Current implementation of sign/verify is broken for SegWit and Bech32 addresses.
Please add the following reference to the use cases:
---
# Does blockchain.info show balances for addresses that are in cold storage?
Yes.
>... is there any way for me in another country to confirm that what my
>colleague views is actually accurate and correct?
Since they use Bitcoin Core, yes, there is a way to verify that they hold the
addresses that they claim. Have them sign a message with each address that they
claim to have the holdings on, using Bitcoin Core you can verify that they
indeed have those addresses and check them on blockchain.info to find the
current balance.
Only works in Bitcoin Core currently for addresses starting with a '1' (not
Segwit addresses starting with a '3' and not Bech32 addresses starting with
'bc1' - the developers are aware of this and I will remind them shortly.)
In Bitcoin Core, your transaction opposite goes to File -> Sign Message and
signs any message with one of the holding addresses. Copy the message, address
and signature and send to you via probably plain text format email is the
easiest. Repeat for each additional address holding the balance of BTC that
they are offering to sell.
In Bitcoin Core, you go to File -> Verify Message and key the details provided
EXACTLY - spaces, new lines and all characters must be an EXACT match. Click on
verify and voilĂ .
I prefer the form of signed message as follows (don't key the top and bottom
bar rows for the message, just the contents and you can check this yourself,
the bottom row is the signature). I like to key the address used for verifying
as a part of the message but that is not strictly necessary:
------------------------------
Something that I want to sign.
bitcoin:1PMUf9aaQ41M4bgVbCAPVwAeuKvj8CwxJg
------------------------------
Signture:
IGaXlQNRHHM6ferJ+Ocr3cN9dRJhIWxo+n9PGwgg1uPdOLVYIeCuaccEzDygVgYPJMXqmQeSaLaZVoG6FMHPJkg=
This contains all of the compact information necessary to verify the message.
Example of verified message:
![verified message][1]
[1]: https://i.stack.imgur.com/zv1xq.png
---
https://bitcoin.stackexchange.com/a/72281/75001
Solution seems to be straight-forward, as noted in Issue#
[10542](https://github.com/bitcoin/bitcoin/issues/10542#issuecomment-306584383)
>And it would in theory be possible to make signmessage work for a P2SH-P2WPKH
>address, in cases where the verifier knows the embedded pubkeyhash already.
>But in that case you don't need "sign with a witness address" functionality -
>*you could just sign with the embedded key (see validateaddress), and have the
>verifier check that*.
>The point is to not further the misunderstanding that signmessage signs with
>an address - it never did. It signs with a keyhash, and verify with a keyhash.
This is an important feature, there are few other ways to verify that an
address is held. Note that the linked issue is not currently labeld GUI and
probably could be - unless a new issue should also be opened?
Regards,
Damian Williamson
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
