17:12:56 <m-relay> <d​atahoarder:monero.social> Hey, view-only wallets generate signatures within the advanced menu using the spend key, with the right spend public key but spend private key of zero. This makes these signatures not self-verifiable or proper.
17:12:56 <m-relay> <d​atahoarder:monero.social> monero-wallet-cli and RPC both allow setting either making the signature using the spend or view private key, and the code downstream supports this. Verification also returns which key signed the message.
17:12:57 <m-relay> <d​atahoarder:monero.social> Seems it is just a missing feature within GUI that is well supported within Monero code and RPC, and the method to sign/verify for both is documented.
17:12:57 <m-relay> <d​atahoarder:monero.social> The code TL;DR `get_message_hash mode=0, s_comm.key = spend_pub, but secret_key &sec = spend_zero`. On Monero GUI code, `QString Wallet::signMessage(const QString &message, bool filename) const` within `libwalletqt/Wallet.cpp` uses `m_walletImpl->signMessage()`, then signMessage() just takes the message and then calls `m_wallet->sign(message, tools::wallet2::sign_with_spend_key);`<clipped message>
17:12:58 <m-relay> <d​atahoarder:monero.social> . This hardcodes to always use the spend key, even for view wallets.
17:13:35 <m-relay> <d​atahoarder:monero.social> https://matrix.monero.social/_matrix/media/v1/download/monero.social/EWeDgSCEzYBgfaoUDhkzPRYs
22:50:59 <selsta> datahoarder can you open an issue for it?