Topic: easy offline transactions - 1 BTC bounty - page 3. (Read 6189 times)

> I'm feeling more and more that the appropriate place to enter the destination address and transaction amount may be in the offline component.  Is convenience the main reason you want to enter the address and amount in the online component?

Yes, it was... it seems easier to copy + paste the destination address on the online machine. Also it seems conceptually simpler (at least to me) that all you are doing offline is the "signing". I could live with the other approach though.

Anyway, it's a great job you're doing, looks really nice too.

When you think it's ready enough, I'll send you the 1 BTC bounty using it


BkkCoins, the more options we have to do this the better, of course!

It looks like I may have to run my own node on a VPS earlier for queries to the blockchain for unspent outputs, and then to broadcast the signed tx.  I'm running into problems now with the cross-domain requests to blockchain.info, even through it was working before.  I suspect that since both brainwallet and I are using YQL to query the blockchain.info API, we might be running into some kind of API limits set by Ben.  I've put in a support request to blockchain.info about the issue, and also asked here on the forum.

While I could change the code to use blockchain explorer's API (they use a different format), I hesitate to do so since we could run into the same issue with them.  

Meanwhile, I've put up some UI improvements to the github repo.

EDIT: Having looked into the blockchain.info situation further, it's clear that we're being blocked.  This is probably because brainwallet and I are both using YQL (Yahoo) to access blockchain.info client-side (otherwise we run into cross-domain issues).  As such, to blockchain it looks like one requester, and so we're rate limited as soon as brainwallet is.  It's possible we're running into daily limits, since I had only run 2-3 requests today when it stopped working.  In any case, I'm concerned the same could happen with block explorer API, so I'm looking into hosting this API myself.  Unfortunately, I had forgot that bitcoind client does not catalog the unspent outputs of every address -- just those from the local wallet.dat -- so there is no rpc command to simply fetch the outputs for a given address. As such, I have to build up that database myself.  I've started on this today and will try to get it done in the next day or two.

Yes. I think ideally then it could create a new text page with only instructions and data which the user can Save As to the offline device. You would only enter the destination address on the offline computer at signing time.

The signing page could have a File Open button that allows selecting the input data file and a send-to address field. It could also have a paste button for those that like to copy+paste but I think users would find it easier to click Open and choose a file. Once loaded a nicely formatted summary would be presented before the user pastes in keys or click to Open a Key File (which could contain multiple keys) making it easy to sign the transaction.

I may still code this up for fun even though it sounds like the bounty is committed already.

As well as removing the wifi card I plugged both the LAN and modem sockets on an old notebook with "sawn off" mangled plugs.

Thanks for the tips.  Those types of UI additions are exactly what I'll be working on tomorrow.  However, this being a web-based project, there are limits to what kind of I/O monitoring I'll be able to do.  In any case, if you're dealing with large sums of btc, I'd really recommend disabling bluetooth and wifi altogether on your offline computer you use for signing, and keeping them off.  I physically removed the wifi receiver from my laptop that I turned into an offline transaction signer.

I'm using JSON as the format of the paste generated by the online page.  As such, the JSON.parse() function provides significant protection against what you are describing.  JSON.parse() was created specifically as a way to prevent execution of arbitrary code embedded in JSON and is available on all modern browsers.  Plus, as you specified, I have a confirmation modal popup on the offline app displaying the values as they will be inserted into the raw tx.

Nonetheless, after creating an initial working prototype, I'm feeling more and more that the appropriate place to enter the destination address and transaction amount may be in the offline component.  Is convenience the main reason you want to enter the address and amount in the online component?

I've gone ahead and pushed my initial version as a way to kind of pre-claim the bounty, but I'm not finished yet.  In fact, please don't use the app yet for any transactions, even though I've already used it to send btc on the blockchain [1].  It's not been fully tested.

I plan on doing a lot of work on the UI tomorrow, doing some testing, and also producing a GPG-signed release of the MD5 hashes.  In fact, I may throw significant energy into this project, including hosting the online portion with SSL, hosting my own full Bitcoin node for querying the blockchain and broadcasting tx's, instead of farming it out to blockchain.info (which as done now requires a third-party intermediary since it's a cross-domain request), and perhaps some other fun stuff, all while keeping it extremely simple to use.  I'll probably put up some tasteful ads on the hosted online app to try to recoup the development and hosting costs, but the all the code needed to conduct these transactions will be open source so no one will have to use my hosted version if they don't want to.

I'm open sourcing the code under MIT, and will continue to open source the offline secure signing app and online component as described in xDan's spec above.  If I do code up some of the stuff I mention above, I may keep some of the server-side code closed.  We'll see.  But all the security-critical code will be open-source.

I've used significant code from both Brainwallet and BitcoinJS, which are Public Domain and MIT-licensed respectively.  So a big thanks to those guys, it's incredibly cool that all this stuff is being done with JS.  I've also used AngularJS and a few other standard liberally-licensed JS libraries.

Anyway, once xDan and crazy_rabbit are satisfied, the bounty can go to: 1KpN5iePG1czLnBvJLzSQWXz9cerBWuBo2  As a said, it's not ready yet, I still need to pretty-up the UI and build these apps into single-page HTML files, and issue GPG-signed hashes of the code.

GitHub repo: https://github.com/esbullington/bitcoin-secured
Transaction on blockchain created using this app: https://blockchain.info/tx/6549d360e1493865bebe5b90649de8f0d068e109655a2b618fa6d1f7648d8892  As you can see, the change goes back to the sending address, as requested.  Do note that you give up some anonymity in exchange for this convenience, since all your transactions will be tied to a single address.

One final note: if you're interested in offline transactions and don't mind maintaining a full node with bitcoind or bitcoin-qt, I'd strongly recommend taking a look at Bitcoin Armory.  Etotheipi has done a really great job.  That said, I think there's room for a real lightweight implementation of this that doesn't require the blockchain, thus my interest in xDan's proposal.

What you do is heroic. Load it up with plenty of 'idiot lights' as displayed across my automobile dashboard. Road signs too: 'this computer is not offline!' 'you are about to access the big piggy!' Allow users to import 'skins' for all languages including all sorts of useful tips. 'usb detected' 'bluetooth request' detected... etc. So much work needs to be done, thanks for all you do.

I will add .3BTC to this bounty (valid till the end of april) myself. This is crazy hard to do currently and frustrating to no end. Indeed, not spending BTC is simply the safest way to handle btc.

EDIT: Should have a look at Slush's TREZOR project. It's a hardware bitcoin wallet that might be useful for something like this.

> Since the web page is verified the page it creates for moving offline should be trustworthy to the same level as one that you already have offline that you would paste data into.

You would have to re-verify it each time you use it though, if you think your online machine might be compromised in the future... if you keep it saved locally there is a running possibility of being compromised at a later date. I can imagine with the other approach this verification only needs doing once, so you only need care about being compromised the time at which you download + copy the "signtransaction.html" across to the offline machine. So the window of attack is smaller. (But still sadly present of course.)

>  I can imagine an infection that monitors clipboard data and when it sees transaction info it alters the destination address to it's own before the paste operation.

Well, you must visually confirm the destination address and other details on the offline system (as displayed by the "signtransaction.html"). This is an important part.

I assume after signing the transaction offline it is tied permanently to a particular amount and destination address and cannot be modified. (I hope that's correct, I'm no expert)

> A thought I had about doing it this way is that it allows using a LiveCD where absolutely nothing has been changed on the offline system. Otherwise you either need to build the offline image containing the special signing page, or copy it on after booting.

That is a very good point. Personally, I have a full (clean) linux system I use with hard drive, which I will use for signing.

My intention was that the html would be fully self-contained and downloadable to your local machine. So you could verify it with sha like bitaddress.org. It would still need info while online to build the transaction. Since the web page is verified the page it creates for moving offline should be trustworthy to the same level as one that you already have offline that you would paste data into.

I'm not sure you give anything up because copy/pasting data has it's vulnerabilities too. I can imagine an infection that monitors clipboard data and when it sees transaction info it alters the destination address to it's own before the paste operation.

I suppose it could create a new page with just data which you then Save As to your offline disk. Even then the user has to be knowledgeable enough to visually inspect the data for changes since an infected system could alter data through almost any method.

A thought I had about doing it this way is that it allows using a LiveCD where absolutely nothing has been changed on the offline system. Otherwise you either need to build the offline image containing the special signing page, or copy it on after booting.

BkkCoins,

creating a new web page implies you must trust the online machine, no? Otherwise it could inject something malicious? e.g. send the btc to an attacker's address.

(I know that scenario is unlikely, but I'd still like to see something both user friendly and highly secure. The people who need this - people who are using offline wallets created on air gapped machines - obviously are very paranoid about security.)

with my method, the offline page would verify the transaction data. (We assume here the offline page can then be tested well by the community, perhaps even analysed and signed by some experienced and trusted member, and so trusted to correctly verify transactions.)

I guess the create a new web page approach can be trusted, but still you have to continue trusting it not to be corrupted at a later date (every time you create a transaction you may have some fear that it will have been compromised and behave differently this time). Whereas with the entirely offline approach you only have to apply trust once.

(I agree your approach might be more user friendly though)

...

hmm, now I'm wondering if some bug/flaw could be found in the offline web browser, triggered by something injected into the transaction data... I wonder if there exists a truly 100% perfectly secure approach? If only the block chain data wasn't required. (You see how paranoid I am )

...

There is also already an excellent and fairly easy to use page for anyone who is happy to do this online: http://brainwallet.org/#tx

Although far from easy to use http://ciyam.org/rawtx_helper.html may be of some help to those who are putting this together (welcome to any of the .js if it useful).

I would tackle this slightly differently.

The main html page should have a place to paste in addresses and these immediately are updated with current balances (outputs summed). ie. it acts like a wallet page. The user can select any of these (or none if they don't care to select inputs) and then enters in an amount, fee and destination address. The last thing is a "Create" button.

This button doesn't create a block of info - it creates a new web page that contains the JS signing code, transaction summary (tech details exposed by click maybe for those interested), an area to paste in keys (either normal or deterministic seed are possible) and instructions/choices. And a "Send" button. Maybe it has a list of input addresses that get checked off as you paste each key.

Those who want to complete online can paste their keys and click "Send". Those who want to complete offline can use File,Save As to save it to a usb stick or hard disk. They would then reboot on LiveCD, or xfer usb stick to secure computer.

They open the "Send" page and paste in their keys, and click "Send". Again this creates a new web page with the final signed transaction embedded and JS code for sending. They either go online and click "Send" or File, Save As to a usb again for transport back to online computer. They open and click "Send".

This approach is easier for users than copy/pasting raw data since they're going to have to paste into a file for saving anyway in order to get it to the offline system.

I could code this but I'm not sure 1 btc is enough to do it. Maybe if I put advertising into the page and hosted it I could recoup the development effort. Anyway, I put this out there to see if people like the methodology. I think it's more friendly for non-techies as each step is explained right on the pages as you go.

I even happen to own a domain that could work for this: paperwallet.info

Easy peasy ->

Make a normal transaction in a online insecure seedless wallet.
Grab the tx file and use the buttons shown in the image above ^ to sign the tx in the offline wallet.
Done!



edit: sorry for the screenshot in Spanish, but I'm not gonna upload the image again, I'm using my 3G plan

Great! I look forward to it

btcven, the idea here is for something far simpler and more newbie friendly than that.

Electrum -> https://github.com/spesmilo/electrum/blob/master/docs/offline_wallets

Out of curiosity, I started playing around with this to see how it would be done, and I've ended up finishing most of Part 1.  I'll see if I can finish up Part 1 and do Part 2 this weekend and release them both on Monday.  It's a good idea.

 I'll try to see what I can do with JavaScript but I'm already working on 3 projects so I'm not sure I'll find some time

> Anyway, the next release of pywallet (which should comply with your 5 needs, if not, tell me) is planned on this week-end and will have transactions management

That's really great if you are doing that.

(Though, for this particular bounty, I would like something precisely as I described using HTML/Javascript.)

Yeah I missed the noob-friendly part
Anyway, the next release of pywallet (which should comply with your 5 needs, if not, tell me) is planned on this week-end and will have transactions management. That would not be tough to make what you ask possible
I don't know if other software already does it though