Pages:
Author

Topic: [PULL] private key and wallet export/import - page 7. (Read 39596 times)

hero member
Activity: 546
Merit: 500
Exporting of a key has a problem, doesn't it: the key is still in the source wallet. There's no way to remove it, is there? Even if there is, it's easy to screw up and people will wonder where their money went.

I do not seet it as a problem, so what if I have the same private key in many wallets?  Actually for me that is the case, because I store my wallets in many places on the internet. Encrypted of course.

That's backup-copies. I have those, too.

But say I give a privkey to a friend as birthday present. He imports it at some point and I still have it in my wallet. Now there are two active bitcoin clients showing the balance of that key. If one of the two spends the money, it will disappear from the other client, also.

So my friend or I will wonder "where the hell my/his money went"

That's only if you gave your friend an address generated by the bitcoin client, or an imported address.

If you generated one for him with "vanitygen" or some other bitcoin address generator, and never imported it to your own wallet, you could freely give a private key to a friend and intentionally "lose" the key yourself so that you cannot access his funds.
So you're willing to make the assumption that I'll never want to give my friend an address generated by the bitcoin client, or imported by myself?  I think that is a terrible assumption to make...

Give people the freedom to import/export as they want.  Sheesh, this is getting as bad as government.  "Well, I know what the people SHOULD have, and that's more important than what they want."

I was making no assumptions; I was under the impression that molecular was pondering a way to gift his friend a "pre-loaded" bitcoin address/privkey without being able to accidentally spend the coins himself. I was merely pointing out that there is a way to do this, albeit not with standard, unmodified client alone.

I'm all for freedom to import/export as people want.
legendary
Activity: 1400
Merit: 1005
Exporting of a key has a problem, doesn't it: the key is still in the source wallet. There's no way to remove it, is there? Even if there is, it's easy to screw up and people will wonder where their money went.

I do not seet it as a problem, so what if I have the same private key in many wallets?  Actually for me that is the case, because I store my wallets in many places on the internet. Encrypted of course.

That's backup-copies. I have those, too.

But say I give a privkey to a friend as birthday present. He imports it at some point and I still have it in my wallet. Now there are two active bitcoin clients showing the balance of that key. If one of the two spends the money, it will disappear from the other client, also.

So my friend or I will wonder "where the hell my/his money went"

That's only if you gave your friend an address generated by the bitcoin client, or an imported address.

If you generated one for him with "vanitygen" or some other bitcoin address generator, and never imported it to your own wallet, you could freely give a private key to a friend and intentionally "lose" the key yourself so that you cannot access his funds.
So you're willing to make the assumption that I'll never want to give my friend an address generated by the bitcoin client, or imported by myself?  I think that is a terrible assumption to make...

Give people the freedom to import/export as they want.  Sheesh, this is getting as bad as government.  "Well, I know what the people SHOULD have, and that's more important than what they want."
hero member
Activity: 546
Merit: 500
Exporting of a key has a problem, doesn't it: the key is still in the source wallet. There's no way to remove it, is there? Even if there is, it's easy to screw up and people will wonder where their money went.

I do not seet it as a problem, so what if I have the same private key in many wallets?  Actually for me that is the case, because I store my wallets in many places on the internet. Encrypted of course.

That's backup-copies. I have those, too.

But say I give a privkey to a friend as birthday present. He imports it at some point and I still have it in my wallet. Now there are two active bitcoin clients showing the balance of that key. If one of the two spends the money, it will disappear from the other client, also.

So my friend or I will wonder "where the hell my/his money went"

That's only if you gave your friend an address generated by the bitcoin client, or an imported address.

If you generated one for him with "vanitygen" or some other bitcoin address generator, and never imported it to your own wallet, you could freely give a private key to a friend and intentionally "lose" the key yourself so that you cannot access his funds.
donator
Activity: 2772
Merit: 1019
Exporting of a key has a problem, doesn't it: the key is still in the source wallet. There's no way to remove it, is there? Even if there is, it's easy to screw up and people will wonder where their money went.

I do not seet it as a problem, so what if I have the same private key in many wallets?  Actually for me that is the case, because I store my wallets in many places on the internet. Encrypted of course.

That's backup-copies. I have those, too.

But say I give a privkey to a friend as birthday present. He imports it at some point and I still have it in my wallet. Now there are two active bitcoin clients showing the balance of that key. If one of the two spends the money, it will disappear from the other client, also.

So my friend or I will wonder "where the hell my/his money went"
full member
Activity: 189
Merit: 100
Users should have maximum freedom, so I am all for importprivkey, dumpprivkey, and removeprivkey.
jr. member
Activity: 42
Merit: 1000
Is it safe to compile "showwallet" branch
with gcc's '-fstack-protector' flag enabled ?!
full member
Activity: 189
Merit: 100
Exporting of a key has a problem, doesn't it: the key is still in the source wallet. There's no way to remove it, is there? Even if there is, it's easy to screw up and people will wonder where their money went.

I do not seet it as a problem, so what if I have the same private key in many wallets?  Actually for me that is the case, because I store my wallets in many places on the internet. Encrypted of course.
legendary
Activity: 1400
Merit: 1005
Quote
There are other, much better ways to deal with potential user incompetence.  Have a checkbox with big red flashing text, saying "Are you sure you want to delete this key from your wallet?  It is unrecoverable unless you have saved it safely elsewhere," and then a more detailed explanation beneath that.

There are indeed many ways to deal with user incompetence, and
this is one way I like very much, especially the "I'd have to recompile
the client every time a new version comes out" part.

This is a barrier of entry, it's guaranteed to keep the great unwashed
masses away from using the feature, and it's not an elitist one because
all you have to do to overcome the barrier is educate yourself, which
no one prevents you from doing.

Also: the 20th century is long over. High time to ditch windows unless
you want to be increasingly perceived as a has-been.

Here we go, another Linux elitist.   Roll Eyes  I happen to like Windows, so I use it.  Sorry if that means I'm stuck in the dark ages to you.

You should know that whenever you import a private key, you need to trust the one who gave it to you. There is no way around that, not even a patch that would make dumpprivkey remove a key by default. If you do not have the necessary level of trust in the person you're dealing with, you shouldn't be exchanging private keys, but using normal bitcoin transactions.

That said, a removeprivkey would be very useful, as a separate command (i believe i saw an implementation already somewhere). I don't think removing within dumpprivkey by default is safe - what if you intend to write it down on paper, but the computer crashes before you're able to do so? The correct procedure would be dumpprivkey to extract a key, and as soon as it is safe, issue removeprivkey.

Yes, +1 for removeprivkey as extra command.

Because without it, how could I trust even myself to not spend the money if I'm not even able to remove the key!?!
Another +1 for having removeprivkey as a command.  What's the point of exporting if you can't delete the key from the wallet?  I mean, really, honestly, I can't think of any reason to export a key other than to get the address out of that particular wallet and into safe storage or into another wallet.  Tis pointless to export a key otherwise.
donator
Activity: 2772
Merit: 1019
You should know that whenever you import a private key, you need to trust the one who gave it to you. There is no way around that, not even a patch that would make dumpprivkey remove a key by default. If you do not have the necessary level of trust in the person you're dealing with, you shouldn't be exchanging private keys, but using normal bitcoin transactions.

That said, a removeprivkey would be very useful, as a separate command (i believe i saw an implementation already somewhere). I don't think removing within dumpprivkey by default is safe - what if you intend to write it down on paper, but the computer crashes before you're able to do so? The correct procedure would be dumpprivkey to extract a key, and as soon as it is safe, issue removeprivkey.

Yes, +1 for removeprivkey as extra command.

Because without it, how could I trust even myself to not spend the money if I'm not even able to remove the key!?!
legendary
Activity: 1072
Merit: 1189
You should know that whenever you import a private key, you need to trust the one who gave it to you. There is no way around that, not even a patch that would make dumpprivkey remove a key by default. If you do not have the necessary level of trust in the person you're dealing with, you shouldn't be exchanging private keys, but using normal bitcoin transactions.

That said, a removeprivkey would be very useful, as a separate command (i believe i saw an implementation already somewhere). I don't think removing within dumpprivkey by default is safe - what if you intend to write it down on paper, but the computer crashes before you're able to do so? The correct procedure would be dumpprivkey to extract a key, and as soon as it is safe, issue removeprivkey.
member
Activity: 62
Merit: 10
I want remove key because i will be able to use it in a crappy smart card solution:
Load key from SC -> add to wallet -> Make transaction -> Remove from wallet.
 
donator
Activity: 2772
Merit: 1019
dumpprivkey only exports, it does not modify your wallet at all.

Should dumpprivkey remove the key from the wallet, though?

Not doing so can very easily lead to having the key in multiple wallets. This can even happen to people who are able to patch and compile bitcoin on windows.

So please, let's discuss what we should do, because clearly, key import is a great feature many people want. Key export is also wanted by many, but dangerous to bitcoin credibility (I can see the posts: "my bitcoin just disappeared for no reason!! the sky is falling!") in it's current form.

My suggestion is to either..

  • put key export into separate patch and pull only importprivkey into default, or
or

  • make dumpprivkey remove the key from the wallet (maybe rename to "removeprivkey" or similar)

What to do?
legendary
Activity: 1072
Merit: 1189
dumpprivkey only exports, it does not modify your wallet at all.
member
Activity: 62
Merit: 10
Exporting of a key has a problem, doesn't it: the key is still in the source wallet. There's no way to remove it, is there? Even if there is, it's easy to screw up and people will wonder where their money went.

So how about splitting this and putting importprivkey in default, but not dumpprivkey?

Does this mean that  dumpprivkey removes the private key from the wallet, because the documentation is not clear for me and i am too lazy to learn C++ (it could also just show the data of the key without removing it)?

Quote
Well, I did a patch to remove keys, but it doesn't apply to the current state (after wallet class rework) anymore.
Also, you should really know what you are doing and review my code thoroughly before you use it, as I'm a total noob when it comes to C++ and I'm not confident on my grasp of the inner workings of bitcoin either...

https://github.com/mhanne/bitcoin/tree/showwallet-removeprivkey

http://forum.bitcoin.org/index.php?topic=19451

Unfortunately i need both import and export and my C++ is limited to the C part without the (confusing Cheesy) ++, but i will try to use it if no better solution is implemented. Will send you and sipa 0.5 BTCs.

EDIT: Nice, your version also have importkey if i read your code correct, will try it out Smiley
full member
Activity: 140
Merit: 430
Firstbits: 1samr7
If you're desperate enough for the feature and not smart enough to follow
a wiki explaining how to recompile it, you'll find a way by asking someone
to do it for you.

I had no trouble building a patched bitcoin client on Linux.  However, building bitcoin on Windows would seem to be a black art.  I don't think it's fair to use it as a barrier to entry.  Plus, this feature requires the JSON-RPC server to be enabled, and use of the command line.  Isn't that enough of a barrier?
legendary
Activity: 1400
Merit: 1005
I am not sure this a suitable to be on by default. This will cause a great amount of lost bitcoins because unsophisticated users are careless.

+1

This is fine living in a separate branch.

Being able to recompile a branch is a nice
barrier of entry for the tech. clueless.
This SHOULD be included in the default client.  Reason being, it is incredibly useful for people who know how to use it, and not all of us know how to use linux or feel like spending hours on Windows attempting to compile the source with all of the dependencies.

Discluding a feature like this from anyone who doesn't know how to compile c code would be a terrible thing.

No it wouldn't.

If you're desperate enough for the feature and not smart enough to follow
a wiki explaining how to recompile it, you'll find a way by asking someone
to do it for you.

In the end very few percentage of the user base will do this and people
will prefer the 'official' client because it'll be perceived as more 'safe'.

Again: barrier of entry, which will lower the percentage of fools screwing
around with their wallet not realizing the giant security risk they expose
themselves to when manipulating private keys directly.

Don't get me wrong, I find the feature very useful. But in the same way
you don't hand out a loaded AK-47 to a 5 year old, this feature belongs
in a branch.

Would you walk out of your bank with a 1kg gold bar sticking out of your
pocket ? You can argue that you're a grown man and that decision belong
to you. Fair enough, but when you're allowed to do this and it jeopardizes
the entire bitcoin ecosystem ... I don't agree.
I guess we're all entitled to our own opinions.

And where is this wiki article you speak of?  The only detailed compile instructions I've seen were posted on this forum, and involved MinGW and about 3 hrs of work downloading dependencies and waiting for things to compile.  It worked, after I figured out why a couple of things weren't working.

I still have no clue what to do with a patch file either.

Also, I certainly don't want to have to spend another 3 hours recompiling bitcoin with the patch every time a new version comes out.  That's just a waste of my time.  It's a waste of everyone's time to have to compile their own client in order to import/export keys.

There are other, much better ways to deal with potential user incompetence.  Have a checkbox with big red flashing text, saying "Are you sure you want to delete this key from your wallet?  It is unrecoverable unless you have saved it safely elsewhere," and then a more detailed explanation beneath that.
member
Activity: 98
Merit: 10
Thank you EricJ2190.

---

getting a error with bitcoind

Entry point not found
msvcr100.dll

Have the latest VC redistribution installed.

--
fixed by taking the one from the VC10 folder.
full member
Activity: 134
Merit: 102
+1 tried compiling it but mingw and vc10 dont seem to like it.

As I mentioned in the pull request comments, you need to add an include for fstream in headers.h. Anyway, here is my Windows MSVC10 build:
http://www.sendspace.com/file/lkoufm
member
Activity: 73
Merit: 10
Well, I did a patch to remove keys, but it doesn't apply to the current state (after wallet class rework) anymore.
Also, you should really know what you are doing and review my code thoroughly before you use it, as I'm a total noob when it comes to C++ and I'm not confident on my grasp of the inner workings of bitcoin either...

https://github.com/mhanne/bitcoin/tree/showwallet-removeprivkey

http://forum.bitcoin.org/index.php?topic=19451
member
Activity: 98
Merit: 10
This SHOULD be included in the default client.  Reason being, it is incredibly useful for people who know how to use it, and not all of us know how to use linux or feel like spending hours on Windows attempting to compile the source with all of the dependencies.

Discluding a feature like this from anyone who doesn't know how to compile c code would be a terrible thing.

+1 more.  This is a very important feature, whether it's exposed to end users or not.

Actually, I might have changed my mind (partly)

Exporting of a key has a problem, doesn't it: the key is still in the source wallet. There's no way to remove it, is there? Even if there is, it's easy to screw up and people will wonder where their money went.

The importing of a privkey is the part that is important for users (bitbill, import key generated with external tool like vanitygen) and this part, luckyly, poses no problems (that I can see), does it?

So how about splitting this and putting importprivkey in default, but not dumpprivkey?
I still disagree.  I'd like to be able to export private keys from wallets, but really don't want to have to try to compile bitcoin again.  That was a complete PITA.
SgtSpike, are you on windows? Do you have a binary with this patch that you can provide? I've been looking for one for a while.

+1 tried compiling it but mingw and vc10 dont seem to like it.
Pages:
Jump to: