Skip to content
This repository has been archived by the owner on Apr 15, 2019. It is now read-only.

Sign/verify message should contain some explanation #181

Closed
slaweet opened this issue May 8, 2017 · 4 comments
Closed

Sign/verify message should contain some explanation #181

slaweet opened this issue May 8, 2017 · 4 comments
Assignees
@slaweet
Labels
*easy enhancement
Milestone
Version 1.0.0

Comments

@slaweet
Copy link
Contributor

slaweet commented May 8, 2017

Actual behaviour

Sign/verify message dialogs are very empty and to a new user of cryptocurrencies, their purpose might not be obvious.
sign-message

Expected behaviour

Some explanation text could be added there to explain the features.
Either it can be done as in the voting dialog:
vote
Or some tooltip:
tooltip

Steps to reproduce
@reyraa reyraa added this to the Version 1.0.0 milestone May 9, 2017
@reyraa reyraa added the *easy label May 9, 2017
@slaweet
Copy link
Contributor Author

slaweet commented May 17, 2017

@karmacoma , @Isabello , can you please put down here some suggestions on what the explanation for Sign message dialogue and Verify message dialogue should say? It would be also nice to put there some "Learn more" link, if there is a relevant web page.

@toschdev
Copy link
Contributor

toschdev commented May 23, 2017
edited
Loading

With signing a message you can create a digital signature of your message with the account you are using in lisk nano. Your privateKey will be used in order to create the signature and other people can then use the signature and your publicKey in order to verify that this message was signed by the owner of the Lisk account. But also be aware, since computers can be tampered and various forms of viruses can be used to take over computers, a digital signature is not a 100% proof that the message comes from the right person. Nonetheless, when used appropriately, digital signatures are extremely useful.
Note: Digital Signatures and signed messages are not encrypted!
Technical Details: https://github.com/tonyg/js-nacl#signatures-crypto_sign
Theoretical Background: https://en.wikipedia.org/wiki/Digital_signature

@Isabello
Copy link

Signing a message with this tool indicates ownership of a privateKey (secret) and provides a level of proof that you are the owner of the key. Its important to bear in mind that this is not a 100% proof as computer systems can be compromised, but is still an effective tool for proving ownership of a particular publicKey/address pair.

Note: Digital Signatures and signed messages are not encrypted!

@toschdev
Copy link
Contributor

When you have the signature, you only need the publicKey of the signer in order to verify that the message came from the right private/publicKey pair. Be aware, everybody knowing the signature and the publicKey can verify the message. If ever there is a dispute, everybody can take the publicKey and signature to a judge and prove that the message is coming from the specific private/publicKey pair.

@slaweet slaweet self-assigned this May 23, 2017
slaweet added a commit that referenced this issue May 23, 2017
@slaweet
Add some explanation to sign/verify message #181
a02389a
@slaweet slaweet mentioned this issue May 23, 2017
Merged
slaweet added a commit that referenced this issue May 26, 2017
@slaweet
Merge pull request #259 from LiskHQ/181-sign-verify-explanation
ef76746 
Add some explanation to sign/verify message - Closes #181
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@slaweet slaweet

Labels
*easy enhancement
Projects
None yet
Milestone
Version 1.0.0
Development

No branches or pull requests
4 participants
@reyraa @slaweet @toschdev @Isabello