Digital signatures

Posted by David Harding, Saïvann Carignan, Balaji Srinivasan

Tutorial

Requirements

What you’ll learn

By the end of this tutorial you will have learned how to use digital signatures to verify the data you received came from the person who actually sent it. This is critical in Bitcoin where we need to know that the person spending bitcoins is actually authorized to spend them.

Install 21

Using hashes and cryptographic signatures to verify data integrity

Bitcoin blocks are protected using proof of work powered by cryptographic hashes, but in order for someone to spend their bitcoins, they have to create a cryptographic signature that proves they own those bitcoins. The recipient and all Bitcoin full nodes verify that signature to make sure the transaction is valid.

Let’s look at verifying a cryptographic signature on a text file. This is the same principle Bitcoin uses, although the software is different. To verify anything, you first need the public key of the person who created the signature. So let’s download and import the public key of Bitcoin Core lead developer Wladimir van der Laan:

## Download Wladimir’s key
wget https://bitcoin.org/laanwj-releases.asc

## Import that key in GNU Privacy Guard (GPG)
gpg --import laanwj-releases.asc

Now that you have Wladimir’s key, let’s download a file that he signed—the Bitcoin Core releases file for version 0.11.0—and then verify that he actually signed it with the previously-imported key.

## Download the release file; the -O is a capital letter o
wget https://bitcoin.org/bin/bitcoin-core-0.11.0/SHA256SUMS.asc -O shasums.asc

## Verify the file was signed by Wladimir
gpg --verify shasums.asc

If verification worked, GPG should print text that says “Good signature from Wladimir van der Laan”. But it may also print a WARNING, as shown below:

gpg: Signature made Sun 12 Jul 2015 03:21:13 PM UTC using RSA key ID 36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964

Essentially this is because GPG is verifying two separate things:

  1. Is the file signed by someone who has the private key for the entity "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>"

  2. Does that entity actually represent the person Wladimir J. van der Laan?

The standalone GPG by itself doesn’t have enough information to make the second assertion—it doesn’t have a data structure that represents Wladimir. If you’ve met Wladimir in person and verified that the key above actually belongs to him, GPG lets you set that key as trusted. This is not necessary for this introduction to digital signatures, but (if you’re interested) you can learn more at https://www.gnupg.org/gph/en/manual/x334.html

Now that you know the file is authentic, let’s look at it:

## Display the contents of the file
cat shasums.asc

Wrapped inside the PGP header and footer should be several hashes followed by file names.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

747ad1a76ca21ef959cdf2591a7c1c987c1be97ddfc5eadc079a62a071298736  bitcoin-0.11.0-linux32.tar.gz
f9d83c4de5157c4901866d9400532ac3589bf75123f952d73ce993287e38d419  bitcoin-0.11.0-linux64.tar.gz
c7a5e496d7c31bdc10d2c0c79dfcf9aca69f9520579917c7d3e95868b2127707  bitcoin-0.11.0-osx64.tar.gz
fa457e65662b73f3d33235c012d4bec181e2919dd2a400afaa0ff9ab4927fb89  bitcoin-0.11.0-osx.dmg
51ba1756addfa71567559e3f22331c1d908a63571891287689fff7113035d09f  bitcoin-0.11.0.tar.gz
7bb285e0a3d4648f799d5daa157ee755a7418b3aa9262d0f33508d7793c13d14  bitcoin-0.11.0-win32-setup.exe
9ab9afb06e2a0d020ecb047aed10f67c4f5e4381670dfed2b9d036835772a957  bitcoin-0.11.0-win32.zip
026f5d18c505105f317db8f49f3127e449953c3c012db58ca87ea6004abbec58  bitcoin-0.11.0-win64-setup.exe
f86a6d1ced0dda9cb767b6a5bad30b0c3387881003af9e2786b1c3df95135c01  bitcoin-0.11.0-win64.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJVooXpAAoJEJDIAZ42wulkdVUP/1X6X9C3yilZX2JagRMlR1Gj
iMAo+GneFJkfwJGKpfeEQTe4ufcBUyHSoT5IUNwEkuOKTMEnufpvqEG/Z8iOy3tK
N2/xWLBfRXhfF7h4zc8aA6FL6BroGUsU5M1I8QvaJec/TAaZHqRMFaTlsKScHuN9
cu2kPko+YVEiN4/zF5rc2SeyZPbj8OctSCVMgEuy/9BLNVhxMfRTJnRTrLfvTzi5
csUiLEaSRkfhmfXfD4teQqBf2mKB1AwLXGJCrJHFLUH9LwcCFATwkPtxMP8KAqO3
8bM9lHoHRmKb/YsblQZQeZ7+OMPGRC7yZhsvJ6dn26I0g6YH8c3CAH480zzns48U
0RGPRDpNQZIfyQTIm1Ap5aChUQELOoUFENOmCq9GOsRQ/UHFEeEZsL8U9P2n+njF
+VxW0cTwU3w0i5oSqJ6bdovByNWdBir2NdIr4k9v5YtK37plaN8j9siO1kqG5aCW
O6P16xuT4YAzh0Hmxq2D+oVH5olCZQxa4p4eNhpFUGLdtg/GHQ43YNzGwOXxt0b6
nduevPoIXJv3uSaANVHAr3y8ecO2w/tAsE6WlB/EQxm9c6NcL+XejV7u/klzlhQz
Ogncmso6qNwNDbqqgcQUz0p73/5BSA5Q6vQsP6SQIrkdlwXphgs8hBEy9XX41Ozt
SqjTg2uu6+Q86zJvx3uT
=75mL
-----END PGP SIGNATURE-----

Note, if you cannot see this full output, use Shift + PgUp and Shift + PgDown to scroll the terminal window up and down, respectively. These are the hashes of the Bitcoin Core packages used to install Bitcoin Core. Let’s see one of these packages, get its SHA256 hash, and check that against the list we previously displayed:

## Get the Bitcoin Core package
wget https://bitcoin.org/bin/bitcoin-core-0.11.0/bitcoin-0.11.0.tar.gz

## Get its SHA256 hash, which should be:
##   51ba1756addfa71567559e3f22331c1d908a63571891287689fff7113035d09f  bitcoin-0.11.0.tar.gz
sha256sum bitcoin-0.11.0.tar.gz

Look at the bitcoin-0.11.0-linux.tar.gz entry in the shasums.asc file you recently printed and notice that the hash is identical to the one you just produced by running sha256sum on the file you downloaded.

## Display the matching hash from the shasums.asc file
## which should be identical to the hash you just obtained
grep 51ba1756addfa71567559e3 shasums.asc

This proves that you downloaded an identical copy of the file that the Bitcoin Core Lead Developer had on his computer when he created that file and cryptographically signed it.

Bitcoin wallets contain public keys, which are usually shown as Bitcoin addresses. The public in "public key" means that it's safe to share that information with other people, so it's safe to share your Bitcoin addresses with other people.

Bitcoin wallets also contain private keys. The private means that it's not safe to share your private key.

That is the best way to think about whether you possess some bitcoins. Do you have the private key? Then you have the bitcoins. Otherwise someone else has custody of the bitcoins on your behalf.

Cryptographic hashes and cryptographic signatures are arguably the two most important technologies for making Bitcoin possible. With hashes, we can verify that data hasn’t changed—which is essential for creating a secure ledger like the blockchain. And with cryptographic signatures, we can verify that someone who attempts to spend some bitcoins actually has the private key needed to spend those bitcoins.

Of course, you already knew Bitcoin was possible. From here on, we'll explore the precise methods and data formats. Go back to the main page to learn more.

Questions

Questions about digital signatures

To verify a signature, what other two pieces of data do you need?

Correct

Incorrect

Correct

Incorrect

Correct

Incorrect

Correct

Incorrect

Correct

Incorrect

Choose all of the following that are safe to share with other people:

Correct

Incorrect

Correct

Incorrect

Correct

Incorrect

Correct

Incorrect

Correct

Incorrect