Message signing

From Bitcoin Wiki
Revision as of 05:55, 6 August 2022 by NotATether (talk | contribs) (Create preliminary page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Message signing is the action of signing a cryptographic message using a private key and its associated address, to prove that you have access to the address. These messages can be verified by wallets by checking the signature against the address to see if they correspond to each other. The result of message signing is often called a signed message.

Bitcoin signed messages have three parts, which are the Message, Address, and Signature. The message is the actual message text - all kinds of text is supported, but it is recommended to avoid using non-ASCII characters in the signature because they might be encoded in different character sets, preventing signature verification.

The address is a legacy, nested segwit, or native segwit address. Message signing from segwit addresses has been added by BIP137[1].

The Signature is a base64-encoded ECDSA signature that, when decoded, contain the following fields:

  • Byte 0 of the signature represents the header byte, which identifies the address type
  • Bytes 1 to 32 inclusive represents the "r" of the ECDSA signature (see Elliptic Curve Digital Signature Algorithm).
  • Bytes 33 to 65 inclusive represents the "s" of the ECDSA signature.
As of this writing, there is no message signing support for Taproot addresses. Not only do they use a different signing algorithm in the form of Schnorr, but public key recovery is not possible with Schnorr signatures, so they cannot be compared to addresses.