Author

Topic: How to sign a message from a paper wallet without importing your private key? (Read 1385 times)

full member
Activity: 233
Merit: 102
https://genesis.re


Cryptographic libraries tend to have many lines of code but doing this on air-gapped computer minimises the risk.

Hmm, calculating by hand eh? How do I go about doing that? That's about as safe as you can get!

See here: http://www.righto.com/2014/09/mining-bitcoin-with-pencil-and-paper.html

Calculating cryptographic functions by hand = not practical.
legendary
Activity: 1134
Merit: 1010
BTC to the moon is inevitable...
just a thought/question that i would like to ask here:
is it possible that some of these codes for signing a message create a weak signature leading to leaking your private keys?

i know it is possible when creating a signature for transaction. and although signing a message is similar but it has some differences so i am not sure if it is also possible for that!
legendary
Activity: 1382
Merit: 1122
Disclaimer: Don't blame me if it steals your coins, I don't know how reliable the author is.

Ya I wasn't sure if some normal wallet could do this with some fancy maneuvers. I guess not and I don't want to have to trust someone else's coding skills. Thanks for the help though!

Here you go: https://github.com/aeternity/wiki/wiki/How-to-sign-a-message-with-a-private-key%3F

I've contributed one of these methods...

Tell me if you need any help.

- Make offline copy of the HTML.
- Copy on USB stick to offline computer
- Run the website offline
- Sign it via HTML / JavaScript
- Put the signature on USB stick / write it down

PROFIT / DONE

Click +1 if it helps you Smiley

I'll check it out and see if it requires any trust. Thanks.

There's another offline webpage that can sign messages for you at this link. However any such webpage shouldn't be trusted when online. I wouldn't consider using it unless it was run in an offline isolated environment.

https://brainwalletx.github.io/#sign

That webpage is capable of creating five different message signature types including multibit's and armory's.

Thanks for the links. These are definitely simple for me to use, I'm just going to see if there have been any negative repercussions after someone has used them.

Disclaimer: Don't blame me if it steals your coins, I don't know how reliable the author is.

Ya I wasn't sure if some normal wallet could do this with some fancy maneuvers. I guess not and I don't want to have to trust someone else's coding skills. Thanks for the help though!

Here you go: https://github.com/aeternity/wiki/wiki/How-to-sign-a-message-with-a-private-key%3F

I've contributed one of these methods...

Tell me if you need any help.

- Make offline copy of the HTML.
- Copy on USB stick to offline computer
- Run the website offline
- Sign it via HTML / JavaScript
- Put the signature on USB stick / write it down

PROFIT / DONE

Click +1 if it helps you Smiley

I'll check it out and see if it requires any trust. Thanks.

At some point you need to trusts something.

Calculating hash by hand = error prone.

Cryptographic libraries tend to have many lines of code but doing this on air-gapped computer minimises the risk.

Hmm, calculating by hand eh? How do I go about doing that? That's about as safe as you can get!
full member
Activity: 233
Merit: 102
https://genesis.re
Disclaimer: Don't blame me if it steals your coins, I don't know how reliable the author is.

Ya I wasn't sure if some normal wallet could do this with some fancy maneuvers. I guess not and I don't want to have to trust someone else's coding skills. Thanks for the help though!

Here you go: https://github.com/aeternity/wiki/wiki/How-to-sign-a-message-with-a-private-key%3F

I've contributed one of these methods...

Tell me if you need any help.

- Make offline copy of the HTML.
- Copy on USB stick to offline computer
- Run the website offline
- Sign it via HTML / JavaScript
- Put the signature on USB stick / write it down

PROFIT / DONE

Click +1 if it helps you Smiley

I'll check it out and see if it requires any trust. Thanks.

At some point you need to trusts something.

Calculating hash by hand = error prone.

Cryptographic libraries tend to have many lines of code but doing this on air-gapped computer minimises the risk.
legendary
Activity: 2772
Merit: 2846
Disclaimer: Don't blame me if it steals your coins, I don't know how reliable the author is.

Ya I wasn't sure if some normal wallet could do this with some fancy maneuvers. I guess not and I don't want to have to trust someone else's coding skills. Thanks for the help though!

Here you go: https://github.com/aeternity/wiki/wiki/How-to-sign-a-message-with-a-private-key%3F

I've contributed one of these methods...

Tell me if you need any help.

- Make offline copy of the HTML.
- Copy on USB stick to offline computer
- Run the website offline
- Sign it via HTML / JavaScript
- Put the signature on USB stick / write it down

PROFIT / DONE

Click +1 if it helps you Smiley

I'll check it out and see if it requires any trust. Thanks.

There's another offline webpage that can sign messages for you at this link. However any such webpage shouldn't be trusted when online. I wouldn't consider using it unless it was run in an offline isolated environment.

https://brainwalletx.github.io/#sign

That webpage is capable of creating five different message signature types including multibit's and armory's.
legendary
Activity: 1382
Merit: 1122
Disclaimer: Don't blame me if it steals your coins, I don't know how reliable the author is.

Ya I wasn't sure if some normal wallet could do this with some fancy maneuvers. I guess not and I don't want to have to trust someone else's coding skills. Thanks for the help though!

Here you go: https://github.com/aeternity/wiki/wiki/How-to-sign-a-message-with-a-private-key%3F

I've contributed one of these methods...

Tell me if you need any help.

- Make offline copy of the HTML.
- Copy on USB stick to offline computer
- Run the website offline
- Sign it via HTML / JavaScript
- Put the signature on USB stick / write it down

PROFIT / DONE

Click +1 if it helps you Smiley

I'll check it out and see if it requires any trust. Thanks.
full member
Activity: 233
Merit: 102
https://genesis.re
without adding my private key onto the internet

You can run your software locally, without connecting to the internet.

Some software is required, humans are error-prone when hashing and signing messages Smiley

Is it possible to do in a live environment for extra security? If not, what would I need in order to do this? Bitcoin core?

Here you go: https://github.com/aeternity/wiki/wiki/How-to-sign-a-message-with-a-private-key%3F

I've contributed one of these methods...

Tell me if you need any help.

- Make offline copy of the HTML.
- Copy on USB stick to offline computer
- Run the website offline
- Sign it via HTML / JavaScript
- Put the signature on USB stick / write it down

PROFIT / DONE

Click +1 if it helps you Smiley
legendary
Activity: 2772
Merit: 2846
Download this webpage and run it inside a browser from an offline live CD.

https://coinb.in/

Go to the sign section, input your private key and message into the text boxes and click the submit button.

https://coinb.in/#sign

Don't ever put your private key into an online version of it.

I'll give it a shot and see if it's simple enough for me. Their website seems to say it's simple enough so let's hope they're right Wink

Sorry, I made a mistake. You can't sign a message with that page, you can only sign a transaction.

Sleep deprivation got the better of me. This is the webpage that signs messages. Don't ever use it unless it's in an offline isolated environment like a live CD (or preferably a virtual machine).

Disclaimer: Don't blame me if it steals your coins, I don't know how reliable the author is.


*snip*

4. Now I have created a foolproof bitcoin signing tool which you can find here: https://ordinarydude.github.io/offline-bitcoin-signer/

5. Use the private key and the messages to obtain your signature.

Disclaimer: Use at own risk, the sources for the offline signing tool can be found here: https://github.com/OrdinaryDude/offline-bitcoin-signer
The paranoids download the code and sign on an offline machine!



Screenshots of this process:

*snip*


legendary
Activity: 1382
Merit: 1122
Download this webpage and run it inside a browser from an offline live CD.

https://coinb.in/

Go to the sign section, input your private key and message into the text boxes and click the submit button.

https://coinb.in/#sign

Don't ever put your private key into an online version of it.

I'll give it a shot and see if it's simple enough for me. Their website seems to say it's simple enough so let's hope they're right Wink
legendary
Activity: 2772
Merit: 2846
Download this webpage and run it inside a browser from an offline live CD.

https://coinb.in/

Go to the sign section, input your private key and message into the text boxes and click the submit button.

https://coinb.in/#sign

Don't ever put your private key into an online version of it.
legendary
Activity: 1382
Merit: 1122
without adding my private key onto the internet

You can run your software locally, without connecting to the internet.

Some software is required, humans are error-prone when hashing and signing messages Smiley

Is it possible to do in a live environment for extra security? If not, what would I need in order to do this? Bitcoin core?
full member
Activity: 233
Merit: 102
https://genesis.re
without adding my private key onto the internet

You can run your software locally, without connecting to the internet.

Some software is required, humans are error-prone when hashing and signing messages Smiley
legendary
Activity: 1382
Merit: 1122
Is there any relatively simple way to sign a message from a Bitcoin paper wallet without importing the private key into a wallet? If there's a way to securely sign a message without adding my private key onto the internet I'd love to know what wallet I need in order to do it and how to actually sign too. Even if there is no way let me know so at least I'm aware!
Jump to: