I am having the same problem that was originally posted here -- getting an incorrect false return on verifymessage().
$address = '1B8QAtcpBkL3jtfeMvfLiz8hnPi2U1KCyf';
$signature = 'HP1aJ5Pnx9WMrFOl9U76u5ZMkjnhqW+cxcIqAnGg1f6JhKX0jKChZnV94ewXnBNb0wA+3sIJdtszALPw8EbcXOc=';
$message = 'test';
$rpc->verifymessage($address, $signature, $message);
this returns
bool(false)
I'm using the api described here:
https://blockchain.info/api/json_rpc_api
Method: verifymessage
Parameters: (String bitcoinaddress, String signature, String message)
Description: Verifies the signature and message matches the bitcoin address provided (See signmessage)
Returns: Boolean
Topic: JSON RPC PHP + blockchain.info + verifymessage (Read 1623 times)
Blockchain's RPC interface/server has a tendency to go down for several days at a time, as it just did recently. Verifying a message doesn't require the blockchain, so look into offline solutions, like from this thread: https://bitcointalksearch.org/topic/verifying-a-signed-message-without-a-bitcoin-client-installed-222992
Oh well sorry I can't help you, since I don't know how to use the json rpc and had never heard of a signed message before... Is it like entering a random string in the public note section?
You never heard about signed messages? Shame on you..
It's a great way to proof ownership of an address. For example, I claim I do own 1KqNPuC8egqxLdPVksjmSgC4zTdNysrz9p and I'm able to demonstrate this by signing a message.
Code:
Message: Hi, this is dexX7 and I own address 1KqNPuC8egqxLdPVksjmSgC4zTdNysrz9p.
Signature: G7zfExNiKd6KomBZHXJ4sKRJoqfAVsfbHHo8+YJx31YiJQd4cmHrlGuHtGSB0N8hE/ji42SUBmiyJnrdYoU3OLI=
Now head over to http://brainwallet.org/#verify and try to see, if it is legit.
The standard Bitcoin QT client has this feature, too. See: http://imgur.com/a/nUmZ0
Like what? You mean like to check if one person really owns a address?
Sorry to be vague. I'd use it as substitute for a login mechanism.
Instead of a combination of username and password where the username is the internal identifier, I'd use solely a BTC address. For the login a random one-time-challenge string is shown to the user and he or she is asked to sign this string.
Example:
System: "Please sign the following message: login2113njsdfku3h24"
User answers with: G42O9cr+bwzfH71zfmFjIy/UmuQhVOxmqm5HgBglHMK/ceKCKBWSmLLd9sz8ZXpJxtAN0xwbyLyCwRjuUiQ7i/c=
The system verifies the signature and maps it to address: 17mDAmveV5wBwxajBsY7g1trbMW1DVWcgL
This address can then be used to recognize the user like the username before.
Oh well sorry I can't help you, since I don't know how to use the json rpc and had never heard of a signed message before... Is it like entering a random string in the public note section?
Like what? You mean like to check if one person really owns a address?
Sorry to be vague. I'd use it as substitute for a login mechanism.
Instead of a combination of username and password where the username is the internal identifier, I'd use solely a BTC address. For the login a random one-time-challenge string is shown to the user and he or she is asked to sign this string.
Example:
System: "Please sign the following message: login2113njsdfku3h24"
User answers with: G42O9cr+bwzfH71zfmFjIy/UmuQhVOxmqm5HgBglHMK/ceKCKBWSmLLd9sz8ZXpJxtAN0xwbyLyCwRjuUiQ7i/c=
The system verifies the signature and maps it to address: 17mDAmveV5wBwxajBsY7g1trbMW1DVWcgL
This address can then be used to recognize the user like the username before.
I still don't get the point of that... Can you please give me a real life application?
Sure. One keyword: user authentication.
Like what? You mean like to check if one person really owns a address?
I still don't get the point of that... Can you please give me a real life application?
Sure. One keyword: user authentication.
Am I the only one who logged in to his blockchain.info account instantly?
Not a big deal. Feel free to do so.
Sorry I don't know what that means... 
If you take a look at http://brainwallet.org/#verify for example, you enter a message and a signature and the result is a Bitcoin address. I'm looking for something similar and $rpc->verifymessage($address, $signature, $message); is the closest thing I've found, though it doesn't work as mentioned above.
I still don't get the point of that... Can you please give me a real life application?
Am I the only one who logged in to his blockchain.info account instantly?
Not a big deal. Feel free to do so.
Sorry I don't know what that means...
If you take a look at http://brainwallet.org/#verify for example, you enter a message and a signature and the result is a Bitcoin address. I'm looking for something similar and $rpc->verifymessage($address, $signature, $message); is the closest thing I've found, though it doesn't work as mentioned above.
Am I the only one who logged in to his blockchain.info account instantly?
Well I have never used the rpc api, but in coinbase, instead of validating the address, I just try to send a payment, and catch the exception (if any)...
Hi nahtnam,
thanks for the answer! Actually I don't want to validate an address, but I'd like to know which address belongs to "known message" + "input signature".
Sorry I don't know what that means...
Well I have never used the rpc api, but in coinbase, instead of validating the address, I just try to send a payment, and catch the exception (if any)...
Hi nahtnam,
thanks for the answer! Actually I don't want to validate an address, but I'd like to know which address belongs to "known message" + "input signature".
Well I have never used the rpc api, but in coinbase, instead of validating the address, I just try to send a payment, and catch the exception (if any)...
Hi all,
I'm trying to find out how to verify a message and I'm using the jsonRPCClient combined with blockchain.info. While other stuff works like a charm, I'm unable to verify a message and the result is always false. This is the code I'm using:
Any hint is appreciated as well as other solutions. Thanks!
P.S.: it's a dummy account, don't even try..
Edit: actually it would be very sufficient, if I'd have a function like verify($message, $signature) -> address.
I'm trying to find out how to verify a message and I'm using the jsonRPCClient combined with blockchain.info. While other stuff works like a charm, I'm unable to verify a message and the result is always false. This is the code I'm using:
Code:
require_once 'jsonRPCClient.php';
$user = "76213f46-6558-4c7f-bcf4-25f6f75e5dd4";
$pass = "testtest23";
$host = "blockchain.info";
$port = 80;
$rpc = new jsonRPCClient("http://{$user}:{$pass}@{$host}:{$port}");
$address = "14cj3L2PAKd8WTN3zPhwX9qawTEnayqwar";
$signature = "GyQDxL58MYXz6t3JKRWPVVq26wx5BjFIQ/CtLEaGbvZ+GId0c6etp8DbFCPCcttNISBnVAokVnRtmvPHLATmPhg=";
$message = "test";
$addrvalid = $rpc->validateaddress($address);
$msgsigned = $rpc->verifymessage($address, $signature, $message);
echo ""
.var_dump($addrvalid).""
.var_dump($msgsigned)."";
?>Any hint is appreciated as well as other solutions. Thanks!
P.S.: it's a dummy account, don't even try..
Edit: actually it would be very sufficient, if I'd have a function like verify($message, $signature) -> address.
Jump to: