Topic: Easy offline transactions with standard client (Read 4191 times)
Does this also work through the command line or is it only available at the webpage? This process can be automated which could be useful, for example, to allow one computer at a DMZ to send bitcoin transactions signed by another computer located inside a secure LAN. If the DMZ computer is compromised the private keys are still secure.
This would be extraordinarily useful for high-value accounts, ones which store millions+ of USD worth of crypto-tokens. Something like that is simply too valuable to secure on any system connected to the internet.
My group is working on this for our own altchain client. In our application, the “master keys” to a bank or exchange's primary account will be printed off as QR codes, and stored in safety deposit boxes. Transactions to/from this account would use MULTISIG with 2-of-3 signatures required, and we'll have an offline machine in a secure location (safe requiring multiple keys to access) with attached scanner and printer. To do a transaction out, you need at least all the keys to the safe and two QR codes. The machine performs an offline transaction (using the scanner to input the keys), then prints that transaction as a QR code. Anyone can then take that QR code and use it on a machine connected to the internet to broadcast the transaction.
The master keys to the organization's accounts are never stored or processed on a computer connected to the internet, multiple people are required to be present making it harder for an insider job, and existing/familiar organizational security measures can be employed.
My group is working on this for our own altchain client. In our application, the “master keys” to a bank or exchange's primary account will be printed off as QR codes, and stored in safety deposit boxes. Transactions to/from this account would use MULTISIG with 2-of-3 signatures required, and we'll have an offline machine in a secure location (safe requiring multiple keys to access) with attached scanner and printer. To do a transaction out, you need at least all the keys to the safe and two QR codes. The machine performs an offline transaction (using the scanner to input the keys), then prints that transaction as a QR code. Anyone can then take that QR code and use it on a machine connected to the internet to broadcast the transaction.
The master keys to the organization's accounts are never stored or processed on a computer connected to the internet, multiple people are required to be present making it harder for an insider job, and existing/familiar organizational security measures can be employed.
I could imagine an offline computer generating transactions which could be displayed by QR code, printed, or exported to USB, and then injected into any old online client.
rant/ I've often been puzzled that bitcoin doesn't take the unix approach with many little utilities that do one thing and one thing well. I was hoping the node.js client would take that route. Why does the client need to confirm that it actually has the bitcoins before sending them? I realize false sends would 'spam' the network, but malicious users can and might do that anyway. /rant
rant/ I've often been puzzled that bitcoin doesn't take the unix approach with many little utilities that do one thing and one thing well. I was hoping the node.js client would take that route. Why does the client need to confirm that it actually has the bitcoins before sending them? I realize false sends would 'spam' the network, but malicious users can and might do that anyway. /rant
Just for the record, there is also a transaction export/import patch for bitcoin (GUI and CLI).
You have to compile bitcoind yourself, but after that, it is much easier to use IMHO.
https://bitcointalksearch.org/topic/is-there-an-importexport-transaction-patch-28278
Yes, and this is this patch that made me think about implementing itYou have to compile bitcoind yourself, but after that, it is much easier to use IMHO.
https://bitcointalksearch.org/topic/is-there-an-importexport-transaction-patch-28278
The only problem I see is that it requires to build bitcoin and it's dependencies
When I tested to build bitcoin it was really a pain (Ubuntu), so I think building it without internet connection must be even more boring
Why not put it into the official distribution? I think all you need to operate a completely offline wallet and make it easy would be an ability to export/import the latest blocks and to export/import transactions (on import, the client would just behave exactly as it would if it had received the transaction from the network). For the blocks, if the export could just export the blocks downloaded since the last export, it would probably make it quicker to keep the offline wallet's blocks updated.
To import/export transactions, pywallet works fine, or maybe I didn't understand correctly what you was meaning
Just for the record, there is also a transaction export/import patch for bitcoin (GUI and CLI).
You have to compile bitcoind yourself, but after that, it is much easier to use IMHO.
https://bitcointalksearch.org/topic/is-there-an-importexport-transaction-patch-28278
Yes, and this is this patch that made me think about implementing itYou have to compile bitcoind yourself, but after that, it is much easier to use IMHO.
https://bitcointalksearch.org/topic/is-there-an-importexport-transaction-patch-28278
The only problem I see is that it requires to build bitcoin and it's dependencies
When I tested to build bitcoin it was really a pain (Ubuntu), so I think building it without internet connection must be even more boring
Why not put it into the official distribution? I think all you need to operate a completely offline wallet and make it easy would be an ability to export/import the latest blocks and to export/import transactions (on import, the client would just behave exactly as it would if it had received the transaction from the network). For the blocks, if the export could just export the blocks downloaded since the last export, it would probably make it quicker to keep the offline wallet's blocks updated.
Just for the record, there is also a transaction export/import patch for bitcoin (GUI and CLI).
You have to compile bitcoind yourself, but after that, it is much easier to use IMHO.
https://bitcointalksearch.org/topic/is-there-an-importexport-transaction-patch-28278
Yes, and this is this patch that made me think about implementing itYou have to compile bitcoind yourself, but after that, it is much easier to use IMHO.
https://bitcointalksearch.org/topic/is-there-an-importexport-transaction-patch-28278
The only problem I see is that it requires to build bitcoin and it's dependencies
When I tested to build bitcoin it was really a pain (Ubuntu), so I think building it without internet connection must be even more boring
Just for the record, there is also a transaction export/import patch for bitcoin (GUI and CLI).
You have to compile bitcoind yourself, but after that, it is much easier to use IMHO.
https://bitcointalksearch.org/topic/is-there-an-importexport-transaction-patch-28278
You have to compile bitcoind yourself, but after that, it is much easier to use IMHO.
https://bitcointalksearch.org/topic/is-there-an-importexport-transaction-patch-28278
Is it possible to write something with the following functionality?
This would allow a secure transaction with only one computer that can be online, with secure addresses kept offline.
I'm not aware of how feasible this is to program. As I understand it, you method requires the bitcoin instance on Computer A to write the transaction data.
I would love toQuote
Take as input:
1) a private key (e.g. from a paper wallet, generated with vanity gen or similiar, which has received coins but has never been in a wallet)
1a) the balance of the private key address (enter as parameter or query this from blockexplorer)
2) a transaction amount
3) a destination address
4) a change address (e.g. new, unused paper wallet or vanity generated address, never stored in a wallet)
Write the transaction to send the "transaction amount" from the "private key" to the "destination address" and send change to the "change address".
Broadcast this transaction (or input into new wallet and run bitcoin(d) to broadcast).
1) a private key (e.g. from a paper wallet, generated with vanity gen or similiar, which has received coins but has never been in a wallet)
1a) the balance of the private key address (enter as parameter or query this from blockexplorer)
2) a transaction amount
3) a destination address
4) a change address (e.g. new, unused paper wallet or vanity generated address, never stored in a wallet)
Write the transaction to send the "transaction amount" from the "private key" to the "destination address" and send change to the "change address".
Broadcast this transaction (or input into new wallet and run bitcoin(d) to broadcast).
This would allow a secure transaction with only one computer that can be online, with secure addresses kept offline.
I'm not aware of how feasible this is to program. As I understand it, you method requires the bitcoin instance on Computer A to write the transaction data.
After testing signing/verifying messages feature I just implemented, that will be my next task. Should take a lot of time though
Is it possible to write something with the following functionality?
This would allow a secure transaction with only one computer that can be online, with secure addresses kept offline.
I'm not aware of how feasible this is to program. As I understand it, you method requires the bitcoin instance on Computer A to write the transaction data.
Quote
Take as input:
1) a private key (e.g. from a paper wallet, generated with vanity gen or similiar, which has received coins but has never been in a wallet)
1a) the balance of the private key address (enter as parameter or query this from blockexplorer)
2) a transaction amount
3) a destination address
4) a change address (e.g. new, unused paper wallet or vanity generated address, never stored in a wallet)
Write the transaction to send the "transaction amount" from the "private key" to the "destination address" and send change to the "change address".
Broadcast this transaction (or input into new wallet and run bitcoin(d) to broadcast).
1) a private key (e.g. from a paper wallet, generated with vanity gen or similiar, which has received coins but has never been in a wallet)
1a) the balance of the private key address (enter as parameter or query this from blockexplorer)
2) a transaction amount
3) a destination address
4) a change address (e.g. new, unused paper wallet or vanity generated address, never stored in a wallet)
Write the transaction to send the "transaction amount" from the "private key" to the "destination address" and send change to the "change address".
Broadcast this transaction (or input into new wallet and run bitcoin(d) to broadcast).
This would allow a secure transaction with only one computer that can be online, with secure addresses kept offline.
I'm not aware of how feasible this is to program. As I understand it, you method requires the bitcoin instance on Computer A to write the transaction data.
Are wallet a and b completely different? I mean can a wallet now be never online and still do transactions?
Yes absolutelyBut the offline wallet still needs to have a blockchain where it sees it can spends the amount of the tx
This doesn't need to be online, transfering the blk* files with a USB drive is enough
Are wallet a and b completely different? I mean can a wallet now be never online and still do transactions?
This is great.
The tx_k and tx_v values, does anyone know how they are generated ?
I guess they are signed with the private key.
They are the data that the client wrote inside the wallet, so yes it must be signedThe tx_k and tx_v values, does anyone know how they are generated ?
I guess they are signed with the private key.
I'm not sure I'd call this EASY, but it certainly is workable. Not to mention it makes a starting point for actually making it easy.
Updated, one can now export tx's to a file and import the file, see 'short method'I can't make it easier
This is great.
The tx_k and tx_v values, does anyone know how they are generated ?
I guess they are signed with the private key.
The tx_k and tx_v values, does anyone know how they are generated ?
I guess they are signed with the private key.
I'm not sure I'd call this EASY, but it certainly is workable. Not to mention it makes a starting point for actually making it easy.
It was something I wanted for me and I believe it can be useful for others
I just tested it and it works as expected
Here's the situation:
A is offline and makes a transaction, B will broadcast it
Instructions:
Short method, exporting all tx's:
Backup your wallets
Close all Bitcoin instances
Everything has to be done on A until I said it's on B
From now, everything is made on B
Long method, exporting only one tx:
Backup your wallets
Close all Bitcoin instances
Everything has to be done on A until I said it's on B
From now, everything is made on B
Now, run bitcoin on B and it will broadcast the transaction made by A
Feel free to post comments/suggestions/etc
I just tested it and it works as expected
Here's the situation:
- Computer A, with:
- wallet located at /home/a/.bitcoin/wallet.dat
- pywallet downloaded somewhere and running using './pywallet.py --web'
- Computer B, with:
- wallet located at c:\bitcoin\b\wallet.dat
- pywallet downloaded somewhere and running using './pywallet.py --web'
A is offline and makes a transaction, B will broadcast it
Instructions:
Short method, exporting all tx's:
Backup your wallets
Close all Bitcoin instances
Everything has to be done on A until I said it's on B
- Send your transaction
- Go to http://localhost:8989
Under the Dump transactions section:
Type '/home/a/.bitcoin' and 'wallet.dat' in wallet directory and wallet filename
Type the full path of the output file, e.g. on a USB drive
Then click on the Dump button
From now, everything is made on B
- Go to http://localhost:8989
Under 'Import a transaction into your wallet' section:
Write 'c:\bitcoin\b' and 'wallet.dat' in wallet directory and wallet filename
Type 'file' in Txk
And the path of the output file in Txv
Click the Import button - This should return: (if not, let me know)Quotetxk: file
x transactions imported in c:\bitcoin\b\wallet.dat
Long method, exporting only one tx:
Backup your wallets
Close all Bitcoin instances
Everything has to be done on A until I said it's on B
- Send your transaction: if you use bitcoind, you already have your txid, if you use GUI, remember the amount you sent
- Go to http://localhost:8989
Under the Dump section, enter '/home/a/.bitcoin' and 'wallet.dat' in wallet directory and wallet filename
Then click on the Dump button - Using Ctrl-F, find either your txid or your amount (beware, there may be more than one transaction with that amount)Quote{
"tx_id": "ae788fb76a935c5f3127bf5c7d860be4f90bae89782235ab55baf559a917404e",
"tx_k": "0274784e4017a959f5ba55ab35227889ae0bf9e40b867d5cbf27315f5c936ab78f78ae",
"tx_v": "0100000001d9f102cc434df41ef7[...]370656e74000001000000aa3a3f4e0100",
"txin": [
{
...
}
],
"txout": [
{
...
},
{
"scriptPubKey": "76a91425e8b5ed100729c5027a49643219e30a67356a3e88ac",
"value": 10.0
}
]
}, - Copy tx_k and tx_v values on a USB drive
From now, everything is made on B
- Open the file with tx_k and tx_v
- Go to http://localhost:8989
Under 'Import a transaction into your wallet' section:
Write 'c:\bitcoin\b' and 'wallet.dat' in wallet directory and wallet filename
Paste tx_k in Txk
And tx_v in Txv
Click the Import button - This should return: (if not, let me know)Quotetxk: tx_k
1 transaction imported in c:\bitcoin\b\wallet.dat
Now, run bitcoin on B and it will broadcast the transaction made by A
Feel free to post comments/suggestions/etc
Jump to: