Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: How can I sign and send transaction without importing private key ? (Read 224 times)

andreibi
legendary
Activity: 1647
Merit: 1012
Practising Hebrew before visiting Israel
How can I sign and send transaction without importing private key ?
August 23, 2018, 10:26:46 PM
#9
Quote from: Uniex on August 23, 2018, 05:10:41 AM
I want to create online wallet without storing user private keys.

For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance.
Is there any way to do it ? any ideas ?

You can't create an online wallet in the purest sense of the word without storing the encrypted private keys. The only thing you can do is make the signed broadcast transaction service much simpler.
Jaycee99
sr. member
Activity: 1036
Merit: 273
Re: How can I sign and send transaction without importing private key ?
August 23, 2018, 07:04:24 PM
#8
Quote from: Uniex on August 23, 2018, 05:10:41 AM
I want to create online wallet without storing user private keys.

For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance.
Is there any way to do it ? any ideas ?

Online wallet? Without using any privet key?  Not new here but I can see an option wheere you need to use a onlile wallet which means you need to.

As of I know that privet key is a password? So guessing it is a bad idea to send it using https?(first time to heard of it *peace*)so in my side it is a bad idea. Is my translation working for this discussion? Is it correct? Please to clarify my correction. I just want to help here:)

Now, as I can see that the best any kind of option is online like binance wallet still base on what  I understand and basing from my small knowledge about bitcoin node it has many risk but still it is up to one person to make it work without any kind of hesitation.

HCP
legendary
Activity: 2086
Merit: 4314
Re: How can I sign and send transaction without importing private key ?
August 23, 2018, 05:42:10 PM
#7
Quote from: Uniex on August 23, 2018, 05:10:41 AM
... user sends to server his private key(via https) just to sign transaction...
Seriously? Huh Shocked You want users to transmit their private keys to a remote server??!? Huh Shocked Shocked

you should NEVER be transmitting private keys (regardless of whether or not HTTPS is used). This entire idea is Broken™


Quote from: Uniex on August 23, 2018, 05:10:41 AM
any ideas ?
Yes, go away and rethink your design.  Roll Eyes
odolvlobo
legendary
Activity: 4298
Merit: 3209
Re: How can I sign and send transaction without importing private key ?
August 23, 2018, 01:41:25 PM
#6
Private keys must never be transmitted. The transaction should be signed offline. A hardware wallet is an excellent solution.
Thirdspace
hero member
Activity: 1232
Merit: 738
Mixing reinvented for your privacy | chipmixer.com
Re: How can I sign and send transaction without importing private key ?
August 23, 2018, 08:46:36 AM
#5
Quote from: Uniex on August 23, 2018, 05:10:41 AM
I want to create online wallet without storing user private keys.
you can create something similar to MyEtherWallet.com (MEW) but for bitcoin
so the user is responsible for his own private keys (or mnemonic seed)

Quote from: Uniex on August 23, 2018, 05:10:41 AM
For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance.
Is there any way to do it ? any ideas ?
your server runs a full node with web and js interface for user's wallet
user SHOULD NEVER send private key to your server
your code should be able to create and sign raw transaction on client's side
then your server accepts only the signed rawtx and passes it to your node
and finally your node broadcasts the transaction to bitcoin network
NeuroticFish
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Re: How can I sign and send transaction without importing private key ?
August 23, 2018, 07:14:43 AM
#4
Quote from: Uniex on August 23, 2018, 05:10:41 AM
user sends to server his private key(via https) just to sign transaction or view his balance.

Just a small correction, you need the private key only to sign the transaction.
For viewing balance and all other things, including the build of the transaction, the address should be enough. I think that with this approach your project could be even safer.
bob123
legendary
Activity: 1624
Merit: 2481
Re: How can I sign and send transaction without importing private key ?
August 23, 2018, 05:21:37 AM
#3
Quote from: Uniex on August 23, 2018, 05:10:41 AM
I want to create online wallet without storing user private keys.

This definitely is doable. You might simply want to do this with JS or PHP.
Then just host it and open source the code.



Quote from: Uniex on August 23, 2018, 05:10:41 AM
For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance.

The signing and address generation should be done on the client side.
Your server should only be providing the required information (balances of given addresses, service to push the transaction, ...).



Quote from: Uniex on August 23, 2018, 05:10:41 AM
Is there any way to do it ? any ideas ?

Besides all sensitive information always being processed client-sided, you'd need to create your backend which interacts with the core node to retrieve the information.

Blockchain.com (previously blockchain.info) basically does that with the exception that they are storing encrypted copies of the private keys.
The better approach regarding security would be to not store these information on the server (e.g. like MEW with a wallet file / seed).
mdayonliner
copper member
Activity: 630
Merit: 420
We are Bitcoin!
Re: How can I sign and send transaction without importing private key ?
August 23, 2018, 05:13:50 AM
#2
Quote from: Uniex on August 23, 2018, 05:10:41 AM
I want to create online wallet without storing user private keys.

For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance.
Is there any way to do it ? any ideas ?

Quote from: https://bitcoin.stackexchange.com/questions/23694/is-it-possible-to-send-coins-without-importing-private-key
There is a point I want to add, however. It is possible to send coins without importing the private key into a computer which is connected to the Internet. In fact, this is how a properly run exchange or online wallet service ought to maintain its cold storage. Normally, funds are just sent to the public address of the cold storage. When it comes time to send coins out of cold storage, the private key is imported into an offline computer, the transaction is generated and signed, and the signed transaction is then broadcast using a different computer (which is connected to the network). This increases security as it prevents malicious attackers from gaining access to the private key because they simply have no way of connecting to the offline computer on which it is stored.

Hope this reference helps...
Uniex
jr. member
Activity: 115
Merit: 2
Re: How can I sign and send transaction without importing private key ?
August 23, 2018, 05:10:41 AM
#1
I want to create online wallet without storing user private keys.

For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance.
Is there any way to do it ? any ideas ?
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: