How to Generate a signed BTC transaction using Electrum and Trezor

xenon131

hero member

Activity: 491

Merit: 1259

Nihil impunitum

Quote from: cellard on February 08, 2019, 09:52:03 PM

Quote from: ?? on ??

Quote from: cellard on February 07, 2019, 10:19:43 PM

Quote from: HCP on February 07, 2019, 03:46:49 PM

Why would the forged TX be unsafe in the case of a "PC&Electrum"?

Once a transaction has been constructed and signed, you cannot modify it in any meaningful way... or are you implying that there is a possibility for the transaction to be constructed improperly? (ie. wrong address/amount due to malware interference etc?) Huh

Because I assume PC&Electrum means that the keys are sitting on an online computer, which means the keys are compromised by default, specially if you are using Windows.

Even with Trezor, I wouldn't trust that thing due you trusting some RNG you don't know, also google "Trezord.exe calls home"

So the way I see it is that airgapped linux computer + online linux node in which you move the tx into to broadcast it is the best possible scenario.

Bitcoin Core can do this too but it's harder since there isn't a nice GUI this too for some reason.

That's not exactly full answer, cellard. Transaction could be even signed by the correct key but destination address in that Tx might be compromised at the time of signature occurs. The cracker is then able to get all fund regardless of how transaction was broadcasted.

So the rule of a thumb [PC] = air-gapped (and never "snorted" Internet) => (Forged Tx = safe). It means that TX is truly safe when it is forged by "cold" wallet ( in case under discussion by cold Electrum) sitting on air-gapped PC. All other "ways" are trying to trick us.

And, yes, your "airgapped linux computer" (that has never "snorted" Internet) is indeed the best scenario one could imagine to construct the safe transaction (arguably only "error-free paper+pencil" could be safer but that is too time consuming).

What do you mean by forged? I meant sending the raw tx hash into the online wallet, ideally via a QR code, not an USB since that could be compromised (unlikely.. but still worth considering). What other way would you do it?

So it would be best to have a QR code reader, I don't see how that can be hacked? I have not tried this, but if anyone wants to try, let us know.

For the airgap, there's old thinkpads sold with librebooted bios. You need to change some hardware, but if you don't want to, you can buy one of the smaller ones, the x60 I think didn't need any hardware changes to flash the bios. Be sure to follow a tutorial or you may brick the bios.

Frankly I'm a little surprised to find your question ...looks like you've missed context of discussion ...and you've answered that for me.

krogothmanhattan

legendary

Activity: 2520

Merit: 3238

The Stone the masons rejected was the cornerstone.

Quote from: Tamilson on February 23, 2019, 03:28:47 AM

Hi Krog, just want to ask if this can't be done using mobile phone specifically in their app? I navigate the electrum app and don't see those images on OP.

Never tried it on the phone app so I cannot really say.

Quote from: madnessteat on February 05, 2019, 03:11:02 PM

Thanks for the great guide. Cool

Now I know a safe way to keep BTC in my mobile and are not afraid to lose them.

Quote

This confuse the hell out of me, so I looked at my electrum app and don't see those .

What the guy meant is he could carry the raw data on an email that could send any amount of btc to the address it was genereated to send to and thus if ever hacked or cell phone lost he would never lose any BTC.

Example, you generated raw data to send 100 BTC to a particular address and are carrying the raw data. If a hacker or other person ever grabs that data and then transmits on Blockchain, then the BTC will go to that address that you had in mind and NOWHERE ELSE.

Rath_

legendary

Activity: 1876

Merit: 3132

Quote from: Tamilson on February 23, 2019, 03:28:47 AM

I wonder if ledger has also this kind of security, well maybe, since their both hardware wallet. Maybe I should email them too and confirm this or else.

It does have this kind of security. Ledger and Trezor are a bit different. Trezor hardware and software is fully open-soure so that anyone can build it up from the scratch while Ledger believes in security through obscurity. Ledger has a limited amount of space because of built-in Secure Element. Ledger wrote a good article on why they decided to use it. You can find it here.

Tamilson

hero member

Activity: 1022

Merit: 503

Hi Krog, just want to ask if this can't be done using mobile phone specifically in their app? I navigate the electrum app and don't see those images on OP.

Quote from: madnessteat on February 05, 2019, 03:11:02 PM

Thanks for the great guide. Cool

Now I know a safe way to keep BTC in my mobile and are not afraid to lose them.

This confuse the hell out of me, so I looked at my electrum app and don't see those.

Quote

Trezor is designed so it won't reveal your private keys even when used with an infected computer. The transaction is signed by the device and this needs to be confirmed by the user (physical on-device confirmation). Therefore, even if malware is present it cannot trick you into signing a different transaction if the address is correct and confirmed on the device's display -

I wonder if ledger has also this kind of security, well maybe, since their both hardware wallet. Maybe I should email them too and confirm this or else.

krogothmanhattan

legendary

Activity: 2520

Merit: 3238

The Stone the masons rejected was the cornerstone.

Quote from: buwaytress on February 09, 2019, 10:29:02 AM

And yes, definitely not "forge". I clicked on this thread thinking it was a forgery tutorial.

  Damn I cannot believe the word forge is being thought about as forgery!

  That being said I have changed the word with GENERATE. I have also added the word signed

   Thus the new heading is How to Generate a signed BTC transaction using Electrum and Trezor

   I hope that helps. Cheers Cheesy

buwaytress

legendary

Activity: 2968

Merit: 3684

Join the world-leading crypto sportsbook NOW!

Great "last-ditch" technique actually but in response to Pooya, I would actually use it as a "in case I lose my access to everything or it's stolen" step. Soon as I think it's in danger of being accessed, just broadcast the tx and it's out of your wallet before it can be accessed. I'd only just make sure the fee is very high!

And as such, it's not very useful for a p2p transfer, unless, as OP says, you fix the BTC price before the meet. Might work for small purchases or very big transactions paid with BTC, but that's not usually how it works though for BTC buy/sell trades.

And yes, definitely not "forge". I clicked on this thread thinking it was a forgery tutorial.

cellard

legendary

Activity: 1372

Merit: 1252

Quote from: ?? on ??

Quote from: cellard on February 07, 2019, 10:19:43 PM

Quote from: HCP on February 07, 2019, 03:46:49 PM

Why would the forged TX be unsafe in the case of a "PC&Electrum"?

Once a transaction has been constructed and signed, you cannot modify it in any meaningful way... or are you implying that there is a possibility for the transaction to be constructed improperly? (ie. wrong address/amount due to malware interference etc?) Huh

Because I assume PC&Electrum means that the keys are sitting on an online computer, which means the keys are compromised by default, specially if you are using Windows.

Even with Trezor, I wouldn't trust that thing due you trusting some RNG you don't know, also google "Trezord.exe calls home"

So the way I see it is that airgapped linux computer + online linux node in which you move the tx into to broadcast it is the best possible scenario.

Bitcoin Core can do this too but it's harder since there isn't a nice GUI this too for some reason.

That's not exactly full answer, cellard. Transaction could be even signed by the correct key but destination address in that Tx might be compromised at the time of signature occurs. The cracker is then able to get all fund regardless of how transaction was broadcasted.

So the rule of a thumb [PC] = air-gapped (and never "snorted" Internet) => (Forged Tx = safe). It means that TX is truly safe when it is forged by "cold" wallet ( in case under discussion by cold Electrum) sitting on air-gapped PC. All other "ways" are trying to trick us.

And, yes, your "airgapped linux computer" (that has never "snorted" Internet) is indeed the best scenario one could imagine to construct the safe transaction (arguably only "error-free paper+pencil" could be safer but that is too time consuming).

What do you mean by forged? I meant sending the raw tx hash into the online wallet, ideally via a QR code, not an USB since that could be compromised (unlikely.. but still worth considering). What other way would you do it?

So it would be best to have a QR code reader, I don't see how that can be hacked? I have not tried this, but if anyone wants to try, let us know.

For the airgap, there's old thinkpads sold with librebooted bios. You need to change some hardware, but if you don't want to, you can buy one of the smaller ones, the x60 I think didn't need any hardware changes to flash the bios. Be sure to follow a tutorial or you may brick the bios.

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: ?? on ??

So, only air-gapped PC with cold wallet that sign tx would bring true safety

I don't see why... air-gapped PC with cold wallet == hardware wallet, with slightly different workflows... all they do is hold private keys and sign transactions.

In both cases, you still need the online computer to generate the unsigned transaction... this is the point where the "fake destination" will be injected. Regardless of whether or not you use airgapped PC or Hardware wallet, you still need to take your time and verify the destination address.

Essentially... an air-gapped PC and a hardware wallet are the same thing and achieve the same goal... Separation of private keys from the online world. The only real differences are probably cost, convenience and workflow.

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: ?? on ??

b) & d) IMO wrong assumption. Trezor is nothing more than a box that keeps public-private keys pairs. On its own it doesn't matter in the end. External soft is needed to sign and forge tx. When Electrum officials say "private keys are never exposed to Electrum" they mean to Electrum servers but not client. Client needs it.

Your assumption is wrong. Trezor is more than a box that keeps public/private key pairs. The transactions are signed within the hardware wallet itself... the private keys NEVER leave the device. They are never exposed to Electrum... server OR client. They are not even exposed to the Trezor wallet software.

You create an unsigned transaction within your wallet software (electrum, mycelium, hardware wallet software in browser or on desktop etc)... The unsigned hex is then passed to the hardware wallet and the hardware wallet signs the transaction internally and returns the signed transaction hex.

Again, the private keys NEVER, EVER leave the hardware wallet.

Quote

However no matter who sign and forge tx the fake destination is a real menace for safety and this is my main point.

This is why you cannot be "in a harry[sic] or/and inattentive"...

Quote

I still stand by my story.

You might want to reconsider your position.

krogothmanhattan

legendary

Activity: 2520

Merit: 3238

The Stone the masons rejected was the cornerstone.

Quote from: ?? on ??

Quote from: cellard on February 07, 2019, 10:19:43 PM

Quote from: HCP on February 07, 2019, 03:46:49 PM

Why would the forged TX be unsafe in the case of a "PC&Electrum"?

Once a transaction has been constructed and signed, you cannot modify it in any meaningful way... or are you implying that there is a possibility for the transaction to be constructed improperly? (ie. wrong address/amount due to malware interference etc?) Huh

Because I assume PC&Electrum means that the keys are sitting on an online computer, which means the keys are compromised by default, specially if you are using Windows.

Even with Trezor, I wouldn't trust that thing due you trusting some RNG you don't know, also google "Trezord.exe calls home"

So the way I see it is that airgapped linux computer + online linux node in which you move the tx into to broadcast it is the best possible scenario.

Bitcoin Core can do this too but it's harder since there isn't a nice GUI this too for some reason.

That's not exactly full answer, cellard. Transaction could be even signed by the correct key but destination address in that Tx might be compromised at the time of signature occurs. The cracker is then able to get all fund regardless of how transaction was broadcasted.

So the rule of a thumb [PC] = air-gapped (and never "snorted" Internet) => (Forged Tx = safe). It means that TX is truly safe when it is forged by "cold" wallet ( in case under discussion by cold Electrum) sitting on air-gapped PC. All other "ways" are trying to trick us.

And, yes, your "airgapped linux computer" (that has never "snorted" Internet) is indeed the best scenario one could imagine to construct the safe transaction (arguably only "error-free paper+pencil" could be safer but that is too time consuming).

   For arguments sake, IF electrum was infected with malware or a virus...

   a) Then you still need to confirm on the Trezor screen the sending amount and Bitcoin address where the Bitcoin is being sent to.

   b) The Trezor is signing or forging the Bitcoin transaction not electrum.

   c) I added step 19 and 20. You can decode the data and see where your Bitcoin is going to.

   d) Your private keys are never exposed to Electrum at all.

   SO not only do you have Trezor signing to the correct address that you as a user will be confirming BUT you can also check it on the decoder page.

   That will put my mind at ease.

   Edit: I emailed Trezor about infected computers and here is their response..

   Trezor is designed so it won't reveal your private keys even when used with an infected computer. The transaction is signed by the device and this needs to be confirmed by the user (physical on-device confirmation). Therefore, even if malware is present it cannot trick you into signing a different transaction if the address is correct and confirmed on the device's display -

cellard

legendary

Activity: 1372

Merit: 1252

Quote from: HCP on February 07, 2019, 03:46:49 PM

Why would the forged TX be unsafe in the case of a "PC&Electrum"?

Once a transaction has been constructed and signed, you cannot modify it in any meaningful way... or are you implying that there is a possibility for the transaction to be constructed improperly? (ie. wrong address/amount due to malware interference etc?) Huh

Because I assume PC&Electrum means that the keys are sitting on an online computer, which means the keys are compromised by default, specially if you are using Windows.

Even with Trezor, I wouldn't trust that thing due you trusting some RNG you don't know, also google "Trezord.exe calls home"

So the way I see it is that airgapped linux computer + online linux node in which you move the tx into to broadcast it is the best possible scenario.

Bitcoin Core can do this too but it's harder since there isn't a nice GUI this too for some reason.

HCP

legendary

Activity: 2086

Merit: 4361

Why would the forged TX be unsafe in the case of a "PC&Electrum"?

Once a transaction has been constructed and signed, you cannot modify it in any meaningful way... or are you implying that there is a possibility for the transaction to be constructed improperly? (ie. wrong address/amount due to malware interference etc?) Huh

madnessteat

legendary

Activity: 2310

Merit: 2073

Thanks for the great guide. Cool

Now I know a safe way to keep BTC in my mobile and are not afraid to lose them. I think this method is little known.

bigtimespaghetti

legendary

Activity: 1652

Merit: 1057

bigtimespaghetti.com

nice and concise tutorial krogo, thanks for the guide.

krogothmanhattan

legendary

Activity: 2520

Merit: 3238

The Stone the masons rejected was the cornerstone.

Quote from: pooya87 on February 04, 2019, 11:10:43 PM

- there is a big problem with this specially when you talk about wanting to spend it. because price is volatile if you create a transaction with X amount at home and then go out, by the time you reach your destination your X may be worth higher or lower than the initial amount you create it at. you can make bigger transactions but then the merchant would have to create a new transaction paying you back the difference. and also you don't know the address of the merchant specially if they are following guidelines and create a new address for every transaction so it is impossible to create a transaction at home!

You make a good point however...in the physical crypto world, once a price is predetermined and agreed upon in BTC that is what shall be set in stone..regardless what happens with the FIAT value of BTC. So upon the meet, the agreed upon x amount of BTC shall be delivered. We do not go in FIAT value price but BTC amount. I do anyway..Cheers Cheesy

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: pooya87 on February 04, 2019, 11:10:43 PM

a couple of thoughts:
- is "forge" the correct word? to forge something has the meaning of "faking it" and you are not "faking" anything here. you are creating a real transaction here and don't broadcast it, that's all.

That is one meaning... forge can also mean "to create". But yeah, it probably isn't the best word to use, especially when talking about things that require signatures etc Wink

Quote from: pooya87 on February 04, 2019, 11:10:43 PM

- there is a big problem with this specially when you talk about wanting to spend it. because price is volatile if you create a transaction with X amount at home and then go out, by the time you reach your destination your X may be worth higher or lower than the initial amount you create it at.

This is a very valid point tho...

pooya87

legendary

Activity: 3472

Merit: 10611

a couple of thoughts:
- is "forge" the correct word? to forge something has the meaning of "faking it" and you are not "faking" anything here. you are creating a real transaction here and don't broadcast it, that's all.

- there is a big problem with this specially when you talk about wanting to spend it. because price is volatile if you create a transaction with X amount at home and then go out, by the time you reach your destination your X may be worth higher or lower than the initial amount you create it at. you can make bigger transactions but then the merchant would have to create a new transaction paying you back the difference. and also you don't know the address of the merchant specially if they are following guidelines and create a new address for every transaction so it is impossible to create a transaction at home!

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: krogothmanhattan on February 04, 2019, 04:36:45 PM

One of the tings I wanted to attempt on doing this was to do it all OFFLINE!

Has anyone had any first hand experience of this? If so kindly share it here or in my other thread as stated above.

I can't say that I've done it offline as such, but I have certainly used python-trezor to interact with a Trezor device.

So, I tried disconnecting my WiFi, and unfortunately, the example of signing a transaction shown at: https://github.com/trezor/python-trezor/blob/master/docs/EXAMPLES.rst does not work offline. As, if you're offline there is no way for it to find the transaction info necessary to complete the creation of the transaction Undecided

Given that it is an open-source library, it should theoretically be possible to modify the python-trezor code so that you could pass in the appropriate transaction information (ie. raw hex) so that it could piece together all the information without needing to connect to the Trezor API...

However, as has already been mentioned a few times, attempting to use a Trezor (or most of the common hardware wallets for that matter) offline is problematic as they all seem to rely on online APIs to retrieve information.

Mainly because the design philosophy of the hardware wallet is that it doesn't need to be used offline to be secure.

krogothmanhattan

legendary

Activity: 2520

Merit: 3238

The Stone the masons rejected was the cornerstone.

Quote from: Rath_ on February 04, 2019, 04:45:11 PM

Quote from: krogothmanhattan on February 04, 2019, 04:39:40 PM

Good point but I am just dealing with one Trezor..one account in my case. Still good to know for the person who has multiple accounts

It looks like you have misunderstood me. I am not talking about using multiple TREZOR devices to sign a transaction. TREZOR allows you to create separate accounts which have a different Public Key derived from your Master Public Key. This help you to increase your privacy since it helps you not to mix certain coins, but it's less advanced than Electrum's built-in coin control which can be also used with any TREZOR device. You can generate only up to 20 accounts per passphrase due to performance issues.

That is good to know..Thankyou. Cheesy

Rath_

legendary

Activity: 1876

Merit: 3132

Quote from: krogothmanhattan on February 04, 2019, 04:39:40 PM

Good point but I am just dealing with one Trezor..one account in my case. Still good to know for the person who has multiple accounts

It looks like you have misunderstood me. I am not talking about using multiple TREZOR devices to sign a transaction. TREZOR allows you to create separate accounts which have a different Public Key derived from your Master Public Key. This increases your privacy since it helps you not to mix certain coins, but it's less advanced than Electrum's built-in coin control which can be also used with any TREZOR device. You can generate only up to 20 accounts per passphrase due to performance issues.

Topic: How to Generate a signed BTC transaction using Electrum and Trezor (Read 1037 times)