• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Signing and Verifying Messages

T

Tim Locke

New member
Where can I find out how to use these functions in the Dash Wallet in desktop and web apps? I've been searching and can't find any documentation on how to use them.

I noticed faucetbox has an option to submit a signed message when you set your payout threshold. You copy the message they provide, go to your wallet and choose File > Sign Message, paste it, click the "Sign Message" button, and copy the resulting signature and paste it into faucetbox.

Presumably faucetbox is using the Receiving Address to verify the signature. I understand that the Receiving Address is a public key, and that in public/private key cryptography, a public key can be used to verify a signed message. Is this what is happening here? How exactly is this done? Is there any documentation about it?

Thank you.
 
I'm sure there's some better documentation out there, but here's a primer.

The type of keys used for signing and addresses come in pairs. A public and a private key.

Signing a message requires a private key.
Verifying a message requires a public key. (In the case of cryptocurrencies, the public key hash (address).)

So, to create something verifiable by others (signed text), you need the text and the private key.
These are used to generate a signature.
You do this in dash by doing File->Sign Message, entering the text to be signed and the address that will be used for verification.
(The wallet then looks up the private key associated with that address and uses it for the signing.)

For instance, I've signed the message 'Hi Tim' (no quotes) with the private key behind the address XmoocowYfrPKUR6p6M5aJZdVntQe71irCX
and created the signature HCwnWF6Wh/acmUsT5J2s6plk16AaWEACkAoCxBjqp4RHxX3N8dCLYY7XIdk8qDvUWsYGAlFMGwoeJP7mhQVid/g=

You can paste those values into any wallet and verify that I've signed that message.

That's the overview.

--

What's actually happening is:
  • the message text is prepended with the string "DarkCoin Signed Message:\n"
  • above is then hashed using sha256
  • that hash then seeds a RFC6979_HMAC_SHA256 prng to create a deterministic nonce
  • that hash then is signed using secp256k1_ecdsa_sign_compact (which uses that nonce)
  • some bits are added to the signature to identify they signature type and if the key was compressed or not.
  • the signature is then base64 encoded
(I may have gotten subtle details wrong above, did a quick read through the source and C++ is not my forte)

more reading:

HTH!
 
moocowmoo said:
I'm sure there's some better documentation out there, but here's a primer.

The type of keys used for signing and addresses come in pairs. A public and a private key.

Signing a message requires a private key.
Verifying a message requires a public key. (In the case of cryptocurrencies, the public key hash (address).)

So, to create something verifiable by others (signed text), you need the text and the private key.
These are used to generate a signature.
You do this in dash by doing File->Sign Message, entering the text to be signed and the address that will be used for verification.
(The wallet then looks up the private key associated with that address and uses it for the signing.)

For instance, I've signed the message 'Hi Tim' (no quotes) with the private key behind the address XmoocowYfrPKUR6p6M5aJZdVntQe71irCX
and created the signature HCwnWF6Wh/acmUsT5J2s6plk16AaWEACkAoCxBjqp4RHxX3N8dCLYY7XIdk8qDvUWsYGAlFMGwoeJP7mhQVid/g=

You can paste those values into any wallet and verify that I've signed that message.

That's the overview.

--

What's actually happening is:
  • the message text is prepended with the string "DarkCoin Signed Message:\n"
  • above is then hashed using sha256
  • that hash then seeds a RFC6979_HMAC_SHA256 prng to create a deterministic nonce
  • that hash then is signed using secp256k1_ecdsa_sign_compact (which uses that nonce)
  • some bits are added to the signature to identify they signature type and if the key was compressed or not.
  • the signature is then base64 encoded
(I may have gotten subtle details wrong above, did a quick read through the source and C++ is not my forte)

more reading:

HTH!
Click to expand...
Does it mean you can send a message along with a transaction? Where to find such message from the transaction?
 
You must log in or register to reply here.
Back
Top