Bitcoin address authentication

From bitcoin-otc wiki
Jump to: navigation, search

You can create an account and authenticate to the OTC system using the standard bitcoin client we all know and love. In short, all you need to do is sign a one-time-password message using a bitcoin address of your choice, and submit the signed message to the bot for verification. The guide below contains a more detailed walkthrough of the process.

IRC bot

The #bitcoin-otc IRC bot is called gribble. To command the bot in-channel, prefix your line with ";;" (two semicolons). E.g., to ask for a bitcoin price ticker, you can issue the command in channel as

;;ticker

You can also talk to the bot in private message to avoid cluttering up the channel - which you are recommended to do for the purposes of authentication and registration. To start a private session with the bot, type "/query gribble" in your IRC client. When in PM, there's no need to prefix your commands with ";;".

Initial setup

The first step is to download and install the bitcoin client. You can do so at http://bitcoin.org. Most of you will probably already have the client up and running.

Once the client is up and running, it is recommended to create a new bitcoin address that you will use to authenticate to #bitcoin-otc. On the "Receive coins" tab, click the "New address" button, and label it with something that you'll easily recognize (e.g., "bitcoin-otc signing address").

At this point, if you don't already have multiple, secure, and geographically dispersed backups of your bitcoin wallet, you should make them.

Registration

Note: if you are already registered via GPG authentication, use the 'changeaddress' command to add a bitcoin address to your otc account.

To register, choose a nickname (best to use a nick that's the same as your irc nick, but not required), then issue the following command to the bot:

;;bcregister yournickname 1yourbitcoinaddressgoeshere

Now, continue to the Challenge-response section.

Authentication

Once you have registered (see section above), to authenticate in the future, use the 'bcauth' command, as follows:

;;bcauth yournickname

Now, continue to the Challenge-response section.

The bitcoin-qt Receive coins panel with 'sign message' button highlighted.

Challenge-response

The bot will respond to registration and authentication requests with a unique one-time challenge string to sign with your address, which will look something like this:

freenode:#bitcoin-otc:2b5195d2442c3fc302a0b2f3c7b856cd04ecc0835d0e306827b94e9c

On the 'Receive coins' tab of the bitcoin client, select the signing address, and click the 'Sign message' button. Copy and paste the challenge string, click "Sign message", copy the signed message with the "Copy to clipboard" button, then give the result to the bot with the 'bcverify' command, as follows:

;;bcverify random-looking-gibberish-that-is-your-signed-message-goes-here=

If all goes according to plan, you should receive a success message and you'll be good to go!

Sample session

Registration

<nanotube> ;;bcregister nanotube 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
<gribble> Request successful for user nanotube, hostmask nanotube!~nanotube@unaffiliated/nanotube. Your challenge string is: 
          freenode:#bitcoin-otc:40fb92dc28721a074e36377cb3a5b689ce025231b946c1ca77fdfd03
<nanotube> ;;bcverify HNFBzYSycKq55rUVXor1Wfs1GCuO94I4aWJKwvgVsqawK4wOfJ+Bs2Zvm57cYf2drKUhq9ati5QsJ1J5idfIOBE=
<gribble> Registration successful. You are now authenticated for user 'nanotube' with address 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T

Authentication

<nanotube> ;;bcauth nanotube
<gribble> Request successful for user nanotube, hostmask nanotube!~nanotube@unaffiliated/nanotube. Your challenge string is: 
          freenode:#bitcoin-otc:40fb92dc28721a074e36377cb3a5b689ce025231b946c1ca77fdfd03
<nanotube> ;;bcverify HNFBzYSycKq55rUVXor1Wfs1GCuO94I4aWJKwvgVsqawK4wOfJ+Bs2Zvm57cYf2drKUhq9ati5QsJ1J5idfIOBE=
<gribble> You are now authenticated for user 'nanotube' with address 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T

Checking auth

To check if you or another person is authenticated, you can use the 'ident' command, with the IRC nick of the target user. You can omit the nick if you check your own auth status. E.g.:

<nanotube> ;;ident
<gribble> You are identified as user nanotube, with GPG key id E7F938BEC95594B2, key fingerprint D8B11AAC59A873B0F38D475CE7F938BEC95594B2,
          and bitcoin address 1J4yzUXMuhuF28M3VYpqtmride5tj5smbi

Change address

To change your registered address, (or to add one if you have registered via GPG and don't have an address on file) use the 'changeaddress' command with the new address you wish to use. You must be authenticated to your account in order to use the command. Once you issue the command, the bot will supply you with the challenge that you must sign with your new address and respond with the bcverify command, in the same manner as for normal authentication.