📅 Original date posted:2012-04-02
📝 Original message:I would like to propose two things that are closely related. I will
start making BIPS if there's positive feedback. Sorry it's so long, but
I felt both should be in the same email...
_*(1) Signature Blocks* -- A more-robust, versatile, message-signing
exchange_
Satoshi client 0.6.0 introduced message signing, but I've been fairly
unimpressed with the implementation. Strictly speaking, it works, but
it's really not intended for "regular users." There is no indication of
what message was signed or what address signed it. Key recovery works
for the computers processing it, but the user has no idea what this
chunk of random data is. They don't even know if the message they
thought they signed is what's in the signature (along the lines of the
copy&paste virus, the message could be switched out without the user
noticing).
I have implemented Signature Blocks
<https://bitcointalk.org/index.php?topic=56424.msg776163#msg776163>; in
Armory (as of v0.55), which is a fully-functional expansion on the
idea. Along the lines of BIP 10, a signature block is a human-readable
chunk of data that immediately identifies the address and the message
that are being signed. It is easily copy&pasted via email or text
files, and is fairly compact for visual identification. Click the link
above to see an example signature block and an Armory screenshot of the
UI (which needs improvement, but still usable). The verification
process will include:
-- Check that the public key (included or recovered) matches the address
field.
-- Verify that the signature matches the included message for this
public key
-- The message is properly formatted with a standardized character set
and escape/replacement scheme for things like newlines or double-quotes.
gmaxwell already pointed out that key recovery makes the "Public Key"
field pointless. Okay fine -- I just don't have key recovery
implemented yet in Armory, and when I do I can ditch that field (or
simply make it optional). The point is to create a versatile,
human-readable standardized form, much like the BIP 0010
signature-collection scheme <https://en.bitcoin.it/wiki/BIP_0010>;.
_*(2) Sign-Message URI scheme***-- Request signed messages from users
using URIs_
I had the idea that for certain services, the first funding address
could be used to identify the owner of an account, and all account
maintenance (such as cashouts) be done through signed messages with this
address. For instance, the user would need both a login password *and*
a signed message in order to make a withdrawal or purchase:
("Please withdraw 12.3 BTC from acct 1828349132 to address
1Hfr3jk2093f")_signed_by_A
This gives the service the ability to use two separate factors to
authenticate the request (username&password *and* access to unencrypted
wallet). This /could/ work with manual signature blocks alone... but
it's too many steps for regular users. However, I think it's workable
if we expand bitcoin URIs to include "Signature Requests".
The URI scheme would add a few parameters to the scheme, and would have
to have further replacement rules to make sure that messages are handled
properly. The general CONOPs would be (*Con*cept of *Op*eration*s*):
-- User navigates to "Withdraw funds" on webpage
-- Webpage has you fill in the details: from-account, to-address,
withdrawal amount
-- Webpage produces a clickable URI link that loads all the
information into your client, including addr-reqd-for-sig
-- Client asks for confirmation and passphrase (if necessary) then
produces a signature (and sig block if necessary)
-- URI may include reply-to field that tells it where to send the
siganture when it's ready
So the extra tags that would be needed would probably be:
"*requestSig*=True":
Flag to identify that this is a signing request URI
"*sigNeeded*=1Qjf3392k31h"
The address that needs to sign the message
"*message*=Please%20withdraw%2012.3%20BTC%20to%20addr%201Hfr3jk2093f"
Some encoding of the message that can be parsed the
same way on all systems
"*replyurl*=http://requestor.com/sig_replies.asp?";
(Optional) After signing, application will submit the
signature to the replyurl
The reply url could be simply an http URL which will use bitcoin URI
syntax, with the fields above copied. Therefore, to complete the above
request, the application handling the request will simply send an HTTP
request to:
http://requestor.com/sig_replies.asp?*sigNeeded*=1Qjf3392k31h&*message*=...&*signature*=1fb1893ac193...&*replySig*=True
Any thoughts? (I have no doubts that there are :) )
-Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20120402/8c315b70/attachment.html>;
Alan Reiner [ARCHIVE] /
npub1sm…mnq7h
2023-06-07 10:02:29
in reply to nevent1q…veq2
Author Public Key
npub1sm6zhjmk5scuz294jmpkw99wwwjzetjgwp4fu4gn6utqgdz87hkqamnq7hSeen on
wss://relay.noswhere.comPublished at
2023-06-07 10:02:29Event JSON
{
"id": "62d75b0498bde891cca41e3b81f299fdd6958233e105620686cd152d1751a2fa",
"pubkey": "86f42bcb76a431c128b596c36714ae73a42cae48706a9e5513d716043447f5ec",
"created_at": 1686132149,
"kind": 1,
"tags": [
[
"e",
"5bb4d423408bf0b009521e7b4ef6cfba42eb5b63ea5422c4d57e282127cd740e",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2012-04-02\n📝 Original message:I would like to propose two things that are closely related. I will \nstart making BIPS if there's positive feedback. Sorry it's so long, but \nI felt both should be in the same email...\n\n\n_*(1) Signature Blocks* -- A more-robust, versatile, message-signing \nexchange_\n\nSatoshi client 0.6.0 introduced message signing, but I've been fairly \nunimpressed with the implementation. Strictly speaking, it works, but \nit's really not intended for \"regular users.\" There is no indication of \nwhat message was signed or what address signed it. Key recovery works \nfor the computers processing it, but the user has no idea what this \nchunk of random data is. They don't even know if the message they \nthought they signed is what's in the signature (along the lines of the \ncopy\u0026paste virus, the message could be switched out without the user \nnoticing).\n\nI have implemented Signature Blocks \n\u003chttps://bitcointalk.org/index.php?topic=56424.msg776163#msg776163\u003e in \nArmory (as of v0.55), which is a fully-functional expansion on the \nidea. Along the lines of BIP 10, a signature block is a human-readable \nchunk of data that immediately identifies the address and the message \nthat are being signed. It is easily copy\u0026pasted via email or text \nfiles, and is fairly compact for visual identification. Click the link \nabove to see an example signature block and an Armory screenshot of the \nUI (which needs improvement, but still usable). The verification \nprocess will include:\n\n-- Check that the public key (included or recovered) matches the address \nfield.\n-- Verify that the signature matches the included message for this \npublic key\n-- The message is properly formatted with a standardized character set \nand escape/replacement scheme for things like newlines or double-quotes.\n\ngmaxwell already pointed out that key recovery makes the \"Public Key\" \nfield pointless. Okay fine -- I just don't have key recovery \nimplemented yet in Armory, and when I do I can ditch that field (or \nsimply make it optional). The point is to create a versatile, \nhuman-readable standardized form, much like the BIP 0010 \nsignature-collection scheme \u003chttps://en.bitcoin.it/wiki/BIP_0010\u003e.\n\n\n_*(2) Sign-Message URI scheme***-- Request signed messages from users \nusing URIs_\n\nI had the idea that for certain services, the first funding address \ncould be used to identify the owner of an account, and all account \nmaintenance (such as cashouts) be done through signed messages with this \naddress. For instance, the user would need both a login password *and* \na signed message in order to make a withdrawal or purchase:\n\n (\"Please withdraw 12.3 BTC from acct 1828349132 to address \n1Hfr3jk2093f\")_signed_by_A\n\nThis gives the service the ability to use two separate factors to \nauthenticate the request (username\u0026password *and* access to unencrypted \nwallet). This /could/ work with manual signature blocks alone... but \nit's too many steps for regular users. However, I think it's workable \nif we expand bitcoin URIs to include \"Signature Requests\".\n\nThe URI scheme would add a few parameters to the scheme, and would have \nto have further replacement rules to make sure that messages are handled \nproperly. The general CONOPs would be (*Con*cept of *Op*eration*s*):\n\n -- User navigates to \"Withdraw funds\" on webpage\n -- Webpage has you fill in the details: from-account, to-address, \nwithdrawal amount\n -- Webpage produces a clickable URI link that loads all the \ninformation into your client, including addr-reqd-for-sig\n -- Client asks for confirmation and passphrase (if necessary) then \nproduces a signature (and sig block if necessary)\n -- URI may include reply-to field that tells it where to send the \nsiganture when it's ready\n\nSo the extra tags that would be needed would probably be:\n\n \"*requestSig*=True\":\n Flag to identify that this is a signing request URI\n \"*sigNeeded*=1Qjf3392k31h\"\n The address that needs to sign the message\n \n\"*message*=Please%20withdraw%2012.3%20BTC%20to%20addr%201Hfr3jk2093f\"\n Some encoding of the message that can be parsed the \nsame way on all systems\n \"*replyurl*=http://requestor.com/sig_replies.asp?\"\n (Optional) After signing, application will submit the \nsignature to the replyurl\n\nThe reply url could be simply an http URL which will use bitcoin URI \nsyntax, with the fields above copied. Therefore, to complete the above \nrequest, the application handling the request will simply send an HTTP \nrequest to:\n\n \nhttp://requestor.com/sig_replies.asp?*sigNeeded*=1Qjf3392k31h\u0026*message*=...\u0026*signature*=1fb1893ac193...\u0026*replySig*=True\n\nAny thoughts? (I have no doubts that there are :) )\n\n-Alan\n\n\n\n\n\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20120402/8c315b70/attachment.html\u003e",
"sig": "5d8b8ae51dd176ac7267ab7a63eececb2b9935feaa72673197b9e58a244883d34062b386726ebbee07baab81885d9c1edaa86076bdf3a977f3590e082ad08f99"
}