Verifying a bitcoin address signed message.

[Bwen]

Example of the 3 components that you get after singing a message with a bitcoin client: http://coinig.com/?adr=18neTpQ5MWnXg4n4rpoK5TgxXjEVcg2MYR&msg=rmh%40unmitigatedrisk.com+-+my+voice+is+my+passphrase+authenticate+me&sig=G0d6BnQem1gT4nd9esfsEyn1k%2FGfYAxDkNJmkNvmz8wCOI2Ncw9DvIcyP7OJcEvWbUHQNIBFK3V8wYdnhEFhYHI%3D

This exception is thrown: https://github.com/ionux/phactor/blob/master/src/Signature.php#L350

Because the signature is not the right format according to the Verify method.

It would be nice if it could detect the signature and convert it automatically to the proper format to be able to verify it. Or multiple functions supporting different signature format...

Thanks again!

[starsoccer]

agreed, its not to hard to do, just really a matter of some code to figure out the bitcoin address, the message, and the signature. The biggest issue is if the message has a bitcoin address in it.

[ionux]

Thanks again for this issue report! I will write the needed conversion functions and patch the library to support these various formats.

[starsoccer]

cool, any word on multisig?

[ionux]

Yep, I'll be pushing that update soon including mnemonic support.

[starsoccer]

cool cool, I am very eager for it. Any ETA?

Also do you have a donation address in the readme for tips ;)

[ionux]

Glad to see the excitement! It will be Real Soon Now(tm).

Thanks for the tip offer, too! I'll have to check because I'm honestly not sure what my employer's stance is on tipping. I tell you what though - just had an idea that might be fun. If you'd like to donate some bitcoin, check out some seriously worthy causes here: http://bitgivefoundation.org/charitable-campaigns/. Come back here and post the donation info (whatever the amount!) and I'll name the next major Phactor release after you: Phactor 1.1.0-starsoccer. :)

Hmmm... maybe I'll a bounty program but for donations to BitGive in exchange for upcoming features after this next release, of course... You've given me some ideas, @starsoccer!

[starsoccer]

oh I did not realize this was being done as a job. In any case I do not mind donating for the great work you are doing.

Excuse me for trying to pry more info, but will the multisig support raw transaction creation as well as raw transaction signing? Those are the main features I am interested in. I already have a light php script that creates multisignature addresses in all php that I found a while back.

I would really be interested in talking further about your ideas and my project over IRC or skype if your free/bored

[ionux]

Well, it's kind of both. Personally, I seriously love math! I wrote all of the math code for our new PHP library to support BitPay's new cryptographically-secure API and realized later on that we needed to move to a more modular approach from a maintainability perspective.

A side project of mine is an arbitrary precision math class where I've been tinkering with various algorithms to see how they work, how fast they are, which ones are better at X, Y or Z, etc... One day I was thinking that, if we needed a modular EC math library for work, maybe I could start something on my own and then use it at work if it meets our needs. So this project was kind of born out of my love for math and pure, single-purpose, maintainable code. Not saying it meets any of those standards but it's a work in progress... Lol :)

Speaking of, I'd love to see your code sometime and maybe even use some of it here, if that's possible. Feel free to submit any issues/PR's/tips/tricks/hints any time because it sounds like you have some good ideas and a solid understanding of bitcoin transactions. Shoot me your contact info if you want and let's set up a time to talk: rich@richmorgan.me. I mainly use Google Hangouts but IRC works too. Very interested in hearing about your project and ideas!

[starsoccer]

Haha, very nice.

Sure I dont mind sharing some code, I was trying to find the original code I used as I have modified it quite a bit to fit my personal needs, but basically it will create a multisig address from the keys input and the number of required keys and give me a multisig address and redeemscript in all php using the ecc-lib library

[ionux]

Hey @Bwen and @starsoccer - just published a maintenance release v1.0.5. It adds a lot of fixes and some new functionality but it's mainly a preparation release for 2.0.0 where the good stuff you guys are looking for is being added! There were just a ton of commits since 1.0.4 so I thought it would be good to release this in the interim. The next version will be coming in the next few days! Take a look at this release and let me know if you guys experience any bugs: https://github.com/ionux/phactor/releases/tag/v1.0.5

[Bwen]

any ETA on the message signing ? Is it gonna be included in the 2.0.0 ? Aka: in the next few days.

[ionux]

Yep, in the next few days for sure!

[starsoccer]

@Bwen mind me asking what your site/project is?

@ionux cool glad to see more updates. When you start to get really adventurous, you could make 3.0.0 include support for mastercoin(omni) and counterparty support

Edit: wow beat me to a comment by 10 seconds

[Bwen]

@starsoccer nothing concrete for now.

[Bwen]

so... how much is a few days exactly? :P

[starsoccer]

lol, seems like project is dead

[ionux]

Lol sorry guys! I'm no longer at BitPay but this project is not dead. Just have been busy with my new employer and other things that have been bumped to the top of the stack.

[Bwen]

You were saying that the signature in my example was base64 and not hex. Is there a quick conversion I could do?

$binary = base64_decode(substr($hash, 5));
$hex = bin2hex($binary);

Didnt seem to work... Still get the length exception...

[ionux]

Yeah, the issue is the format itself which doesn't follow the Distinguished Encoding Rules. There are three bitcoin-related formats and then there's the ASN.1 DER encoding format (which is what OpenSSL and other crypto libraries use for encoding signatures, per the spec). I've implemented the DER encoding here and have validated it both (a) mathematically and, (b) against OpenSSL to ensure Phactor is interoperable.

The format that's given in your original link seems to be a "Version 0 (Bitcoin compatible)" signature format which is the base64 encoding of the leading byte plus the r and s components of the sig. It's also in binary, so to work around this you'll have to do two things: decode the binary base64-encoded data and then convert the binary data to hex which should give you a string of 130 hex characters.

The first byte, according to the "Version 0" signature spec should be a value between 27 (0x1b) and 34 (0x22). The next 32 bytes should be the 'r' component and the following 32 bytes should be the 's' component. Keep in mind that, while you're working with this decoded data as a string, a hex byte will be two characters - not one. I.e. 130 character hex string has 2 characters for the leading byte, 64 characters for each of the 32-byte signature components.

Once you have the two components, it's just a matter of plugging them back into the math that verifies a point since a signature is basically a point on the curve. When I get time, I'll add that code myself but this should give you a head start! :)

[ionux]

Here's the breakdown of the signature provided in your first link, btw:

Original data: G0d6BnQem1gT4nd9esfsEyn1k/GfYAxDkNJmkNvmz8wCOI2Ncw9DvIcyP7OJcEvWbUHQNIBFK3V8wYdnhEFhYHI=

Hex is:        1b477a06741e9b5813e2777d7ac7ec1329f593f19f600c4390d26690dbe6cfcc02388d8d730f43bc87323fb389704bd66d41d03480452b757cc187678441616072
Length is:     130

First byte:    0x1b

R-coordinate:  0x477a06741e9b5813e2777d7ac7ec1329f593f19f600c4390d26690dbe6cfcc02
S-coordinate:  0x388d8d730f43bc87323fb389704bd66d41d03480452b757cc187678441616072

[ionux]

Hey guys, it's been a while since I've worked on this but just wanted to check in and say that I'm still alive and so is the project. Life happens sometimes and can get in the way of other things, right? 😄 This enhancement will happen sooner rather than later hopefully. Since I've not looked at this issue lately though, I'll have to get back up to speed on where I was previously and that may take a bit. There's another issue open for obtaining the public from the private key and that one looks easier to knock out so it would be a good starting place to get back into the project code and figure out where I was on everything before the new job and baby.

Thanks for writing and I'll try to get an update for this issue as soon as I can! 👍