All Guides
Understanding BIP-322: Generic Message Signing
The modern standard for proving Bitcoin address ownership across all address types.
What is BIP-322?
BIP-322 is a Bitcoin Improvement Proposal that defines a generic, extensible standard for signing arbitrary messages with any Bitcoin address type.
Instead of encoding the address type into a signature header byte (as BIP-137 does), BIP-322 constructs a virtual transaction — a "to_sign" transaction spending a virtual "to_spend" transaction — and signs it using the same script path that would be used to spend real funds from that address.
The result is a signature scheme that works uniformly across legacy addresses, SegWit addresses, and Taproot addresses, without requiring special cases for each type.
The specification is available at BIP-0322 on GitHub.
Why BIP-322 was needed
BIP-137 encodes the address type into the first byte of the signature. This worked well when P2PKH (legacy) addresses were the only type in widespread use. As SegWit and Taproot were introduced, BIP-137 was extended with new header byte ranges — but this approach has fundamental limitations.
Taproot (P2TR) uses Schnorr signatures instead of ECDSA. The BIP-137 header byte mechanism is incompatible with Schnorr, because Schnorr signatures do not support the public key recovery that BIP-137 relies on. BIP-322 solves this by treating the signing operation as a script execution rather than a raw signature.
Additionally, BIP-322 supports multisig and complex script types that BIP-137 cannot handle at all.
Supported address types
BIP-322 supports all current Bitcoin address types:
P2WPKH (native SegWit, bc1q... addresses)
The most common SegWit format. Requires BIP-322 — BIP-137 header bytes exist but are not universally supported.
P2TR (Taproot, bc1p... addresses)
Uses Schnorr signatures. BIP-322 is the only standardized signing method for Taproot.
P2SH-P2WPKH (wrapped SegWit, 3... addresses)
SegWit wrapped in a P2SH script for compatibility. BIP-322 handles this correctly.
P2PKH (legacy, 1... addresses)
Legacy addresses. BIP-322 works here too, though BIP-137 is also an option for legacy addresses.
VerifyBTC accepts both BIP-322 and BIP-137 signatures. BIP-322 is automatically used when the submitted signature matches the BIP-322 simple format.
Wallet support
BIP-322 adoption among wallets is growing. The following wallets support BIP-322 message signing:
Software wallets with BIP-322 support
Sparrow Wallet (Tools → Sign Message) — full support including Taproot
Electrum (Tools → Sign/verify message) — supports P2WPKH and P2SH-P2WPKH
Bitcoin Core (signmessage RPC) — supports P2WPKH via BIP-322
Wallets without BIP-322 support
BlueWallet — supports BIP-137 only (P2PKH and P2SH-P2WPKH)
Many mobile wallets — check your wallet's documentation
If your wallet does not support BIP-322, try importing your address into Sparrow Wallet using your seed phrase or xpub. Sparrow can sign messages for all address types.
BIP-322 vs BIP-137
The two standards differ in how they construct and encode signatures.
BIP-137
- 65-byte ECDSA signature, base64-encoded
- First byte encodes address type and recovery ID
- Works for: P2PKH, P2SH-P2WPKH, P2WPKH
- Does NOT work for: P2TR (Taproot)
BIP-322 simple
- Virtual transaction serialized and base64-encoded
- Script execution proves ownership (no header byte)
- Works for: all address types including P2TR
- Schnorr and ECDSA both supportedBoth standards are accepted by VerifyBTC. The verification backend automatically detects which format was used based on the signature structure and records it as the signature_method field.
For new integrations and modern address types, BIP-322 is the recommended standard. For legacy P2PKH addresses, either standard works.
See also: BIP-137 guide for the legacy message signing standard.
Need to verify Bitcoin ownership for your business?
Get Started Free