add signmessagewithkey RPC

Lagrang3 · Lagrang3 · commit 437d32dc1eb9 · 2025-04-11T10:27:34.000+01:00
signmessagewithkey: allows to sign a message with a key associated with
one bitcoin address in our wallet.

Signed-off-by: Lagrang3 &lt;lagrang3@protonmail.com&gt;
diff --git a/contrib/msggen/msggen/schema.json b/contrib/msggen/msggen/schema.json
@@ -32794,6 +32794,95 @@
         }
       ]
     },
+    "lightning-signmessagewithkey.json": {
+      "$schema": "../rpc-schema-draft.json",
+      "type": "object",
+      "rpc": "signmessagewithkey",
+      "title": "Command to create a signature using a key from the wallet",
+      "description": [
+        "The **signmessagewithkey** RPC command creates a digital signature of *message* using the key associated with the address provided in the input.",
+        "The signature scheme follows the same convention as electrum wallet."
+      ],
+      "added": "v25.05",
+      "request": {
+        "required": [
+          "message",
+          "address"
+        ],
+        "additionalProperties": false,
+        "properties": {
+          "message": {
+            "type": "string",
+            "description": [
+              "Less than 65536 characters long message to be signed by the node."
+            ]
+          },
+          "address": {
+            "type": "string",
+            "description": [
+              "A Bitcoin accepted type, including a bech32, address for lookup in the list of addresses issued to date."
+            ]
+          }
+        }
+      },
+      "response": {
+        "required": [
+          "keyidx",
+          "pubkey",
+          "signature",
+          "base64"
+        ],
+        "additionalProperties": false,
+        "properties": {
+          "keyidx": {
+            "type": "u64",
+            "description": [
+              "The key index of the address requested."
+            ]
+          },
+          "pubkey": {
+            "type": "pubkey",
+            "description": [
+              "The public key associated with the bitcoin address provided."
+            ]
+          },
+          "signature": {
+            "type": "hex",
+            "description": [
+              "The signature."
+            ]
+          },
+          "base64": {
+            "type": "string",
+            "description": [
+              "The signature encoded in base64."
+            ]
+          },
+          "bech32": {
+            "type": "string",
+            "description": [
+              "The bech32 (native segwit) address."
+            ]
+          },
+          "p2tr": {
+            "type": "string",
+            "description": [
+              "The taproot address."
+            ]
+          }
+        }
+      },
+      "author": [
+        "Lagrang3 <<lagrang3@protonmail.com>> is mainly responsible."
+      ],
+      "see_also": [
+        "lightning-checkmessagewithkey(7)"
+      ],
+      "resources": [
+        "Main web site: <https://github.com/ElementsProject/lightning>"
+      ],
+      "examples": []
+    },
     "lightning-signpsbt.json": {
       "$schema": "../rpc-schema-draft.json",
       "type": "object",
diff --git a/doc/schemas/lightning-signmessagewithkey.json b/doc/schemas/lightning-signmessagewithkey.json
@@ -0,0 +1,91 @@
+{
+  "$schema": "../rpc-schema-draft.json",
+  "type": "object",
+  "rpc": "signmessagewithkey",
+  "title": "Command to create a signature using a key from the wallet",
+  "description": [
+    "The **signmessagewithkey** RPC command creates a digital signature of *message* using the key associated with the address provided in the input.",
+    "The signature scheme follows the same convention as electrum wallet."
+  ],
+  "added": "v25.05",
+  "request": {
+    "required": [
+      "message",
+      "address"
+    ],
+    "additionalProperties": false,
+    "properties": {
+      "message": {
+        "type": "string",
+        "description": [
+          "Less than 65536 characters long message to be signed by the node."
+        ]
+      },
+      "address": {
+        "type": "string",
+        "description": [
+          "A Bitcoin accepted type, including a bech32, address for lookup in the list of addresses issued to date."
+        ]
+      }
+    }
+  },
+  "response": {
+    "required": [
+      "keyidx",
+      "pubkey",
+      "signature",
+      "base64"
+    ],
+    "additionalProperties": false,
+    "properties": {
+      "keyidx": {
+        "type": "u64",
+        "description": [
+          "The key index of the address requested."
+        ]
+      },
+      "pubkey": {
+        "type": "pubkey",
+        "description": [
+          "The public key associated with the bitcoin address provided."
+        ]
+      },
+      "signature": {
+        "type": "hex",
+        "description": [
+          "The signature."
+        ]
+      },
+      "base64": {
+        "type": "string",
+        "description": [
+          "The signature encoded in base64."
+        ]
+      },
+      "bech32": {
+        "type": "string",
+        "description": [
+          "The bech32 (native segwit) address."
+        ]
+      },
+      "p2tr": {
+        "type": "string",
+        "description": [
+          "The taproot address."
+        ]
+      }
+    }
+  },
+  "author": [
+    "Lagrang3 <<lagrang3@protonmail.com>> is mainly responsible."
+  ],
+  "see_also": [
+    "lightning-checkmessagewithkey(7)"
+  ],
+  "resources": [
+    "Main web site: <https://github.com/ElementsProject/lightning>"
+  ],
+  "examples": [
+  ]
+}
+
diff --git a/wallet/walletrpc.c b/wallet/walletrpc.c
@@ -4,6 +4,7 @@
 #include <ccan/array_size/array_size.h>
 #include <ccan/cast/cast.h>
 #include <common/addr.h>
+#include <common/base64.h>
 #include <common/bech32.h>
 #include <common/configdir.h>
 #include <common/json_command.h>
@@ -1066,3 +1067,127 @@ static const struct json_command sendpsbt_command = {
 };
 
 AUTODATA(json_command, &sendpsbt_command);
+
+static struct command_result *
+json_signmessagewithkey(struct command *cmd, const char *buffer,
+			const jsmntok_t *obj UNNEEDED, const jsmntok_t *params)
+{
+	/* decoding the address */
+	const u8 *scriptpubkey;
+	const char *message;
+
+	/* from wallet BIP32 */
+	struct pubkey pubkey;
+
+	if (!param(
+		cmd, buffer, params,
+                p_req("message", param_string, &message),
+		p_req("address", param_bitcoin_address, &scriptpubkey),
+                NULL))
+		return command_param_failed();
+
+	const size_t script_len = tal_bytelen(scriptpubkey);
+
+	/* FIXME: we already had the address from the input */
+	char *addr;
+	addr = encode_scriptpubkey_to_addr(tmpctx, chainparams, scriptpubkey);
+	enum addrtype addrtype;
+
+	if (is_p2tr(scriptpubkey, script_len, NULL))
+		addrtype = ADDR_P2TR;
+	else if (is_p2wpkh(scriptpubkey, script_len, NULL))
+		addrtype = ADDR_BECH32;
+	else {
+		return command_fail(cmd, JSONRPC2_INVALID_PARAMS,
+				    "address %s is neither p2wpkh nor p2tr and "
+				    "it is not supported",
+				    addr);
+	}
+
+	u32 keyidx;
+
+	/* loop over all generated keys, find a matching key */
+	/* FIXME: alternatively, can we use the our_addresses hash table?
+	 *struct script_with_len *key;
+	 *struct wallet_address *addr =
+	 *    wallet_address_htable_get(cmd->ld->wallet->our_addresses, key);
+	 */
+	struct issued_address_type *listaddrtypes =
+	    wallet_list_addresses(tmpctx, cmd->ld->wallet, 1, NULL);
+	for (size_t i = 0; i < tal_count(listaddrtypes); i++) {
+		if (listaddrtypes[i].keyidx == BIP32_INITIAL_HARDENED_CHILD) {
+			break;
+		}
+		bip32_pubkey(cmd->ld, &pubkey, listaddrtypes[i].keyidx);
+		char *out_p2wpkh = "";
+		char *out_p2tr = "";
+		if (listaddrtypes[i].addrtype == ADDR_BECH32 ||
+		    listaddrtypes[i].addrtype == ADDR_ALL) {
+			u8 *redeemscript_p2wpkh;
+			out_p2wpkh = encode_pubkey_to_addr(
+			    cmd, &pubkey, ADDR_BECH32, &redeemscript_p2wpkh);
+			if (!out_p2wpkh) {
+				abort();
+			}
+		}
+		if (listaddrtypes[i].addrtype == ADDR_P2TR ||
+		    listaddrtypes[i].addrtype == ADDR_ALL) {
+			out_p2tr =
+			    encode_pubkey_to_addr(cmd, &pubkey, ADDR_P2TR,
+						  /* out_redeemscript */ NULL);
+			if (!out_p2tr) {
+				abort();
+			}
+		}
+
+		if (streq(addr, out_p2wpkh) || streq(addr, out_p2tr)) {
+			keyidx = listaddrtypes[i].keyidx;
+			break;
+		}
+	}
+
+	/* wire to hsmd a sign request */
+	u8 *msg = towire_hsmd_sign_message_with_key(
+	    cmd, tal_dup_arr(tmpctx, u8, (u8 *)message, strlen(message), 0),
+	    keyidx);
+	if (!wire_sync_write(cmd->ld->hsm_fd, take(msg))) {
+		fatal("Could not write sign_with_key to HSM: %s",
+		      strerror(errno));
+	}
+
+	/* read form hsmd a sign reply */
+	msg = wire_sync_read(cmd, cmd->ld->hsm_fd);
+
+	int recid;
+	u8 sig[65];
+	secp256k1_ecdsa_recoverable_signature rsig;
+
+	if (!fromwire_hsmd_sign_message_with_key_reply(msg, &rsig)) {
+		return command_fail(cmd, JSONRPC2_INVALID_PARAMS,
+				    "HSM gave bad sign_with_key_reply %s",
+				    tal_hex(tmpctx, msg));
+	}
+
+	secp256k1_ecdsa_recoverable_signature_serialize_compact(
+	    secp256k1_ctx, sig + 1, &recid, &rsig);
+	sig[0] = recid + 31;
+
+	struct json_stream *response;
+	response = json_stream_success(cmd);
+	if (addrtype & ADDR_BECH32)
+		json_add_string(response, "bech32", addr);
+	if (addrtype & ADDR_P2TR)
+		json_add_string(response, "p2tr", addr);
+	json_add_u32(response, "keyidx", keyidx);
+	json_add_pubkey(response, "pubkey", &pubkey);
+	json_add_hex(response, "signature", sig, sizeof(sig));
+	json_add_string(response, "base64",
+			b64_encode(tmpctx, sig, sizeof(sig)));
+	return command_success(cmd, response);
+}
+
+static const struct json_command signmessagewithkey_command = {
+	"signmessagewithkey",
+	json_signmessagewithkey
+};
+AUTODATA(json_command, &signmessagewithkey_command);
