Signature

link to picture -> https://i.imgur.com/CSI1CeX.png



Incorrect Address

link to picture -> https://i.imgur.com/4aWAAau.png



Incorrect Signature & Modified Message

link to picture -> https://i.imgur.com/eA5Zl5e.png



Incorrect & Modified Signature

link to picture -> https://i.imgur.com/fPS8V0w.png

---

Chain Query Alpha
return to index

link: http://chainquery.com/bitcoin-api/verifymessage

Correct Signature

link to picture -> https://i.imgur.com/Wxtg5gD.png



Incorrect Signature & Modifed Address

link to picture -> https://i.imgur.com/AnDpyYW.png



Incorrect Signature & Modified Message

link to picture -> https://i.imgur.com/kOLx0K8.png



Incorrect & Modified Signature

link to picture -> https://i.imgur.com/Nvs7wtY.png

---

coinig.com
return to index

Will be added ASAP Seem to be bugged when verifying messages with at least one linebreak. Will add them once its fixed.

---

Brainwallet.github.io
return to index

Note: 2018.03.02: New link https://brainwalletx.github.io/#verify

Note: 2015.12.20: Brainwallet has a copy here -> http://wallet-2sx53n.sakurity.com/#verify

Note: 2015.08.08: Brainwallet is no longer operational, old pictures still linked below.

Note: 2015.04.03: I noticed the site was improved since I made the picture below. The updated version now allows to input the address, the message and the signature seperately as bitcoin-qt/core would. Since the old way is still working, I did not update the pictures. Thanks 2 [/url=https://bitcointalksearch.org/topic/m.31257348]JeremyB[/url] for updating the pictures.

link: https://brainwallet.github.io/#verify copy: http://wallet-2sx53n.sakurity.com/#verify

(Bitcoin-QT) Correct Signature


Link to picture -> https://i.imgur.com/hlkBkji.png

(Bitcoin-QT) Incorrect Signature


Link to picture -> https://i.imgur.com/VEqKAeE.png

(Bitcoin-QT) Correct Signature & Missing address


Link to picture -> https://i.imgur.com/LefpKPC.png

---

Correct Signature


link to picture -> https://i.imgur.com/75MFIiH.png

Incorrect Signature & Missing Address


link to picture -> https://i.imgur.com/GD2tzVJ.png

Incorrect Signature


link to picture -> https://i.imgur.com/okc8Q2K.png

---

Trezor
return to index
Note: full credit for this section goes to JeremyB. Go thank them, not me!

Correct Signature

Link to picture -> https://i.imgur.com/XgICUy7.png


Incorrect Signature

Link to picture -> https://i.imgur.com/Y3LIVPT.png

---

---

License (CC BY-SA 3.0):
return to index

You are free to:

• Share - copy and redistribute the material in any medium or format
• Adapt - remix, transform, and build upon the material

for any purpose, even commercially. I cannot revoke these freedoms as long as you follow the license terms.

Under the following terms:

• Attribution - You must give appropriate credit (mentioning my name [shorena] is enough), provide a link to the license, and indicate if changes were made.
• ShareAlike - If you remix, transform, or build upon the material, you must distribute your contributions under the same license (see link).

link -> https://creativecommons.org/licenses/by-sa/3.0/

Signed version:

---

todo:


changelog: