Author

Topic: API xpubWalletGenerator (Read 176 times)

jr. member
Activity: 45
Merit: 5
March 08, 2019, 11:33:51 PM
#7
ok I will try it, however a solution to what you say would be to give the option to save the derivation route by xpub would only add one more field to the db, if this was a private service something personal security problems you see ?

the only issues with sharing the xpub that i am aware of are
- privacy issue, which is obvious since anybody having the xpub can get all the addresses that belongs to that user.
- security issue which is only when non-hardened paths are used and 1 and only 1 private key is leaked. the attacker can easily find the master private key by having that 1 private key and the extended public key.

apart from that xpub is just as safe as public keys.


thank you, all the comments are very grateful, I will work on it
legendary
Activity: 3472
Merit: 10611
March 08, 2019, 11:18:20 PM
#6
ok I will try it, however a solution to what you say would be to give the option to save the derivation route by xpub would only add one more field to the db, if this was a private service something personal security problems you see ?

the only issues with sharing the xpub that i am aware of are
- privacy issue, which is obvious since anybody having the xpub can get all the addresses that belongs to that user.
- security issue which is only when non-hardened paths are used and 1 and only 1 private key is leaked. the attacker can easily find the master private key by having that 1 private key and the extended public key.

apart from that xpub is just as safe as public keys.
jr. member
Activity: 45
Merit: 5
March 08, 2019, 11:01:52 PM
#5
i don't know about copay but Electrum is one of the rare wallets that uses non-hardened paths which is why you can use the master public key to derive the child keys. if you want to find out more about how these things work then read BIP32: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

there is another option for wallets that use a hardened path which is deriving the child extended public key and then importing that but setting the derivation path after than to m/0, m/1, ...
for example if a wallet uses the path m/0'/44'/2' and each key comes from m/0'/44'/2'/0 and m/0'/44'/2'/1 and so on then the user can get the extended public key from the master private key at m/0'/44'/2' and then uses that to get the child public keys by extending them one level (meaning add the /0, /1,...).

obviously this wouldn't work if the keys are also hardened (m/0'/44'/2'/0', m/0'/44'/2'/1',...).

you can play around with the concept here: https://iancoleman.io/bip39/ generate a random key and scroll down to "Derivation Path" and select BIP32 tab and set different derivation paths. you can copy the xpub in textbox above this part called "BIP32 Root Key" and see which one works and which ones don't.



ok I will try it, however a solution to what you say would be to give the option to save the derivation route by xpub would only add one more field to the db, if this was a private service something personal security problems you see ?
legendary
Activity: 3472
Merit: 10611
March 08, 2019, 10:51:20 PM
#4
i don't know about copay but Electrum is one of the rare wallets that uses non-hardened paths which is why you can use the master public key to derive the child keys. if you want to find out more about how these things work then read BIP32: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

there is another option for wallets that use a hardened path which is deriving the child extended public key and then importing that but setting the derivation path after than to m/0, m/1, ...
for example if a wallet uses the path m/0'/44'/2' and each key comes from m/0'/44'/2'/0 and m/0'/44'/2'/1 and so on then the user can get the extended public key from the master private key at m/0'/44'/2' and then uses that to get the child public keys by extending them one level (meaning add the /0, /1,...).

obviously this wouldn't work if the keys are also hardened (m/0'/44'/2'/0', m/0'/44'/2'/1',...).

you can play around with the concept here: https://iancoleman.io/bip39/ generate a random key and scroll down to "Derivation Path" and select BIP32 tab and set different derivation paths. you can copy the xpub in textbox above this part called "BIP32 Root Key" and see which one works and which ones don't.
jr. member
Activity: 45
Merit: 5
March 08, 2019, 10:29:49 PM
#3
it is somewhat pointless because of two things.
it lacks privacy and people have other better options such as running light wallets like Electrum and creating a watch only wallet there with their master public key.
it also wouldn't work for most wallets since nowadays they mostly use hardened paths which means you can't derive the child keys from a master public key!

P.S. you should move this to Project Development board, there is a button for it at the bottom left side of this page.


thanks actually I was developing it for internal use of several projects that need to generate addresses of different currencies the idea was to expand it for that purpose, as for what you say for me to worked with the xpub of electrum and copay something that is enough for my purposes, however you could indicate me what steps I should follow to lean towards one of the options that you recommend me
legendary
Activity: 3472
Merit: 10611
March 08, 2019, 10:23:54 PM
#2
it is somewhat pointless because of two things.
it lacks privacy and people have other better options such as running light wallets like Electrum and creating a watch only wallet there with their master public key.
it also wouldn't work for most wallets since nowadays they mostly use hardened paths which means you can't derive the child keys from a master public key!

P.S. you should move this to Project Development board, there is a button for it at the bottom left side of this page.
jr. member
Activity: 45
Merit: 5
March 08, 2019, 10:05:17 PM
#1
hello I've been creating an API that generates wallets from an xpub address, the API allows you to create a user and add an attached xpub to a label this plus a user token is the only thing you need to generate addresses with a url (GET).

apiurl/walletGenerator/get_wallet/token/currency/label


You can find all the information at https://github.com/guxal/xpubWalletGenerator

I would like you to try it and tell me your experience if someone is capable of breaking it I would appreciate it, I am aware that the API authentication method is not the best I would like opinions on this for its improvement.

the source code will be released in due time.

all your help will be appreciated.

If someone is interested in the service and wants to finance its expansion, you can use our url to generate your donation address.

http://104.238.181.82/walletGenerator/get_wallet/077d2f2d63d9678f821ff45b028b04a62fe99be433216dda73dfc83f01f29c3a5f0b46921b126829df6eb58652e96636caf5b5f0ce678c1230e095186adb5559/btc/bitcoindonation


Jump to: