Discussion:
Sign / Verify message against SegWit P2SH and Bech32 addresses
(too old to reply)
Damian Williamson via bitcoin-dev
2018-03-13 13:26:17 UTC
Permalink
Raw Message
Current implementation of sign/verify is broken for SegWit and Bech32 addresses.


Please add the following reference to the use cases:

---

# Does blockchain.info show balances for addresses that are in cold storage?

Yes.
... is there any way for me in another country to confirm that what my colleague views is actually accurate and correct?
Since they use Bitcoin Core, yes, there is a way to verify that they hold the addresses that they claim. Have them sign a message with each address that they claim to have the holdings on, using Bitcoin Core you can verify that they indeed have those addresses and check them on blockchain.info to find the current balance.

Only works in Bitcoin Core currently for addresses starting with a '1' (not Segwit addresses starting with a '3' and not Bech32 addresses starting with 'bc1' - the developers are aware of this and I will remind them shortly.)

In Bitcoin Core, your transaction opposite goes to File -> Sign Message and signs any message with one of the holding addresses. Copy the message, address and signature and send to you via probably plain text format email is the easiest. Repeat for each additional address holding the balance of BTC that they are offering to sell.

In Bitcoin Core, you go to File -> Verify Message and key the details provided EXACTLY - spaces, new lines and all characters must be an EXACT match. Click on verify and voilà.

I prefer the form of signed message as follows (don't key the top and bottom bar rows for the message, just the contents and you can check this yourself, the bottom row is the signature). I like to key the address used for verifying as a part of the message but that is not strictly necessary:

------------------------------
Something that I want to sign.

bitcoin:1PMUf9aaQ41M4bgVbCAPVwAeuKvj8CwxJg
------------------------------
Signture:
IGaXlQNRHHM6ferJ+Ocr3cN9dRJhIWxo+n9PGwgg1uPdOLVYIeCuaccEzDygVgYPJMXqmQeSaLaZVoG6FMHPJkg=

This contains all of the compact information necessary to verify the message.

Example of verified message:
![verified message][1]

[1]: Loading Image...

---

https://bitcoin.stackexchange.com/a/72281/75001



Solution seems to be straight-forward, as noted in Issue# [10542](https://github.com/bitcoin/bitcoin/issues/10542#issuecomment-306584383)
And it would in theory be possible to make signmessage work for a P2SH-P2WPKH address, in cases where the verifier knows the embedded pubkeyhash already. But in that case you don't need "sign with a witness address" functionality - *you could just sign with the embedded key (see validateaddress), and have the verifier check that*.
The point is to not further the misunderstanding that signmessage signs with an address - it never did. It signs with a keyhash, and verify with a keyhash.
This is an important feature, there are few other ways to verify that an address is held. Note that the linked issue is not currently labeld GUI and probably could be - unless a new issue should also be opened?


Regards,

Damian Williamson

Loading...