I would like to propose two things that are closely related. I will
start making BIPS if there's positive feedback. Sorry it's so long,
but I felt both should be in the same email...
(1) Signature Blocks -- A more-robust, versatile,
message-signing exchange
Satoshi client 0.6.0 introduced message signing, but I've been
fairly unimpressed with the implementation. Strictly speaking, it
works, but it's really not intended for "regular users." There is
no indication of what message was signed or what address signed it.
Key recovery works for the computers processing it, but the user has
no idea what this chunk of random data is. They don't even know if
the message they thought they signed is what's in the signature
(along the lines of the copy&paste virus, the message could be
switched out without the user noticing).
I have implemented Signature
Blocks in Armory (as of v0.55), which is a fully-functional
expansion on the idea. Along the lines of BIP 10, a signature block
is a human-readable chunk of data that immediately identifies the
address and the message that are being signed. It is easily
copy&pasted via email or text files, and is fairly compact for
visual identification. Click the link above to see an example
signature block and an Armory screenshot of the UI (which needs
improvement, but still usable). The verification process will
include:
-- Check that the public key (included or recovered) matches the
address field.
-- Verify that the signature matches the included message for this
public key
-- The message is properly formatted with a standardized character
set and escape/replacement scheme for things like newlines or
double-quotes.
gmaxwell already pointed out that key recovery makes the "Public
Key" field pointless. Okay fine -- I just don't have key recovery
implemented yet in Armory, and when I do I can ditch that field (or
simply make it optional). The point is to create a versatile,
human-readable standardized form, much like the BIP 0010
signature-collection scheme.
(2) Sign-Message URI scheme -- Request signed
messages from users using URIs
I had the idea that for certain services, the first funding address
could be used to identify the owner of an account, and all account
maintenance (such as cashouts) be done through signed messages with
this address. For instance, the user would need both a login
password and a signed message in order to make a withdrawal
or purchase:
("Please withdraw 12.3 BTC from acct 1828349132 to address
1Hfr3jk2093f")_signed_by_A
This gives the service the ability to use two separate factors to
authenticate the request (username&password and access
to unencrypted wallet). This could work with manual
signature blocks alone... but it's too many steps for regular
users. However, I think it's workable if we expand bitcoin URIs to
include "Signature Requests".
The URI scheme would add a few parameters to the scheme, and would
have to have further replacement rules to make sure that messages
are handled properly. The general CONOPs would be (Concept
of Operations):
-- User navigates to "Withdraw funds" on webpage
-- Webpage has you fill in the details: from-account,
to-address, withdrawal amount
-- Webpage produces a clickable URI link that loads all the
information into your client, including addr-reqd-for-sig
-- Client asks for confirmation and passphrase (if necessary)
then produces a signature (and sig block if necessary)
-- URI may include reply-to field that tells it where to send
the siganture when it's ready
So the extra tags that would be needed would probably be:
"requestSig=True":
Flag to identify that this is a signing request URI
"sigNeeded=1Qjf3392k31h"
The address that needs to sign the message
"message=Please%20withdraw%2012.3%20BTC%20to%20addr%201Hfr3jk2093f"
Some encoding of the message that can be parsed the
same way on all systems
"replyurl=http://requestor.com/sig_replies.asp?"
(Optional) After signing, application will submit
the signature to the replyurl
The reply url could be simply an http URL which will use bitcoin URI
syntax, with the fields above copied. Therefore, to complete the
above request, the application handling the request will simply send
an HTTP request to:
http://requestor.com/sig_replies.asp?sigNeeded=1Qjf3392k31h&message=...&signature=1fb1893ac193...&replySig=True
Any thoughts? (I have no doubts that there are :) )
-Alan