feat: signing of a message working for ledger and trezor#238
feat: signing of a message working for ledger and trezor#238krrish-sehgal wants to merge 7 commits intocaravan-bitcoin:mainfrom
Conversation
🦋 Changeset detectedLatest commit: c7e8928 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
krrish-sehgal
changed the title
|
Note :
|
krrish-sehgal
changed the title
|
@krrish-sehgal sorry for my lack of knowledge here but just wanted to confirm if this was this done for the QR-project or it's seperate ? |
|
@Legend101Zz , Its separate. |
|
This pull request has been inactive for 30 days and has been marked as stale. It will be closed in 7 days if no further activity occurs. To keep this PR open, add the "long-lived" label or comment on it. |
|
@bucko13 , making a comment here to mark it for review. |
|
Thanks for the ping! |
|
Hello @krrish-sehgal, thank you for working on this. I'd like to help test this and provide feedback. Fair warning: I'm not a software engineer and have limited experience in GitHub in general. First: I've loaded up the most recent vercel deployment, and tried to test with a redeem script, but I'm getting an error 
Second: Am I correct that this message signing feature is currently limited to the script explorer section of Caravan? Ideally I'd like to see it subtly built into the addresses within a wallet. For example, shown as an option "sign message" alongside "confirm on device" as shown in screenshot below. (Functionally, "sign message" could be built into the wallet itself, or maybe the button just takes the user to the script explorer and automatically loads in the redeem script. Either way, it will be more friendly to users who don't understand they'd need to manually copy the redeem script and take it to the script explorer.) 
Third: I'd like to make sure this project includes all of the necessary features to be practically useful. The ultimate purpose is to demonstrate control over the funds in an address to a third party. Therefore, in a k-of-n multisig quorum, the message will often be signed with k number of keys, not just one key. Does BIP322 allow for multiple signatures to be grouped together like this? (I think so, but my understanding is fuzzy.) Once k number of keys have signed, there also needs to be a verification tool for the third party. The third party should be able to input the address, the message, and the signature (I don't think they need the redeem script, as it is built into the signature, if BIP322 works like how I understand BIP137 to work). Where this verification tool should exist, I'm not sure. The script explorer doesn't feel like the right place, if the third party is not required to enter a redeem script. Therefore I'm tempted to consider an entirely new menu item, called "sign/verify message" where all of this behavior could live, rather than within the script explorer. 
This is how Trezor builds it for BIP137: 
Happy to hear your thoughts and discuss this more going forward! |
|
This pull request has been inactive for 30 days and has been marked as stale. It will be closed in 7 days if no further activity occurs. To keep this PR open, add the "long-lived" label or comment on it. |
|
needs some attention by me. |
great I'll add the long lived tag |
Legend101Zz
added
long-lived
qr-code-interactions
4 participants
This fixes #113
Demo:
Screen.Recording.2025-04-10.at.2.55.15.PM.mov