Topic: ⭕️LEALANA BRASS XMR COINS FOR SALE ⭕️ - page 3. (Read 4963 times)

I've ordered some of these coins now, and have been trying to throw together some code to be able to verify the balance of the coin.

I'm not 100% sure about how the signatures are generated and how to check them.  The code I'm using right now is taken from wallet2::import_key_images,
and I basically check using:


In this case the hash_input would be the hash on the digital certificate.

Could you confirm if this is correct, Smoothie?

Looking forward to getting the coins

Nice coins! Got my order in!

pm sent

I like these. PM sent

@miffman, yes that probably makes the most sense.

UPDATE: A large batch of U.S. giveaway coins were shipped out today via USPS first class mail.

An international batch will be shipped hopefully soon. Just more forms to fill out. (some of you have some crazy long addresses  )

That does seem like the best solution.
Alternatively Smoothie could just paste all the certificates in one PGP signed file. That could act as a central database for all the coins and the file could be used to search for specific addresses. That could also potentially be a solution but would mean that all the certificates would have to have been produced beforehand. (It wouldn't work for coins sold at a later date unless he decides to do something similar to Mike in terms of different funding dates).     

Could smoothie not just pgp sign each certificate? Anyone that tries to fake one with different info will not be able to sign it with smoothie's key. Unless I misunderstood part of the question.

Thanks Smoothie. I'm sorry if I'm being annoying, but this stuff is a bit tricky (interesting at the same time).

I'm hacking around trying to recover a wallet from just the spendkey now because of the discussion :p since simplewallet doesn't seem to let you do it.

Simple:

There is no harm in me keeping a copy of the digital certificate as it would not allow me to spend the contents of the coin.

The buyer could request another copy of it from me (assuming I am still alive).

Other solution is to have multiple copies of the digital certificate since it costs basically nothing to make duplicates.

Hi Smoothie.  Yes I'm talking about funded coins.  It's maybe a silly scenario, but say:

1) I bought a funded coin from you serial number 999.
2) I completely lost the digital certificate because I'm an idiot.  Crud
3) I want to sell the coin (still not opened in any way) to someone else, but have no digital signature
4) I make a new wallet and deposit 5XMR into it.  I make a new digital certificate:


5) Some time after selling the coin I withdraw my funds from my wallet, pissing off the new owner (although the coin hasn't been opened so it hasn't lost funds).


It's maybe a strange scenario.  The coin is never opened and I never see the private spend key.


Edit:  I think you addressed my concerns.  Like I said I was a bit concerned because I thought you need Address, viewkey and spendkey to recover the wallet (I believe monero-wallet-cli asks for all of them), but you technically only need the spendkey, since the seed words are an encoding of spendkey, and the whole wallet can be recovered from the seed words.

This only applies to FUNDED coins. Unfunded coins are marked "UNFUNDED" on their holograms prior to shipping and do not have digital certificates provided.

Are you asking this to determine if a fake digital certificate generated would lead a buyer to believe a coin was in fact funded when it was not?

If so, then first, the scammer would need to have already gotten access to the private spend key without showing any noticeable marks on the hologram. This is possible as tamper evident holograms are not "tamper proof". This is stated in my terms and conditions for each sale I make.

Yes someone could create a fake digital certificate, but:

1. If they can already gain access to the private spend key in the manner described above, what's the difference, they would not need to create a fake digital certificate as they would just sell you the coin, and then redeem it right after. No need to fake anything.

2. If they can't gain access to the private spend key, then the coin should be funded.

3. If a coin was redeemed after the scammer gained access to the private spend key in #1 but before it was sold to a buyer, then this is where the digital certificate comes in to play as its whole role is to prove funding of a coin.

Perhaps #3 would require a public list of XMR addresses with associated serial #'s to be published by me in order for verification of a digital certificate is genuine or not (as a starting point).

Since XMR is fairly private, this may not be a problem to do going forward for my XMR coins.

I'm not a coin guy, so I don't know what's easy / hard to do and how hard to fake it is.

I would guess engraving characters somewhere visible, or adding them to the hologram are the options.

I'm just saying that at the moment, the digital signature seems easy to fake. 

Although in the end it might not be a big deal.  I originally thought that you need the address and viewkey as well as the spendkey to recover the wallet,
which would make having the wrong address / viewkey details pretty bad.  But looking at Monero code just now ( I'm interested in making a vanity address finder ) it
looks like the spendkey is all you technically need.
 

 
It all comes down to the coin and how good of a fake it is.  Adding more information to the coin may or may not make the coin harder to fake depending on how it is done.  How do you propose to add more information to the coin in a way that makes it harder to fake?

I know, but I could create another certificate saying the same serial number, but with different address and transaction details.  If I then showed both digital certificates to someone I was selling the coin to,
how would they be able to tell which one is genuine?


Adding the hash (or the first 8 characters of the hash, or something) would answer this question without having to open the coin.

The digital certificate has the coins serial number.  You could laser or engrave it to the coin somehow but that wouldn't add anything in terms of security and would possibly retract from its aesthetics depending how it is done.

Is there any way to verify that a given digital certificate belongs to a given coin?
It looks like with the digital certificate, you can check that the outputs are all unspent,
but not that the outputs actually belong to the coin.

If the hash from the digital certificate appeared on the coin (or something like that, perhaps around the edge) then you would
know for certain that the outputs you are checking can actually be spent using the private key under the hologram.

Maybe I'm missing something?  Would be good to know

I'll cover the other half if you still need someone.

I am trying but I need another trustable member from the usa to split a 20 roll with me 50/50. Escrow/Funding and/or shipping all handled by a highly trusted member by the name of minerjones. PM me if interested! 

Thanks!

With 4000 brass coins available, there can only be 200 holders of 1 roll each at maximum!

Do yourself a favor and buy the brass today.

Yes you can split a roll. Would rather just deal with one person though and one place to ship to.