1
1
This question appears many times on SO, but there's something in the answers I'm not getting.
I'm designing a system predicated upon API calls made to blockchain.info, but I'm having real trouble getting my head around the relationship between Pubkey, Address and digital signatures for my use-case.
Say user Jane has previously transacted using Bitcoin and we assume the transaction is confirmed on the Bitcoin blockchain. Jane now makes a request from her app-based wallet software for some metadata concerning that specific transaction via the system's web-service.
The web-service requires Jane to prove that her wallet really instigated that transaction in order to permit her wallet access to the data, but here I get a bit hazy: From all my reading over the last 6 or 7 days, I gather the wallet software would need to sign some pre-determined message containing e.g. the TXID using the wallet's private key, sign it and send it to the system along with the public key, but once the system receives the data, and can verify the message using the public key, so what? How does that prove the txid (or address or whatever) in that signed message, was signed by the same private key from which the transaction in question is indirectly derived? There's some part missing for me that "reconciles" remote blockchain data with the data sent from the wallet app.
I understand basic PKI and that addresses are hashed derivations of a public key, but the digital signature part is messing with my head.
Thanks for reading. Any help would be greatly appreciated.
Is there some specific reason you're doing it such a complicated, kludgey way? Is there some reason you can't do it a much more straighforward way? For example, why not have Jane pay to a specific address just for her that binds whatever she bought to her account or to some other credential? – David Schwartz – 2017-08-28T11:11:52.827
The system I wish to build pertains to metadata about a btc transaction, almost none of which is available via the public blockchain, it will eventually be generated by the system. All I'm asking is how the system as some 3rd party, might best determine that a software wallet app really took part in a given BTC transaction, to which the metadata relates. Such that only that wallet can have access to thw data. – theruss – 2017-08-29T08:34:28.363