Author

Topic: site without hot wallet (Read 1464 times)

legendary
Activity: 1428
Merit: 1093
Core Armory Developer
June 06, 2012, 09:34:35 PM
#19
I must be misunderstanding something here...

Armory wallets are deterministic.  You can produce an infinite number of addresses from a single wallet, and both the online and offline wallets will produce the same sequence.  

Once you have the full wallet setup on the offline computer, and the watching-only wallet setup on the online computer:  you can generate as many addresses as you want with the online wallet using the "Receive Bitcoins" button.  The offline wallet has the private key for every address ever generated by the online wallet, and the online wallet has no private keys.  It's the magic of "Type 2 deterministic wallets"

Unless you are generating addresses with another program, there is no need to import keys at all.  Just use the watching-only wallet the way it was intended!

P.S. -- then your watching only wallet acts as a "monitor" for all those addresses.  You can set comments for each address as they are assigned, or as you create them with the "Receive Bitcoins" button.  If you want to export a list of addresses generated by the wallet so far (so you can import into another application) you can use the "Backup Individual Keys" button.  Uncheck everything except for "Address String".  Then you can save it to file or copy and paste into Excel.
full member
Activity: 198
Merit: 102
June 06, 2012, 07:23:22 AM
#18
MultiBit has a bulk address generation feature that may help you here.
hero member
Activity: 530
Merit: 500
June 04, 2012, 04:38:34 PM
#17


In theory but in reality it is going to turn into a giant cluster fuck.

1) The default client doesn't allow you to control which address you send funds FROM.
2) Even if it does the user likely has funds spread across multiple addresses.
3) Shared wallet services (like yours Smiley ) don't allow a mechanism for send to "prove funds".

forgot about mixing funds and addresses in default client,
but still, weren't developers saying that you could prove ownership of exact address
since 0.6. version ?


Generate a thousand private and public keys.   

Put the public keys in a database on server and assign them to user address.  Import the private keys to an offline wallet of your choice.  Nothing on the server to steal, and no risk of mixing up funds.  Too easy right?

I suppose this would be "painless" if done with armory ?
I mean thousand keys to import and monitor when needed

in my suggested way, I would only check user balance and send
sr. member
Activity: 476
Merit: 250
Tangible Cryptography LLC
June 04, 2012, 04:24:20 PM
#16
if incoming money is automatically registered to users playmoney account, then only one receiving address would be enough, as long as it i added to the right user Smiley
how would that be done ?

It can't be done.  You would have one 1 address per user at a minimum.  You likely would want to have multiple addresses per user so they can gain some psuedo anonymity.



what about
bitcoin client feature for proving the address ownership ?

user sends btc to cold storage
then logs in to my service
copy/pastes his signature to his account requesting funds to be added
then my side checks the blockchain, and if signature is valid, amount is written to users account balance

would this work ?

In theory but in reality it is going to turn into a giant cluster fuck.

1) The default client doesn't allow you to control which address you send funds FROM.
2) User tx may involve unspent outputs from multiple addresses.
3) Shared wallet services (like yours Smiley ) don't allow a mechanism for send to "prove funds".
4) User's subsequent re-deposits may involve different addresses or even wallets.

Between those caveats some % of deposits will be irreconcilable.  If you get big enough that is going to start happening multiple times per day. Those users will call you a scammer and thief, even as your work hard to resolve the issues.  Some may simply claim to have made a deposit they didn't in hopes to scam funds or cause grief.  Add to user confusion on the deposit amount (user says he made deposit 1268.878 but it was 1268.787, or amount he is thinking is before fee, etc) and you have a giant mess which kinda defeats the whole point of automated deposits.

Given the solution is insanely simply why put yourself through all that?

1) Generate a thousand private and public keys.  
2) Put the public keys ONLY in a database on server and assign them to user accounts. 
3) Allow user to display their current deposit address.
4) Optional allow user to add a new deposit address (just assigned the next unassigned address)
5) Import the private keys to an offline wallet of your choice.  

Nothing on the server to steal, and no risk of mixing up funds.  Too easy right?
hero member
Activity: 530
Merit: 500
June 04, 2012, 03:53:56 PM
#15
if incoming money is automatically registered to users playmoney account, then only one receiving address would be enough, as long as it i added to the right user Smiley
how would that be done ?

It can't be done.  You would have one 1 address per user at a minimum.  You likely would want to have multiple addresses per user so they can gain some psuedo anonymity.



what about
bitcoin client feature for proving the address ownership ?

user sends btc to cold storage
then logs in to my service
copy/pastes his signature to his account requesting funds to be added
then my side checks the blockchain, and if signature is valid, amount is written to users account balance

would this work ?
hero member
Activity: 530
Merit: 500
June 04, 2012, 03:42:28 PM
#14

Oh, it sounds like you are trying to avoid having to sweep funds to cold storage.  Normally a service that has a hot wallet and cold storage will sweep excess bitcoins to a cold storage address.  This is described here:

So you are wanting the incoming payment to go directly to addresses from your cold storage.



direct deposits to offline wallet
and if possible, all to the same address


amounts received can be extacted from blockchain,
but how to connect that numbers to respective users automatically ?

and what if I want to have a p2p service ?
how to maintain database of user accounts ?

member
Activity: 118
Merit: 10
June 04, 2012, 03:41:54 PM
#13

if incoming money is automatically registered to users playmoney account, then only one receiving address would be enough, as long as it i added to the right user Smiley
how would that be done ?

first time user creates account,
my only receiving address is displayed, but how will I know to add money to exactly his account ?
Are merchant solutions offering this kind of service ?
and I would not be interested in users actual identity ...

You would manually create a pool of addresses in your offline wallet.   Then insert them into a table in your webserver's database.  For example:

UserName            BitcoinPublicAddress
--------------------------------------
FirstUser           1DoogLushD78Cjqpe62CKwsjzk5EasYhr2
AnotherUser      1FogFEtHXCTcx2CCXbALHRq3BwkkR2Jt2N

Then use blockchain.info's API to monitor each address for new transactions.
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
June 04, 2012, 03:38:15 PM
#12
If you're just looking for a way to facilitate sending bitcoins without a hot wallet on your site, use ZipConf.
sr. member
Activity: 476
Merit: 250
Tangible Cryptography LLC
June 04, 2012, 03:37:00 PM
#11
if incoming money is automatically registered to users playmoney account, then only one receiving address would be enough, as long as it i added to the right user Smiley
how would that be done ?

It can't be done.  You would have one 1 address per user at a minimum.  You likely would want to have multiple addresses per user so they can gain some psuedo anonymity.

hero member
Activity: 530
Merit: 500
June 04, 2012, 03:26:13 PM
#10
If I understand correctly, you want to use an offline wallet, but you still want the ability to automatically receive payments which will credit to user accounts.  

yes

If you assign a public key to each user account, then you can monitor each public key's transaction log to look for incoming transactions (since all transactions are public).  The difficulty will be in automatically generating new addresses for new accounts.   You could pre-generate some keys in the offline wallet, but you would need to generate more when they have all been used.

As far as coding it, you might could save some time by using blockchain.info's API to monitor for new transactions: http://www.blockchain.info/api

if incoming money is automatically registered to users playmoney account, then only one receiving address would be enough, as long as it i added to the right user Smiley
how would that be done ?

first time user creates account,
my only receiving address is displayed, but how will I know to add money to exactly his account ?
Are merchant solutions offering this kind of service ?
and I would not be interested in users actual identity ...
legendary
Activity: 2506
Merit: 1010
June 04, 2012, 03:18:51 PM
#9
user sends btc, and his playmoney account is topped up without me having to do anything.

Oh, it sounds like you are trying to avoid having to sweep funds to cold storage.  Normally a service that has a hot wallet and cold storage will sweep excess bitcoins to a cold storage address.  This is described here:

Quote
These typically use cold storage as much as possible, where only the minimum balance necessary to handle withdrawls is on the server. The rest is sent to a separate wallet which is kept away from internet connected computers. Because a wallet can receive coins without it being online, profit can be moved from the server to cold storage without risking the cold money. If an unusually large withdrawal takes place the transaction can be placed on hold until a human operator has time to reach the cold wallet and send money from it to the live site. This limits your losses to the size of your hot wallet in the case of a server breach.

 - http://en.bitcoin.it/wiki/Securing_online_services

So you are wanting the incoming payment to go directly to addresses from your cold storage.

That can be done without running a bitcoin node even.  Basically you just look at the blockchain to determine amounts received.  So with a list of Bitcoin addresses from you cold storage you have an accounting where you assign one of those Bitcoin addresses to a player and then credit that players account whenever funds are received to that address.

There is a service that helps with this:

 - http://www.BTCBalance.net  [Though you might be wary trusting a third party service for your accounting.]
member
Activity: 118
Merit: 10
June 04, 2012, 03:05:02 PM
#8
If I understand correctly, you want to use an offline wallet, but you still want the ability to automatically receive payments which will credit to user accounts.  

If you assign a public key to each user account, then you can monitor each public key's transaction log to look for incoming transactions (since all transactions are public).  The difficulty will be in automatically generating new addresses for new accounts.   You could pre-generate some keys in the offline wallet, but you would need to generate more when they have all been used.

As far as coding it, you might could save some time by using blockchain.info's API to monitor for new transactions: http://www.blockchain.info/api
hero member
Activity: 530
Merit: 500
June 04, 2012, 02:47:50 PM
#7

If the coins are sent to MtGox, they're only as safe as MtGox's security allows them to be.


but this is much more than I could provide,
I mean, mtgox account with yubikey

all I would have to do,
 is to keep some database backups on several locations
hero member
Activity: 530
Merit: 500
June 04, 2012, 02:44:00 PM
#6
thanx for reply

actually, I wanted to know if this is automated and code is only copy/pasted :

user sends btc, and his playmoney account is topped up without me having to do anything.


I guess it has already been solved, but I have to check before committing myself to a project...


legendary
Activity: 2940
Merit: 1333
June 04, 2012, 02:43:20 PM
#5
is it possible to receive payments to mtgox or armory watching wallet
and then automatically assign numbers to users accounts ?

while actual coins sit safe and are sent manually on request

If the coins are sent to MtGox, they're only as safe as MtGox's security allows them to be.  They've been hacked before.

If the coins are sent to an offline armory wallet then they're pretty much safe.

So to answer your question, "yes".
sr. member
Activity: 476
Merit: 250
Tangible Cryptography LLC
June 04, 2012, 02:42:53 PM
#4
is it possible to receive payments to mtgox or armory watching wallet
and then automatically assign numbers to users accounts ?

while actual coins sit safe and are sent manually on request



Of course.  A hot wallet is only required if you wish to SEND Bitcoins in an automated manner.
hero member
Activity: 574
Merit: 500
June 04, 2012, 02:33:16 PM
#3
is it possible to receive payments to mtgox or armory watching wallet
and then automatically assign numbers to users accounts ?

while actual coins sit safe and are sent manually on request



A hot wallet is only required for instant withdrawals.
legendary
Activity: 2506
Merit: 1010
June 04, 2012, 02:20:14 PM
#2
is it possible to receive payments to mtgox or armory watching wallet
and then automatically assign numbers to users accounts ?

while actual coins sit safe and are sent manually on request



Mt. Gox is a hosted (shared) wallet, and thus the bitcoin address that you receive coins at is not "your" bitcoin address, it is Mt. Gox's.  Just that they will credit any incoming bitcoin payments to that address to your Mt. Gox account.

Mt. Gox does have a Merchant System API which had additional per-order fields, I'm not sure if or how these get stored in your Mt. Gox account:
 - http://en.bitcoin.it/wiki/MtGox/API/HTTP/v1#Merchant_System

Bit-Pay, Paysius and others offer similar types of merchant services.
hero member
Activity: 530
Merit: 500
June 04, 2012, 01:54:18 PM
#1
is it possible to receive payments to mtgox or armory watching wallet
and then automatically assign numbers to users accounts ?

while actual coins sit safe and are sent manually on request

Jump to: