📅 Original date posted:2013-04-14
📝 Original message:Currently signmessage/verifymessage only supports messages signed by a
single key. We should extend that to messages signed by n-of-m keys, or
from the users point of view, P2SH multisig addresses.
rpc.cpp:signmessage() returns the output of SignCompact(). That in turn
starts with a header byte marking the signs of the various keys to allow
for key recovery. The header byte can be one of 0x1B, 0x1C, 0x1D or 0x1E
For multisig signmessage signatures this is extended:
<01> <varint n> <varint m> <sig or key> {<sig or key>, ...}
Each signature or key can be one of the following forms:
sig: <1B/1C/1D/1E> <32 byte r> <32 byte s>
compress key: <02/03> <32 byte x>
uncompressed key: <04> <32 byte x> <32 byte y>
Note that we have to provide all pubkeys, even if they aren't used for a
given signature, to allow the P2SH address to be reconstructed.
Decoding/encoding is a bit code-intensive due to the all the cases, but
on the other hand this format keeps the size down to an absolute
minimum. Alternatively I could use length bytes.
The format is backwards compatible in the sense that older versions will
fail safely on new signatures, even ones that have been truncated.
Similarly new signatures are easily distinguished from old, and going
forward if we for some reason need yet another signature format the
leading byte can be incremented.
Signing incomplete signatures on messages can be handled by converting
pubkeys to signatures. Similarly the RPC signmessage command can be
extended with an optional "existing signature" option.
--
'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130414/03af6519/attachment.sig>;
Peter Todd [ARCHIVE] /
npub1m2…a2np2
2023-06-07 11:46:24
in reply to nevent1q…tu5a
Author Public Key
npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2Published at
2023-06-07 11:46:24Event JSON
{
"id": "badde3a5378710cadceb1f48fd12a03a9e5e4664148cdececfaaeb83d21f2b6a",
"pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa",
"created_at": 1686138384,
"kind": 1,
"tags": [
[
"e",
"9720ad9bd7e43696cd6d2555906617a4ea649c8903d6d52e997b38fa8148ba1b",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2013-04-14\n📝 Original message:Currently signmessage/verifymessage only supports messages signed by a\nsingle key. We should extend that to messages signed by n-of-m keys, or\nfrom the users point of view, P2SH multisig addresses.\n\nrpc.cpp:signmessage() returns the output of SignCompact(). That in turn\nstarts with a header byte marking the signs of the various keys to allow\nfor key recovery. The header byte can be one of 0x1B, 0x1C, 0x1D or 0x1E\n\n\nFor multisig signmessage signatures this is extended:\n\n \u003c01\u003e \u003cvarint n\u003e \u003cvarint m\u003e \u003csig or key\u003e {\u003csig or key\u003e, ...}\n\nEach signature or key can be one of the following forms:\n\n sig: \u003c1B/1C/1D/1E\u003e \u003c32 byte r\u003e \u003c32 byte s\u003e\n compress key: \u003c02/03\u003e \u003c32 byte x\u003e\n uncompressed key: \u003c04\u003e \u003c32 byte x\u003e \u003c32 byte y\u003e\n\nNote that we have to provide all pubkeys, even if they aren't used for a\ngiven signature, to allow the P2SH address to be reconstructed.\n\nDecoding/encoding is a bit code-intensive due to the all the cases, but\non the other hand this format keeps the size down to an absolute\nminimum. Alternatively I could use length bytes.\n\nThe format is backwards compatible in the sense that older versions will\nfail safely on new signatures, even ones that have been truncated.\nSimilarly new signatures are easily distinguished from old, and going\nforward if we for some reason need yet another signature format the\nleading byte can be incremented.\n\nSigning incomplete signatures on messages can be handled by converting\npubkeys to signatures. Similarly the RPC signmessage command can be\nextended with an optional \"existing signature\" option.\n\n-- \n'peter'[:-1]@petertodd.org\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 490 bytes\nDesc: Digital signature\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130414/03af6519/attachment.sig\u003e",
"sig": "209a696dad55af9c8ece8a81daf0a9a3412f65b606cad665f6804623986384b4ab54c6c59ed2bfaf6e687f95a4ee18c76adbab17e0ac5b390cf1f51e85fcbd8f"
}