Topic: Trezor Suite added Sign & Verify (Read 132 times)

It's worth noting that Trezor has quickly released an update ^[21.10.2] to fix the following bugs:
^{- Differences}

• [PSA] ETH bump fee error in Trezor Suite
  
  • fix: fix eth bump fee runtime err
• [PSA] Trezor Suite error on Android
  
  • fix: webusb on android

This might be it. We can already sign messages with legacy addresses. Developers probably think that's enough. Why bother and spend time creating an algorithm and contacting everyone to get aboard with it when there is already a standard with legacy addresses. It's not that I agree with it, but I understand if they don't consider it a feature that's really needed.

I just did a test with Electrum. I created a wallet using the import key feature:

That is to say, I used the same private key to generate a Legacy, Nested and Native Segwit address:



I then created a test message using each "address"... they all created identical signatures:



Which isn't too surprising, I guess... given that the same private key should create the same public key... and it's just the different encoding of that public key that results in a different address. So, theoretically, a wallet would just need to check the specific encoding of the public key provided in the signature that matches the address type provided to confirm if the message is valid. ie. if the message uses an address starting with a "1", then use the P2PKH encoding of the public key, "3" = use the P2SH-P2WPKH encoding, "bc1" = use the P2WPKH encoding. Which is more or less what Electrum does. (It actually checks against each address type.)


So, I don't really understand why this is such an issue still? Is it because P2SH addresses may not even have a private key (ie. pure script) or may have several (ie. multisig)? Is it just that no-one really cares because they're busy implementing other things?

In addition to what @Pmalek and @HCP posted, I said the above line ^{["to a large extent"]} because of the fact that the feature in question, is only capable of doing those tasks partially "unless it meets all of the above conditions"!

Thank you for providing that information... It's quite interesting and weird that there's no consensus yet!

Obviously you need to own or make your own DIY Trezor device if you want to use this feature now with Trezor Suite, but I said that other wallets will fork this option and enable it in future.
I am not sure how complicated this would be, but post posting a suggestion on their github page may be a good idea.
Let's remember that Trezor devs also created BIP39 mnemonic code that almost all other wallets support now.

I found another relatively old discussion on GitHub about the issues of message signing with Segwit addresses. The message was posted back in 2017, it doesn't clarify the situation any better for me, but @SFR10 maybe it answers your question.

Source:https://github.com/bitcoin/bitcoin/issues/10542#issuecomment-306576290

Except that you can't actually get into the main dashboard of the suite (or the wallet.trezor.io website) without a Trezor connected. While there is an option, if you have a Trezor, to have the suite "remember device" etc which will allow you to open it up and work like a watching-only wallet without your device connected, you still need your device connected at least once. AFAIK.


With a pixel size of 8... I doubt anyone could reverse engineer it, good luck to anyone that wants to try... because even if they do, they're only going to get about 12-16 characters of the address anyway... the suite only shows the first half of the address and slowly fades it out from about the 3rd character onwards.

The response I have have heard on Bitcointalk is always that there is no common standard for signing messages from segwit addresses. Common meaning that it's not used and implemented the same way by all wallets and service providers.

Trezor confirms that in this reddit post I found:
Anyone can download Trezor Suite, but you can't open and run the software without a connected Trezor hardware wallet. I was curious about it, so I checked myself. It asks you to connect your wallet and there is no way around it. You have additional options to visit the official website or contact the support. This feature is therefore only available for those who own a Trezor wallet.

Why would it defeat the purpose?
I think that anyone can download Trezor Suite to verify message from other address types, and Trezor devs once again showed they are pioneers, so I won't be surprised to see other wallets forking their code and enabling this option soon.
It's the beauty of open source code.

I thought they failed to meet the deadline that they set before, but I was wrong:

• Quote from: SFR10 on September 22, 2021, 09:51:44 AM
  ^{- Looks like the "Sign & verify" feature will be added to the Trezor Suite's upcoming version [based on the label, I think it'll be on "October 13"], so that's another reason to stick to Trezor Suite.}
  

---

It defeats its purpose to a large extent when you can't verify messages that come from those address formats ^{[apart from Legacy]}, on other wallets... Does anybody know why there are incompatibility issues?
^{- Btw, you might want to replace the pixelated part with a solid colored box instead [there's a small chance that someone could undo/reverse it].}

Just had a chance to have a bit of a play with this functionality... It's pretty slick.

It will sign from Legacy, Nested or Native Segwit addresses (for Bitcoin)... and it even gives you the option of signing with one of your used addresses or the next "fresh" address (and displays the index number of the address being used).



Testing Notes:

- Bitcoin Core only supports verifying using Legacy.
- Electrum cannot verify signed messages from Trezor Suite using Nested or Native Segwit addresses, it will only verify Legacy.
- The same goes for Mycelium. Only Legacy works. Nested and Native Segwit fails.
- However Jochen Hoenicke's (the guy who runs the mempool stats site) BrainwalletX mod that supports P2SH here: https://jhoenicke.github.io/brainwallet.github.io/#verify is able to verify signed messages using a Nested Segwit address in addition to Legacy. (Native Segwit still fails).


And in "reverse":
- Bitcoin Core only supports signing using Legacy addresses
- Trezor Suite cannot verify messages from Electrum Nested or Native Segwit... only Legacy.
- Mycelium doesn't offer the ability to sign as far as I can tell, only verify.
- The JoHoe brainwalletX only allows to sign from Legacy (and this verifies OK in Trezor Suite as you would expect).


TLDR: If the party you need to verify your message doesn't own a Trezor... probably best to stick to signing messages using a Legacy address for now.

With latest update version 21.10.1 Trezor Suite now added option to Sign and Verify message in similar way like we can do it with Electrum wallet to prove ownership of a specific address.
Navigating to Accounts tab and clicking to 3 dots is opening Sign & Verify popup, and if the signature is correct, you will receive notification message confirming that.
Opening Trezor Suite will show you the update button or you can update manually from official github or website:



https://github.com/trezor/trezor-suite/releases/tag/v21.10.1