Author

Topic: Sign and verify easily with BitcoinMessageTools (Read 383 times)

hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
No problem, I understand!

BTW as it's python based: a fork with CLI for use in Linux (Terminal) would be wonderful... Roll Eyes
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
Is it possible (in the near future) to provide a single HTML file (for offline usage) as a Github-release (the way Ian Coleman does with his BIP39 project)?
Backend is written in Python and thus cannot be easily embedded into an HTML page.

Quote
Providing that option users might avoid those annoying dependencies installation procedures...
I agree that dependency installation requirement is not user-friendly, especially for not tech-savvy people. But you can avoid installing everything manually by running this website as a container in Docker. Installation instructions can be found here: https://docs.docker.com/desktop/

Quote
BTW your BTC msg tools is a great project: BitcoinMessage.Tools

Congratulations for reaching those results so far...

And keep up the effort!
Thanks!
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
Is it possible (in the near future) to provide a single HTML file (for offline usage) as a Github-release (the way Ian Coleman does with his BIP39 project)?

Providing that option users might avoid those annoying dependencies installation procedures...

Sources:

https://iancoleman.io/bip39/

https://github.com/iancoleman/bip39/releases/latest/

BTW your BTC msg tools is a great project: BitcoinMessage.Tools

Congratulations for reaching those results so far...

And keep up the effort!
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
Thank you, I will run it locally, and I may modify the code, re-translate it into my local language, so I hope you don't mind.
Since this software is shared under MIT license, you can freely "use, copy, modify, merge publish, distribute, sublicense and sell copies" of it. You don't have to ask for additional permissions from my side.

Quote
I trust your code is clean Grin, but adding a warning (and a disclaimer if any problem occurs) would be good as many newbies may try signing using private keys that have balance, and is there any guarantee that the private key will not be recorded?
All conversions and manipulations with private keys are happening server-side, so I think it is impossible for users to verify that the server is running the same code they see in a public repository. Everyone is free to download the source, alter it in such a way that will allow for the collecting of sensitive information, and deploy a malicious copy on a public server. Even worse, if you have no evil intentions and you run a clean code, 1) you still can't prove it and 2) users may still lose their funds because sharing private keys on the Internet is dangerous.

I will add the following warning on sign page:

the online version of the message signing tool is intended for testing purposes only. Please do not share your real private keys with anyone because it may lead to loss of funds. If you still want to use this website with real private keys, you should run an offline copy of the website locally on your machine. All necessary instructions can be found here:
legendary
Activity: 1596
Merit: 1288
It doesn't work offline because I am using API from other module written in Python, and I can't use directly with HTML pages. But you have other options to run it offline:
Thank you, I will run it locally, and I may modify the code, re-translate it into my local language, so I hope you don't mind.

I trust your code is clean Grin, but adding a warning (and a disclaimer if any problem occurs) would be good as many newbies may try signing using private keys that have balance, and is there any guarantee that the private key will not be recorded?
legendary
Activity: 1848
Merit: 1982
Payment Gateway Allows Recurring Payments
Thank you for this beautiful tool to get a signed bitcoin message easily, the site is very easy and does not require any explanation or education, so this tool will be useful to many users who are not familiar with dealing with the signature tools in the Electrium wallet, or they do not want to download the wallet.

The main problem as the members before me pointed out is putting the private key on a website, but I don't think anyone would risk putting the private key of a wallet full of bitcoins on a website, this tool is mostly good for empty or rarely used wallets
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
I have successfully signed a message on your site. After creating a new Bitcoin wallet on the Electrum wallet, I put the private key and the message to be signed, then I pressed (sign message).
Code:
H5Yij4tKIY2KDEf5ze6gbszFmpLyFwVeUhusU1W3OeQ/boUaD3VVNInGB5aN5mj1ACO50dhyb7MoC3WnR3fUbbY=
I succeeded in verifying the signed message after I enabled the Verify using Electrum standard option.
Really a great site and tool, as it saved time for many who do not want to download a wallet to sign or verify a message,

Thank you for your feedback, and I'm glad that you enjoyed using this tool and that your small experiment with signature verification turned out to be succesful. Hopefully, bitcointalk users and other people from bitcoin community will also find this website useful for some of their cryptocurrency-related affairs.

Quote
the trust factor will be for those who want to try this tool and put their private key at the beginning is not enough, you can try to gain the community’s trust by clarifying the full safety of this tool,
I understand what you mean by saying "gain community's trust" but let me clarify some things. Importing a private key to an online resource has never been a right thing to do, especially if it is your own private key associated with an address containing funds. This site is no different from other ones that deal with sensitive bitcoin information. I simply cannot guarantee that your private key won't be intercepted by hackers upon transferring to website, signing process or transferring information back to you. The only thing I can do is open-source everything related to backend and frontend and also offer other solutions, such as offline tools that eliminate trust altogether. Hope you understand all that.

Quote
I see that this is a good achievement compared to the fact that it is your first project that you developed, well-done buddy, and I hope you add some other features and continue the development and good luck to you.
Thank you, mate! Much appreciated.
legendary
Activity: 1890
Merit: 1537
I have successfully signed a message on your site. After creating a new Bitcoin wallet on the Electrum wallet, I put the private key and the message to be signed, then I pressed (sign message).

Code:
H5Yij4tKIY2KDEf5ze6gbszFmpLyFwVeUhusU1W3OeQ/boUaD3VVNInGB5aN5mj1ACO50dhyb7MoC3WnR3fUbbY=

I succeeded in verifying the signed message after I enabled the Verify using Electrum standard option.



Really a great site and tool, as it saved time for many who do not want to download a wallet to sign or verify a message, the trust factor will be for those who want to try this tool and put their private key at the beginning is not enough, you can try to gain the community’s trust by clarifying the full safety of this tool, I see that this is a good achievement compared to the fact that it is your first project that you developed, well-done buddy, and I hope you add some other features and continue the development and good luck to you.
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
Is Bitcoin Message Tool compatible with other wallets for verification of messages?
I only tested it with Electrum, Srarrow Wallet, Mycelium Wallet and Trezor. However, it should work with almost all wallets supporting standard signing/verification with Legacy addresses.

I tried the signing but it doesn't work on offline mode this is good if it works on offline mode and you know private keys are sensitive data and most people don't want to share it on online sites.
It doesn't work offline because I am using API from other module written in Python, and I can't use directly with HTML pages. But you have other options to run it offline:

1) Use a command line tool instead, which is more suitable for offline interactions.

2) If you have Docker installed:

Code:
git clone https://github.com/shadowy-pycoder/BitcoinMessageTools.git

Code:
cd BitcoinMessageTools

Code:
docker compose -f docker-compose.dev.yml up -d

EDIT:

3) If you don't have Docker installed:

Code:
git clone https://github.com/shadowy-pycoder/BitcoinMessageTools.git

Code:
cd BitcoinMessageTools/web

Code:
python3.10 -m venv env

Code:
source env/bin/activate

Code:
pip install -r requirements.txt

Code:
export SECRET_KEY=

Code:
python run.py

Go to localhost:5000 in your browser and your shoud see a website running offline.

Thanks, didn't read the whole thread just go to directly to site :my bad:
Unfortunately, this was written on python, so i can't implement it on my site.
As far as I know, JS and Python have very similar syntax, you can try to convert it manually or using any online tools like https://extendsclass.com/python-to-javascript.html




hero member
Activity: 1554
Merit: 880
Notify wallet transaction @txnNotifierBot
This part "5) Both CLI and web tools are fully open-source, you can find relevant code here and here"
Thanks, didn't read the whole thread just go to directly to site :my bad:
Unfortunately, this was written on python, so i can't implement it on my site.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
I tried the signing but it doesn't work on offline mode this is good if it works on offline mode and you know private keys are sensitive data and most people don't want to share it on online sites.


Can you make the project open-source? If ever?

Have you read the whole post above?

This part "5) Both CLI and web tools are fully open-source, you can find relevant code here and here"
hero member
Activity: 1554
Merit: 880
Notify wallet transaction @txnNotifierBot
Can you make the project open source? If ever? I have made a website page for this too on my newly made website but i can't find any bitcoinjs library to make the signing message works without running nodejs that can verify message both segwit and legacy address. So currently its not working lol.



Gotcha, found it.
legendary
Activity: 2212
Merit: 7064
This is looking very good and I think it can be useful for bitcoin community, but I have few suggestions.
I think you should add warning that anyone using this website should be very careful and know all the risks before importing private keys, or maybe you could enable some workaround for doing this offline with added encryption password.

Is Bitcoin Message Tool compatible with other wallets for verification of messages?

PS
I will test it tomorrow to see how it works.
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
Recently, as you may have noticed, I presented a CLI tool called Bitcoin Message Tool aimed at helping bitcoin users to sign/verify messsages and bitcoin signatures, without them having to install a specific wallet. Despite the fact that terminal or command line is the most effective and secure way to do things in your computer, unfortunately not all people consider it a convinient approach to interacting with applications. That made me think that something like web application accesible from all over the world would be a better solution for this type of functionality.

Let me introduce https://bitcoinmessage.tools/

I tried to make it as user-friendly as possible while preserving some powerful aspects of command line interface.

What it has:

1) Support for signing and verification from different types of addresses (Legacy, Nested SegWit, SegWit)
2) Support for multiple standards of signature verification, namely you can create "classic" signatures supported by Electrum and more modern type of signatures supported by Sparrow Wallet and Trezor.
3) With this web tool you can create signatures both deterministically and randomly (Sign using RFC6979 standard option)
4) Detailed error messages (even too technical for some non-standard situations) that will explain what is wrong with the inserted information;
5) Both CLI and web tools are fully open-source, you can find relevant code here and here
6) Website has two themes: dark theme and light theme. Which theme you will see depends of your system preference. At least that is idea. See below:



It is on mobile, but it also should look decent on desktop (didn't test on all resolutions).

How to use it.

Well, it is pretty straightforward. You insert an information and you get a result like the following:

You see a green notification if everything is okay.



Otherwise, you see a red notification telling there is something wrong with the information you put in.



This is my first serious project developing which I did many things for the first time: I never used web framework before, I never used HTML and CSS before, I never made my own server up and running, and i never had my own website before. Hope you'll enjoy it.

Please try it out and let me know what you think and how it feels.

Important note: you must not use your real private keys while testing this application.

Jump to: