Is it intentional that when you scan in a new private key it doesn't ask you to make a new backup?
Yes. The wallet only requires you to verify backups of keys generated internally. Imported keys already have an external source, and are assumed to be backed up already.
Topic: Mycelium Bitcoin Wallet - page 97. (Read 586242 times)
Following Jan's advice, I published a draft BIP in the development section of the forum :
https://bitcointalksearch.org/topic/bipdraft-bitid-connect-with-bitcoin-protocol-557037
Thanks Jan for your suggestions, I already updated some of the document to take them into account.
I took the liberty of quoting you in the "Rationale" section. Your "free lunch" text was really good
https://bitcointalksearch.org/topic/bipdraft-bitid-connect-with-bitcoin-protocol-557037
Thanks Jan for your suggestions, I already updated some of the document to take them into account.
I took the liberty of quoting you in the "Rationale" section. Your "free lunch" text was really good
Bounty offered to Mycelium developers
We are developping the BitID authentication protocol. Basicaly it's an open standard to facilitate user's registration in login on a service using its Bitcoin key (it could be compared to "Facebook connect" on the UX and flow). User scans a QRcode which contains a bitid:// URI, it's parsed for validity by the wallet and a confirmation is prompted. After choosing a Bitcoin address, the URI is signed and a POST is made in the callback addres contained in the URI.
For the full explication of the protocol, examples and demo please refer to our GitHub :
https://github.com/bitid/bitid
To be successfull, BitID must be implemented in most of the popular wallets. We would like to start the development with Mycelium (because it has already the signing message functionality). To motivate developers we are offering a bounty of 1 BTC.
What is needed to do :
Please PM me for more details and specifications.
Eric
We are developping the BitID authentication protocol. Basicaly it's an open standard to facilitate user's registration in login on a service using its Bitcoin key (it could be compared to "Facebook connect" on the UX and flow). User scans a QRcode which contains a bitid:// URI, it's parsed for validity by the wallet and a confirmation is prompted. After choosing a Bitcoin address, the URI is signed and a POST is made in the callback addres contained in the URI.
For the full explication of the protocol, examples and demo please refer to our GitHub :
https://github.com/bitid/bitid
To be successfull, BitID must be implemented in most of the popular wallets. We would like to start the development with Mycelium (because it has already the signing message functionality). To motivate developers we are offering a bounty of 1 BTC.
What is needed to do :
- register the bitid:// scheme (so it is activated in case of click)
- throw a bitid:// intent when scanning a BitID QR code
- decode the URI and verify its format
- display a request for authentication showing the domain name callback and ask for validation
- ask the user to pick up or create a Bitcoin address for the authentication (show the last Bitcoin address used if this is a known callback address)
- sign the BitID URI with the private key
- POST the signature, the URI and the public key to the callback URL
- completion dialog : success/retry/cancel
Please PM me for more details and specifications.
Eric
Hi Eric, I have been toying around with a VERY similar login mechanism, just never got around to spec it. Great minds think alike :-)
Classical password authentication is an insecure mess that could be solved nicely with public key cryptography. The problem however is that it offloads a lot of complexity and responsibility on the user. Managing private keys securely is really hard. The good news is that this is already being solved in bitcoinland, simply because we have to (if you don't have exclusive control over your private keys you don't have any bitcoin), so doing public key authentication is practically a free lunch to bitcoiners.
PM sent.
Comments:
- This should be formalized as a BIP
- The bitid request should optionally contain (a prefix of) the bitcoin address to sign with to allow automatic private key selection for the user
- I suggest that the callback URL is reduced to https only and possibly only to the host name and path (no parameters), and then URL encoded. This makes the bitid shorter and human readable. Instead of ...&c=aHR0cHM6Ly93d3cuc2l0ZS5jb20vY2FsbGJhY2s%3D it would just have ...&c=www.site.com%2Fcallback
- The server side does not need to have the public key of the user, the bitcoin address + signature is enough for verification
- The signature on the bitid should be prefixed with "Bitcoin Signed Message:\n" as any other Bitcoin signed message
This is just what I had in my head, I am certain that others want to chip in too.
Please make a separate thread for discussing the BIPification of bitid.
Bounty offered to Mycelium developers
We are developping the BitID authentication protocol. Basicaly it's an open standard to facilitate user's registration in login on a service using its Bitcoin key (it could be compared to "Facebook connect" on the UX and flow). User scans a QRcode which contains a bitid:// URI, it's parsed for validity by the wallet and a confirmation is prompted. After choosing a Bitcoin address, the URI is signed and a POST is made in the callback addres contained in the URI.
For the full explication of the protocol, examples and demo please refer to our GitHub :
https://github.com/bitid/bitid
To be successfull, BitID must be implemented in most of the popular wallets. We would like to start the development with Mycelium (because it has already the signing message functionality). To motivate developers we are offering a bounty of 1 BTC.
What is needed to do :
Please PM me for more details and specifications.
Eric
We are developping the BitID authentication protocol. Basicaly it's an open standard to facilitate user's registration in login on a service using its Bitcoin key (it could be compared to "Facebook connect" on the UX and flow). User scans a QRcode which contains a bitid:// URI, it's parsed for validity by the wallet and a confirmation is prompted. After choosing a Bitcoin address, the URI is signed and a POST is made in the callback addres contained in the URI.
For the full explication of the protocol, examples and demo please refer to our GitHub :
https://github.com/bitid/bitid
To be successfull, BitID must be implemented in most of the popular wallets. We would like to start the development with Mycelium (because it has already the signing message functionality). To motivate developers we are offering a bounty of 1 BTC.
What is needed to do :
- register the bitid:// scheme (so it is activated in case of click)
- throw a bitid:// intent when scanning a BitID QR code
- decode the URI and verify its format
- display a request for authentication showing the domain name callback and ask for validation
- ask the user to pick up or create a Bitcoin address for the authentication (show the last Bitcoin address used if this is a known callback address)
- sign the BitID URI with the private key
- POST the signature, the URI and the public key to the callback URL
- completion dialog : success/retry/cancel
Please PM me for more details and specifications.
Eric
I saw this today, and Mycelium, PLEASE ADD THIS
Bounty offered to Mycelium developers
We are developping the BitID authentication protocol. Basicaly it's an open standard to facilitate user's registration in login on a service using its Bitcoin key (it could be compared to "Facebook connect" on the UX and flow). User scans a QRcode which contains a bitid:// URI, it's parsed for validity by the wallet and a confirmation is prompted. After choosing a Bitcoin address, the URI is signed and a POST is made in the callback addres contained in the URI.
For the full explication of the protocol, examples and demo please refer to our GitHub :
https://github.com/bitid/bitid
To be successfull, BitID must be implemented in most of the popular wallets. We would like to start the development with Mycelium (because it has already the signing message functionality). To motivate developers we are offering a bounty of 1 BTC.
What is needed to do :
Please PM me for more details and specifications.
Eric
We are developping the BitID authentication protocol. Basicaly it's an open standard to facilitate user's registration in login on a service using its Bitcoin key (it could be compared to "Facebook connect" on the UX and flow). User scans a QRcode which contains a bitid:// URI, it's parsed for validity by the wallet and a confirmation is prompted. After choosing a Bitcoin address, the URI is signed and a POST is made in the callback addres contained in the URI.
For the full explication of the protocol, examples and demo please refer to our GitHub :
https://github.com/bitid/bitid
To be successfull, BitID must be implemented in most of the popular wallets. We would like to start the development with Mycelium (because it has already the signing message functionality). To motivate developers we are offering a bounty of 1 BTC.
What is needed to do :
- register the bitid:// scheme (so it is activated in case of click)
- throw a bitid:// intent when scanning a BitID QR code
- decode the URI and verify its format
- display a request for authentication showing the domain name callback and ask for validation
- ask the user to pick up or create a Bitcoin address for the authentication (show the last Bitcoin address used if this is a known callback address)
- sign the BitID URI with the private key
- POST the signature, the URI and the public key to the callback URL
- completion dialog : success/retry/cancel
Please PM me for more details and specifications.
Eric
Is it intentional that when you scan in a new private key it doesn't ask you to make a new backup?
Yes. The wallet only requires you to verify backups of keys generated internally. Imported keys already have an external source, and are assumed to be backed up already.
Is it intentional that when you scan in a new private key it doesn't ask you to make a new backup?
A minor bug in the pdf backup to do with the numbering 'Active X of Y' being incorrect.
There are ten QR codes so the backup is still fully functional, but it is disconcerting to get to the end of the list and see '9 of 10' instead of '10 of 10'
This was fixed a while ago, and will be part of the next release. Note that all the QR codes are present, it is just the numbering that is off by one. - Have ten addresses in your wallet (none archived, not sure if this matters or not)
- Make a pdf backup
- Note in the pdf the order of X in the title 'Active X of Y' says [1, 1, 2, 3, 4, 5, 6, 7, 8, 9] when it should say [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
There are ten QR codes so the backup is still fully functional, but it is disconcerting to get to the end of the list and see '9 of 10' instead of '10 of 10'
It's similar to Localbitcoins, but it's not affiliated with Localbitcoins in any way. We just made a similar service that's easier to use.
Sooo, you guys didn't create that app? You are confusing me man 
I am talking about this one: com.thanksmister.localtrader
Oh. We never heard of it before, are not affiliated with it in any way, and we have been working on Local Trader, and calling it by that name, since at least last summer. So, at best, this is a case of "Great Minds Think Alike," and at worst it's someone trying to ride on the coattails of our announcement.
It's similar to Localbitcoins, but it's not affiliated with Localbitcoins in any way. We just made a similar service that's easier to use.
Sooo, you guys didn't create that app? You are confusing me man I am talking about this one: com.thanksmister.localtrader
Oh. We never heard of it before, are not affiliated with it in any way, and we have been working on Local Trader, and calling it by that name, since at least last summer. So, at best, this is a case of "Great Minds Think Alike," and at worst it's someone trying to ride on the coattails of our announcement.
It's similar to Localbitcoins, but it's not affiliated with Localbitcoins in any way. We just made a similar service that's easier to use.
Sooo, you guys didn't create that app? You are confusing me man I am talking about this one: com.thanksmister.localtrader
Small request, to help us comply with the IRS's guidance on bitcoin it would be very useful if I could export the list of transactions in the app as a csv and upload it to Google Drive.
It's already on our ToDo list from the time someone suggested exporting it for merchant/sales purposes.
Wait, you guys are behind Local Trader? That Android app for Localbitcoins? If so, I love you!
It's similar to Localbitcoins, but it's not affiliated with Localbitcoins in any way. We just made a similar service that's easier to use.
link to the offline desktop is online now, source is also on github. it is in fact a simple tool:
https://mycelium.com/wallet/tools.html
github source for this tool:
https://github.com/mycelium-com/wallet/blob/master/public/backuputil/src/main/java/com/mrd/bitlib/BackupUtil.java
Thanks a lot for this, gives me more peace of mind. https://mycelium.com/wallet/tools.html
github source for this tool:
https://github.com/mycelium-com/wallet/blob/master/public/backuputil/src/main/java/com/mrd/bitlib/BackupUtil.java
link to the offline desktop is online now, source is also on github. it is in fact a simple tool:
https://mycelium.com/wallet/tools.html
github source for this tool:
https://github.com/mycelium-com/wallet/blob/master/public/backuputil/src/main/java/com/mrd/bitlib/BackupUtil.java
https://mycelium.com/wallet/tools.html
github source for this tool:
https://github.com/mycelium-com/wallet/blob/master/public/backuputil/src/main/java/com/mrd/bitlib/BackupUtil.java
A minor bug in the pdf backup to do with the numbering 'Active X of Y' being incorrect.
There are ten QR codes so the backup is still fully functional, but it is disconcerting to get to the end of the list and see '9 of 10' instead of '10 of 10'
- Have ten addresses in your wallet (none archived, not sure if this matters or not)
- Make a pdf backup
- Note in the pdf the order of X in the title 'Active X of Y' says [1, 1, 2, 3, 4, 5, 6, 7, 8, 9] when it should say [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
There are ten QR codes so the backup is still fully functional, but it is disconcerting to get to the end of the list and see '9 of 10' instead of '10 of 10'
When will you add the “Transaction Confidence” graph to the standard wallet for everyday use and not just for trading?
After we release Local Trader. For now we don't know enough to be more specific than that.
Anywaaaay, I have been using Mycelium for a year now and I love it. Well done and keep up the good work!
To be very precise, it re-enables you to send bitcoins from your wallet. For everything else, like looking at the balance (which can always increase when somebody sends you bitcoins), or to put bitcoins into the wallet, you only need to know the wallet address.
Technically speaking, the backup essentially contains the private key, which you need to send bitcoins.
The backup also contains the public key and the wallet address, which is effectively the same.
Technically speaking, the backup essentially contains the private key, which you need to send bitcoins.
The backup also contains the public key and the wallet address, which is effectively the same.
Yep, I think I got it now. Thanks for the help.
I think I wasn't fully understanding what the backup was actually doing. If I understand it correctly now, all it does is enables me to gain access to the balance of bitcoins held in the wallet address that Mycelium uses.
To be very precise, it re-enables you to send bitcoins from your wallet. For everything else, like looking at the balance (which can always increase when somebody sends you bitcoins), or to put bitcoins into the wallet, you only need to know the wallet address.
Technically speaking, the backup essentially contains the private key, which you need to send bitcoins.
The backup also contains the public key and the wallet address, which is effectively the same.
Thanks everyone, this is all very helpful.
I think I wasn't fully understanding what the backup was actually doing. If I understand it correctly now, all it does is enables me to gain access to the balance of bitcoins held in the wallet address that Mycelium uses.
Thanks again.
I think I wasn't fully understanding what the backup was actually doing. If I understand it correctly now, all it does is enables me to gain access to the balance of bitcoins held in the wallet address that Mycelium uses.
Thanks again.
If someone were to steal my phone, what would be the fastest way to use my backup to recover the coins without another android device?
You have to send the bitcoins to another wallet before the thief does.
Note that it may take the thief some time, because he first has to cut through your protection, like a 6-digit PIN.
For this you need a computer or smartphone. With a Mycelium backup the easier route is to use another smartphone, install Mycelium on it, restore the backup, and send all bitcoins to other wallets, for example to new wallets you create.
You could ask a trustworthy friend with a smartphone to do it for you, if you cannot obtain another new phone quickly enough.
There is a way to restore the wallet to a computer from the Mycelium backup, but I believe it is much more work.
i did create a backuputil.jar that allows you to restore the encrypted key to a desktop unencrypted. i will post a link to this tomorrow
the link will be: https://mycelium.com/wallet/tools.html but i did not upload it yet
Jump to: