SignMessageWithAddr
SignMessageWithAddr returns the compact signature (base64 encoded) created with the private key of the provided address. This requires the address to be solely based on a public key lock (no scripts). Obviously the internal lnd wallet has to possess the private key of the address otherwise an error is returned.
This method aims to provide full compatibility with the bitcoin-core and btcd implementation. Bitcoin-core's algorithm is not specified in a BIP and only applicable for legacy addresses. This method enhances the signing for additional address types: P2WKH, NP2WKH, P2TR. For P2TR addresses this represents a special case. ECDSA is used to create a compact signature which makes the public key of the signature recoverable.
Source: walletrpc/walletkit.proto
gRPC
rpc SignMessageWithAddr (SignMessageWithAddrRequest) returns (SignMessageWithAddrResponse);
REST
| HTTP Method | Path |
|---|---|
| POST | /v2/wallet/address/signmessage |
Code Samples
- gRPC
- REST
- Shell
- Javascript
- Python
const fs = require('fs');
const grpc = require('@grpc/grpc-js');
const protoLoader = require('@grpc/proto-loader');
const GRPC_HOST = 'localhost:10009'
const MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
const TLS_PATH = 'LND_DIR/tls.cert'
const loaderOptions = {
keepCase: true,
longs: String,
enums: String,
defaults: true,
oneofs: true,
};
const packageDefinition = protoLoader.loadSync(['lightning.proto', 'walletrpc/walletkit.proto'], loaderOptions);
const walletrpc = grpc.loadPackageDefinition(packageDefinition).walletrpc;
process.env.GRPC_SSL_CIPHER_SUITES = 'HIGH+ECDSA';
const tlsCert = fs.readFileSync(TLS_PATH);
const sslCreds = grpc.credentials.createSsl(tlsCert);
const macaroon = fs.readFileSync(MACAROON_PATH).toString('hex');
const macaroonCreds = grpc.credentials.createFromMetadataGenerator(function(args, callback) {
let metadata = new grpc.Metadata();
metadata.add('macaroon', macaroon);
callback(null, metadata);
});
let creds = grpc.credentials.combineChannelCredentials(sslCreds, macaroonCreds);
let client = new walletrpc.WalletKit(GRPC_HOST, creds);
let request = {
msg: <bytes>,
addr: <string>,
};
client.signMessageWithAddr(request, function(err, response) {
console.log(response);
});
// Console output:
// {
// "signature": <string>,
// }
import codecs, grpc, os
# Generate the following 2 modules by compiling the walletrpc/walletkit.proto with the grpcio-tools.
# See https://github.com/lightningnetwork/lnd/blob/master/docs/grpc/python.md for instructions.
import walletkit_pb2 as walletrpc, walletkit_pb2_grpc as walletkitstub
GRPC_HOST = 'localhost:10009'
MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
TLS_PATH = 'LND_DIR/tls.cert'
# create macaroon credentials
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
def metadata_callback(context, callback):
callback([('macaroon', macaroon)], None)
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# create SSL credentials
os.environ['GRPC_SSL_CIPHER_SUITES'] = 'HIGH+ECDSA'
cert = open(TLS_PATH, 'rb').read()
ssl_creds = grpc.ssl_channel_credentials(cert)
# combine macaroon and SSL credentials
combined_creds = grpc.composite_channel_credentials(ssl_creds, auth_creds)
# make the request
channel = grpc.secure_channel(GRPC_HOST, combined_creds)
stub = walletkitstub.WalletKitStub(channel)
request = walletrpc.SignMessageWithAddrRequest(
msg=<bytes>,
addr=<string>,
)
response = stub.SignMessageWithAddr(request)
print(response)
# {
# "signature": <string>,
# }
- Javascript
- Python
const fs = require('fs');
const request = require('request');
const REST_HOST = 'localhost:8080'
const MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
let requestBody = {
msg: <string>, // <bytes> (base64 encoded)
addr: <string>, // <string>
};
let options = {
url: `https://${REST_HOST}/v2/wallet/address/signmessage`,
// Work-around for self-signed certificates.
rejectUnauthorized: false,
json: true,
headers: {
'Grpc-Metadata-macaroon': fs.readFileSync(MACAROON_PATH).toString('hex'),
},
form: JSON.stringify(requestBody),
}
request.post(options, function(error, response, body) {
console.log(body);
});
// Console output:
// {
// "signature": <string>, // <string>
// }
import base64, codecs, json, requests
REST_HOST = 'localhost:8080'
MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
TLS_PATH = 'LND_DIR/tls.cert'
url = f'https://{REST_HOST}/v2/wallet/address/signmessage'
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
headers = {'Grpc-Metadata-macaroon': macaroon}
data = {
'msg': base64.b64encode(<bytes>),
'addr': <string>,
}
r = requests.post(url, headers=headers, data=json.dumps(data), verify=TLS_PATH)
print(r.json())
# {
# "signature": <string>,
# }
$ lncli wallet addresses signmessage --help
NAME:
lncli wallet addresses signmessage - Sign a message with the private key of the provided address.
USAGE:
lncli wallet addresses signmessage [command options] address msg
DESCRIPTION:
Sign a message with the private key of the specified address, and
return the signature. Signing is solely done in the ECDSA compact
signature format. This is also done when signing with a P2TR address
meaning that the private key of the P2TR address (internal key) is used
to sign the provided message with the ECDSA format. Only addresses are
accepted which are owned by the internal lnd wallet.
OPTIONS:
--address value specify the address which private key will be used to sign the message
--msg value the message to sign for
Messages
walletrpc.SignMessageWithAddrRequest
Source: walletrpc/walletkit.proto
| Field | gRPC Type | REST Type | REST Placement |
|---|---|---|---|
msg | bytes | string | body |
addr | string | string | body |
walletrpc.SignMessageWithAddrResponse
Source: walletrpc/walletkit.proto
| Field | gRPC Type | REST Type |
|---|---|---|
signature | string | string |