Verify Bitcoin Message

A dependency-free Bitcoin message verifier that works in browsers and as a lightweight CLI.

Translations would be an incredible contribution now :)

Published Messages

Any messages, from around the globe, can be added via Pull Requests.

The verification process automatically hides invalid messages.

It's like github is a registry of messages

Getting Started

Download Bun, my new favorite JS runtime, then clone the repository

git clone https://github.com/mothepro/verify-bitcoin-message
cd verify-bitcoin-message
bun install # Tests will be run automatically after installation

Things you can do

Serve locally

bun start
python -m http.server 8000 # Any "server" is fine, doesn't have to be python

Unfortunately, opening the html file directly from the file system will not work. The browser's built-in crypto libraries are not available when running from the file system.

Progressive Web App Features

• File Sharing
  • Share .txt and .json files directly to the app for automatic verification
• Auto-Install Prompt
  • Automatically prompts for installation after 2 minutes of usage
• Offline-First
  • Works completely offline after first visit
  • Mobile: Turn on airplane mode
  • Desktop: Chrome Developer Tools (F12) > Network tab > Change No Throttling to Offline

CDN

<script type="module">
  import verify, { verifySafe } from 'https://unpkg.com/verify-bitcoin-message';
</script>

Command Line Interface

npx verify-bitcoin-message --json \
   --address 1F3sAm6ZtwLAUnj7d38pGFxtP3RVEvtsbV \
   --message "This is an example of a signed message." \
   --signature "H9L5yLFjti0QTHhPyFrZCT1V/MMnBtXKmoiKDZ78NDBjERki6ZTQZdSMCtkgoNmp17By9ItJr8o7ChX0XxY91nk="

Programmatic Use

bun add verify-bitcoin-message # OR npm install verify-bitcoin-message

import verify, { verifySafe } from 'verify-bitcoin-message';

await verify({
  address: '1F3sAm6ZtwLAUnj7d38pGFxtP3RVEvtsbV',
  message: 'This is an example of a signed message.',
  signature: 'H9L5yLFjti0QTHhPyFrZCT1V/MMnBtXKmoiKDZ78NDBjERki6ZTQZdSMCtkgoNmp17By9ItJr8o7ChX0XxY91nk='
})

// If you're not a fan of throwing errors:
const isValid = await verifySafe({
  address: '1F3sAm6ZtwLAUnj7d38pGFxtP3RVEvtsbV',
  message: 'This is an example of a signed message.',
  signature: 'H9L5yLFjti0QTHhPyFrZCT1V/MMnBtXKmoiKDZ78NDBjERki6ZTQZdSMCtkgoNmp17By9ItJr8o7ChX0XxY91nk='
})

Up Next

• Fill out cli info with active values
• Nice way to show multiple messages at once
• support just the hash for short verification
  • this would allow us to verify long messages too
• Allow files as messages (just put the commit you added them in your message and github will auto format it as well :D)
• Automatically sync all open publish PRs back to main branch
• Add publish tag to PRs with only payload changes
• My idea to prevent fake screenshots :lightbulb:
• more support for address types
• explainer why cold storage >>> exchanges (you can use this)
• service worker? for full PWA
• better example message
• allow markdown in message? 👀
• wrap github gpg signatue with one of these
  • then we could have a nicer message in action with a verified signature, kinda like a blue checkmark on twitter
  • We can remove the [!WARNING] and replace the [!IMPORTANT] with a > [!TIP] and a nicer message :D
  • maybe we can read the message as an MVP version

Web Alternatives

• Bitcoin.com

• Verify Bitcoin Message

• BlueWallet's VerifySignature

Trust layers

Cloudflare for cdn js.org maintainers github