Topic: [How Electrum Works] Why you should be careful with your private keys. - page 2. (Read 9303 times)

I think you have a fundamental misunderstanding of how Electrum and Armory work.

Right now, you are not making any sense.

I can most likely help you, but tell me exactly what you have, and separate it by Electrum and Armory:

ie.

i'll see if i can write a script for you later tonight.

Thanks. Unfortunately I'm not a developer.  I have a very general idea of what that means but I'm not that advanced to any material degree to make any practical use of those concepts ...  

 Is there any "priv key generator" webpage that allows me to plug in those values? (the last formula seems to imply that I'd need to try thousands of times until I get lucky and get the priv key that I'm looking?) I tried brainwallet but that doesn't seem to provide that functionality.

This is sadly still very low level info for me to break it down  

see this:

https://bitcointalksearch.org/topic/m.7894811

I'll gladly take that that .15 and put it toward bit coin adoption rewards.

 I'll definitely stop mixing the 2 systems as soon as I get my btc back. In the meantime....
 
(BTW, I don't have any offline Electurm wallet, just an offline Armory and an online, seedless Electrum one, which by nature can't do private key exports)..

Really? Is there not any process to convert/translate those two wallets at all??

 I read somewhere that with a Master Public key and a private key associated to a public key derived from it would allow me to obtain the Master Private Key. And that that Master Private key would help me get the private key I'm looking for. Is there such formula?
 
Ok, I'm tipping 0.15 BTC to whoever provides me with a method that actually allows me to recover my BTC. If it exists...

Sigh. A few clarifications:

- Armory and electrum are two different wallets. They're deterministic wallet implementations are mutually incompatible. You cannot combine an armory offline wallet with an electrum watch only online one.

- Watch only wallets don't have private keys

- MPK stands for master public key. You can't derive a private key from a public key not even if it is a master public key.

So now can you tell us what you are trying to do again?

You're really mixing 2 different systems, (which sounds like it doesn't really work)
but, it sounds like you really want to be using Armory but still want that
one address out of your electrum wallet.

If so, then I assume you can import the address into Armory.

Go to your offline electrum wallet and you can export the private
key from the address.

Does that work for you?

Thanks for the feedback.
I did attempt to do that first but Armory simply doesn't understand the transaction format created by Electrum in their latest version and if you ask why Armory, it's  because it has excellent security measures that I absolutely love. Why not Armory in my online wallet, too? I don't like to download a never-ending file that needs my PC to be online all the time. So it was absolute the perfect combination.

Anyway...that was just a dummy account so I don't mind importing the private key to my online wallet as long as I quickly move the btc out of it. However, if I try to import the Armory private key (which belongs to a different address than the one I have my coins at), Electrum shows an import error regardless of whether I provide it in Base58 or the other format. Now why would that happen when I'm using exactly the same MPK (I concatenated Armory's PublicX and PublicY and entered them into Electrum) ?

Is importing any private key of my offline wallet into Electrum the only solution?

Is there any way I could add the Electrum "receiving" address into Armory without asking me its private key? At least I could connect it online to get the blockchain and move out the btc quickly.

can you just create an offline transaction and sign it to move the funds out of that address?

better than to be exporting private keys, as private key+ MPK can expose your whole wallet.  not sure why you're mixing electrum and armory???sounds like a mess.

I'm in a sort of a crisis.

What's the best way to obtain the private keys of a "Receiving" address that appears in Electrum after creating a seedless/watch-only wallet with a Master Public Key.
In addition to knowing that address I also know the following data generated in an Armory wallet with the same MPK:

 a) Root chain
 b) public key/address
 c) and its private key

 I have a bit of BTC that I had sent to that receiving address and can't take it out  

Please advise!

Thanks,

I suppose you could do this. As long as the accounts all balanced with the keys provided.

The problem with this is the current structure of the client. You can easily obtain the Master Public Key from it without having to input your encryption password. The MPK is required in order to create a watch-only wallet. So the level of safety a watch-only wallet could provide would be completely eliminated, as any wallet you created would become a hot wallet.

In the scenario provided, where single private keys are given to department heads, it would require the Master Public Key be treated with the same level of attention and security as you would a private key. And it's not.. it's a public key. I feel like it is intended to be made public, so you can leverage it for services like watch-only service providers and POS systems. So having to treat it like a private key would mitigate it's usefulness.

What about create 1000 receive and change addresses and not give public key to auditor ?

The idea is that if you give the auditor the watch only wallet, he could conspire with one of the holders of the private keys below it to create the master private key and run away with all the money.

M = master public key
m = master private key

m/ = CEO holds it

M/ = Auditor holds it. With it, they can view all company funds, but not spend.

m/m₁ = Department A head holds it, and can generate further chains with it.
m/m₂ = Department B head holds it, and can generate further chains with it.
m/m₃ = Department C head holds it, and can generate further chains with it.

combining M/ with m/m_x would give me m/ ... so an auditor would have to conspire with one corrupt department head to run away with the company's entire finances.


With the solution provided says that the CEO would make

m₁/
m₂/
m₃/

Then

Dept A:
m₁/m₁
m₂/m₁
m₃/m₁

Dept B:
m₁/m₂
m₂/m₂
m₃/m₂

Dept C:
m₁/m₃
m₂/m₃
m₃/m₃

Each dept using the three public keys generated by those chains to generate deterministic 2of3 chains.

The Auditor would ONLY receive:

M₁/

Then they could check the blockchain for redeemscripts that included
M₁/M₁
M₁/M₂
M₁/M₃

Then they would know how much money each department SPENT without being able to collude to get 2 private keys.

Downside: They could only find SPENT funds, as the redeemscript is only revealed on the blockchain when funds are spent from the multi-sig address.

imo, the best way to do an audit for business would be to use a dual-key Stealth Address, and give the scan_privkey to the auditor... but this is a topic slightly unrelated to BIP32.

You could set up so your company's stealth addresses are generate on a per-department basis, but that all scan_keypairs are generated by a separate BIP32 chain.

Give that master private key to the auditor, as that keypair is only used to generate shared secrets to discover funds, not to spend it.

I was referring to the quote from Vitalik. I don't see the point to implement a complex scheme like that just to allow an auditor to search the blockchain when you could set up a watch only wallet.  Doesn't make sense, maybe I'm missing something.

Actually, the "solution" that JonCD was talking about was more geared towards BIP32.

Electrum (in its current 1.9.8 version) would not be able to generate the 3 separate key chains for a deterministic 2of3 P2SH chain wallet.


However, the method JonCD describes is actually what ThomasV is implementing into Electrum 2.0 right as we speak. (in fact current git HEAD already has 2 of 3 and 2 of 2 BIP32 deterministic chains already.)

The idea is that since your bitcoins are not attributed to any 1 specific master public key and master private key, even if you exported one of the private keys and someone calculated your master private key, they would still need one more master private key, AND they would need all three master public keys (so that they could create the redeemscripts)...

It adds a level of obfuscation that protects the user. Not to mention that if your wallet is 2 of 3, you probably won't be exporting keys anyways.

In general, if you want to have exportable private keys in BIP32, you must use hardened keys. The downside to this is that you will not be able to generate those public keys from a Master Public Key. (hardened keys do not have a master public key, which is how they are hardened) But they will still be attached to your chain, so recoverable from seed.

There's nothing wrong with how electrum does it.  He's talking about some convoluted scenario that doesn't have any real life application as far as I'm concerned.

The solution to a more secure internal control structure, so you can leverage the utility of the master public key.

Solution to what?  Trying to combine deterministic wallets with multisig?  Why would you even need to do that?

What do you guys think of this solution? How feasible is this?