Update: Issues discovered soon after publishing this render Bitcoin address signatures largely untenable for message signing purposes. Take the rest of this post with a lot of salt.
Having introduced the idea of cryptographic signatures and then later shown a sample of a GPG signed messaged, I might as well cover this Bitcoin address signed message business. For the purposes of this post I will be using the Bitcoins address for the brain wallet "correct horse battery staple" 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T as the private key is readily derived and can be used by anyone for practice with this message signing.1 Let us look at an example of a signed message.
One the first line we have the address corresponding to the private key creating the signature on the second we have our message, and the third like we have the signature itself.
To verify this signature we can go to Brainwallet's verification tool and by inputting the message and the signature verify that the message was signed by a particular bitcoin address's corresponding private key. Since the public key is embedded in the signature, specifying the address used is not necessary in spite of the insistence of many Bitcoin clients that you need to even though it will derive addresses from public keys all of the time in the course of handling Bitcoin. Update: apparently Brainwallet.org's verify message tool sucks.
Most worthwhile Bitcoin Clients will include a sign/verify message feature. For signing messages you will want to find and use this rather than Brainwallet.org's tools2 because this handling private keys business is a dangerous one. For verifying signed messages though whatever tool you want to use will generally be fine, with the exception that message signing and verification isn't as equally feature complete in every client. Some still can't consistently sign or verify signatures for messages containing lines breaks as an example. Which clients have which quirks is a fluid area and if I tried to document them all here such a compilation could be useless as soon as next week or next month.
So what do you do once you've figured out how to create signed messages? First, there is or at least ought to be an etiquette for the presentation of signed messages. Unlike GPG which puts everything necessary in a nice text block, with public keys easy enough to find on keyservers or in correspondence from the signing party Bitcoin address signed messages lack a common container. You have to handle three pieces of information seperately: the address to be checked against, the message, and the signature. In the lines below I propose a presentation I find reasonable.
Your message is the next line
this is your signature
Word wrap is fine. It is probably inevitable for the signature and the message. Line breaks in the message are problematic though for the simple reason that too many people suck. Including the address with the message and signature you send is essential, so it can be seen that the message's signature verifies against the address. This address should also be one that you have publicly advertised as belonging to you. Should someone break the promises of a signed statement, even a signed message isn't very useful if no one can demonstrate who it belongs to.3
When should you use an address signed message? The only time it has no substitute is demonstrating you have a certain amount of Bitcoins held at a particular address. Other than that GPG signatures are generally superior in most ways. While you are learning to GPG and create stronger, better contracts address signed messages aren't the worst thing to be using. What brings power also brings danger so there are a few things to keep in mind.
- Make your statements a specific as possible when conducting business. When conducting business specify the date, the terms of the agreement and the parties involved. A message that reads "I will pay you a millions dollars" is a dangerous pile of fail. On the other hand "I, Newbie N00berson, will pay Ernest McNewb 0.15 BTC in exchange for a quick blowie behind the dumpster at Mardi Gras 2014 in New Orleans" is an improved sort of message. The particular agreement being reached dictates the level of detail necessary. Signing a statement that says "I, Newbie N00berson will pay Ernest McNewb the full balance of BTC at this address" without any conditions or even a date specified would be a shitty statement to have signed five years from now when there's a Dodge Viper's worth of BTC sitting on the signing address.
- ECDSA signatures of the sort used by Bitcoin kind of sucks. If the client you use to sign messages feeds the math even a couple numbers that aren't random enough software exists that can solve for your private key and signatures from that address will be as worthless as the "correct horse battery staple" example used in this post.
- The moment you decide to get seriously into bitcoin is the moment you need to learn how to use GPG, the GNU Privacy Guard. Used with long RSA key pairs, it is simply better, at everything other than illustrating your control of an address with a balance.
If you are new to this Bitcoin thing, play with this stuff. If you want to eventually get into Bitcoin business, then playing with address signed messages is a good start. Even go so far as to insist that counterparties to your forum trades use it. Making address signed contracts a minimum expectation4 for even small Bitcoin trades is a step towards making this whole cryptocurrency space more civilized.
- For all purposes a private key known my multiples parties becomes worthless for message signing. If anyone can sign anything with the key it violates the whole idea of a signature being verifiably unique to an individual. [↩]
- Unless you are signing from a brain wallet [↩]
- This may be a good reason to use a separate address for message signing, which is different from ones typically used in transactions. [↩]
- With the implication that for large trades GPG should be expected as Address signing is the minimum [↩]