Bitcoin Message Signing Explained: How to Prove You Own a Key (Without Spending Anything)

Bitcoin message signing is one of those features that is genuinely useful, technically straightforward, and almost completely invisible to beginners. The first time most people encounter it is in a high-stakes situation: an exchange asks them to prove ownership of an address, an OTC desk wants verification before transferring six figures, or a customer support ticket bounces back because the agent on the other end needs cryptographic confirmation that you are who you claim to be.

This is the calm version of that conversation. Below is what message signing actually is, when it matters, the standards involved (yes, there is more than one), and the exact steps for signing and verifying with the three most common tools: a hardware wallet, Sparrow, and Electrum. If you have never signed a message and are not sure what one is, this is a 10-minute read that will save you a frantic 45-minute Google session later.

What signing a message actually means

In Bitcoin, the same math that lets you spend coins also lets you prove you own the key that controls them, without spending anything. The mechanism is called a digital signature, and the rough idea is this: you take a message (literally any text you want), you apply your private key to it via a one-way mathematical function, and the result is a short blob of base64 characters. Anyone in the world who has your public Bitcoin address can plug the message, your address, and the signature into a verifier and the verifier will return a clean yes or no — did the private key behind this address actually sign this exact message?

The two important properties:

• Nothing moves on the blockchain. Signing a message is a purely local cryptographic operation. It costs no fees, generates no transaction, and is invisible to everyone except the parties who have the signature.
• The signature is tied to a specific message and a specific address. You cannot reuse it to sign anything else, and it does not prove ownership of any address other than the one it was generated for. Tamper with one character of the message and the signature stops verifying.

The closest analogy is a notarized statement. A signed message is “I, the holder of this address, attest to the following text.” If you wanted to write a contract that referenced a specific Bitcoin holding, you could sign “On 2026-05-11, I, [name], pledge the Bitcoin at address bc1q… toward [purpose]” and produce a signature that anyone could verify, forever.

When you would actually use it

Five common cases, in order of how often they come up.

1. Exchange withdrawal proof / OTC verification

Larger exchanges (Coinbase Prime, Kraken Institutional) and most OTC desks (we covered them in Bitcoin OTC Desks Explained) ask for proof-of-ownership when you provide a withdrawal address. They will give you a randomly generated message to sign with the private key of the destination wallet. This prevents you from accidentally sending to an address that does not actually belong to you, and it prevents an attacker who has compromised your exchange login from redirecting withdrawals to their own address.

2. Proof of reserves (audits, dispute resolution)

If you want to prove to a counterparty — a partner, a court, an insurance company — that you control a specific amount of Bitcoin, signing a message from the controlling address is the canonical way. Exchanges use the same mechanism at scale: a proof-of-reserves audit involves the exchange signing a fresh message from each of its hot and cold wallets, demonstrating control of those funds at a specific moment in time. (We covered exchange-side proof of reserves in Bitcoin Proof of Reserves Explained.)

3. Recovering a lost-coin claim

If you ever send Bitcoin to an address you no longer have records of — an old exchange that has since closed, a wallet whose seed you lost — the only way to prove a claim against an insolvency estate or bankruptcy trustee is to demonstrate that you actually had control of the receiving wallet at the time. Signing a message from that address is the gold-standard evidence. This is exactly how customers proved claims in the Mt. Gox, FTX, and Celsius proceedings.

4. Identity verification within Bitcoin services

Some Lightning custodial services, Bitcoin-native social networks (Nostr is the prominent 2026 example), and certain decentralized markets use signed-message login as an alternative to passwords. You sign a fresh challenge each time you log in, proving you still hold the private key, without ever transmitting the key itself.

5. Public attestations

Donation campaigns, charitable causes, and high-profile transparency exercises sometimes sign a public statement from a specific address. This lets supporters verify that the address belongs to the entity it claims to belong to, before they send funds.

The three signing standards you might encounter

There are unfortunately more than one. They are mostly compatible in practice, but the labels matter.

• Legacy / BIP-137 (“Bitcoin Signed Message”) — the original Satoshi-era format. Works only for P2PKH addresses (the ones starting with 1…). Every wallet supports verifying these.
• Electrum-style — Electrum’s extension of the legacy format to SegWit addresses (bc1q…). De-facto interoperable across most modern wallets, but technically nonstandard.
• BIP-322 — the modern standard, finalized in 2022, that works cleanly across all address types including taproot (bc1p…). As of 2026, supported by Sparrow, Bitcoin Core, Trezor, and Coldcard. Some older verifier websites still do not handle it.

Practical guidance: if you are signing from a legacy address (1…), use whatever your wallet offers; the result will verify essentially everywhere. If you are signing from a SegWit address (bc1q…) or taproot (bc1p…) — the formats covered in Bitcoin Address Types Explained — use BIP-322 if both sides support it; fall back to Electrum-style if not.

How to sign a message: three concrete walkthroughs

Sparrow Wallet (recommended default)

1. Open Sparrow with your wallet loaded.
2. Go to the Addresses tab.
3. Right-click the address you want to sign from. Select Sign / Verify Message.
4. Paste the message text in the Message box. (If a counterparty gave you one, use it verbatim.)
5. Click Sign Message. If your wallet is on a hardware device, you will need to confirm on the device.
6. Copy the resulting base64 signature.

Sparrow uses BIP-322 by default for SegWit and taproot addresses, falling back to legacy format for older addresses.

Electrum

1. In Electrum, open the Tools menu and select Sign / verify message.
2. Paste the message and the address you want to sign from.
3. Click Sign. Enter your wallet password if prompted.
4. Copy the signature.

Electrum uses its own legacy-style format. Most verifiers handle it, but BIP-322-only verifiers might not.

Coldcard (or other hardware wallet via PSBT-like workflow)

1. Save the message you want to sign as a text file on a microSD card.
2. Insert the microSD into the Coldcard, navigate to Advanced > Sign Message.
3. Select the file, then choose which derivation path to sign from. Confirm on the device’s screen.
4. The device writes the signature back to the microSD as a file. Move it back to your computer to deliver to the counterparty.

The big advantage of hardware-wallet message signing: the private key never leaves the device. Even when signing for an OTC desk that wants tens of millions of dollars of proof, you are never typing or copying the actual key.

How to verify a signature

The receiving side of message signing is just as important. If someone signs a message and sends it to you, you need three pieces to verify:

• The exact message text. One character changes everything.
• The address that supposedly signed it.
• The signature itself (the base64 blob).

Plug all three into Sparrow’s Verify Message tool or Bitcoin Core’s verifymessage RPC. A green “verified” is conclusive: the address controller did sign that message. A red “invalid” could mean three things — wrong message, wrong signature, or address-type mismatch with the verifier (legacy signature being tested by a SegWit-only tool, or vice versa). If you get an invalid result, try one or two alternative verifiers before assuming fraud; signature standard mismatches account for the vast majority of false negatives.

The most common mistakes

• Signing the wrong derivation path: a wallet has many addresses, and you have to make sure you are signing from the specific one the counterparty asked about.
• Adding trailing whitespace or autocomplete punctuation: signing “Hello” and signing “Hello ” produce different signatures. Triple-check the message text.
• Asking for verification of a taproot signature with a legacy-only verifier: this returns an invalid result that looks like fraud but is actually a tool mismatch.
• Signing a message that contains the password to something else: yes, this happens. The message you sign is permanent and may be shared with everyone who needs to verify. Never include a secret in the body.

The shortest possible summary

1. Message signing proves ownership of a private key without spending coins.
2. You will encounter it during OTC trades, exchange withdrawals, claim filings, and Bitcoin-native logins.
3. BIP-322 is the modern standard for SegWit and taproot; legacy and Electrum-style formats still work for older addresses.
4. Sparrow + hardware wallet is the simplest reliable workflow; Electrum and Coldcard are equally valid alternatives.
5. Verification needs all three of: exact message, address, signature. One character off and it fails.
6. Never embed secrets in a signed message; the message becomes part of the proof and is permanent.