I love it. I wish I could help :-(
I would potentially mate this with a sister application that runs on a modern phone (with network connectivity) that can create and later transmit the transaction to the network. They could both just communicate via QR codes.
Good luck with the project!
Topic: Use old out-of-service smartphones for BTC offline storage+signing transactions - page 2. (Read 5372 times)
May 19, 2013, 04:32:48 PM
May 19, 2013, 04:28:58 PM
Have you seen my recent thread at https://bitcointalksearch.org/topic/ann-visualbtc-android-based-hardware-offline-wallet-using-animated-qr-codes-210371 ? At $50 for an Android 4.3 inch tablet with capacitive screen and WiFi and camera and Android 4.0.4 on board it's probably cheaper than most second-hand phones. WiFi on it can be completely disabled in the bootloader so that Android doesn't even seen it when it boots up and can't re-enable it.
And you don't have to go through microSD cards, you can simply use QR codes while the wallet stays offline.
And you don't have to go through microSD cards, you can simply use QR codes while the wallet stays offline.
May 19, 2013, 12:49:39 PM
[Android, iPhone, old smarthpones, offline wallet, hardware wallet, HW wallet, offline storage, bitcoin, secure, private key, sign transactions, mass adoption, mainstream]
Hello,
I use an EeePC with Electrum bitcoin client as offline storage. But the EeePC is expensive and difficult to set up, so this won't be done easily by a "normal person" from the street. On the other hand, installing a smartphone app is as easy as a click, and more and more people have old smartphones that they do not use any more.
So today there already exist solutions for secure offline storage of private keys on offline computers. On such an offline computer you are able to sign transactions created on a corresponding online computer. The transfer of the (un)signed transaction data back and forth between the two computers is typically done via USB stick. (examples: Armory or Electrum bitcoin clients, or the "S-Electrum" Linux user front-end for Electrum).
The problem that avoids mass-adoption of this scheme: People need to own an extra computer (the offline PC). This is an investment that most don't want to make (e.g. a Linux EeePC >= 200 USD). Also, such an extra EeePC needs some space in your flat (at least more space than a small smartphone), and you might be tempted to use that neat new netbook for other purposes than just "bitcoin-banking", which you shouldn't.
On the other hand, more and more people (me included) have old "worn-out" smartphones that they do not use any more, because too little memory, or too slow, or a scratched screen. So the solution is quite evident:
Use your OLD worn-out SMARTHPONE as OFFLINE STORAGE!
Idea: Create an open-source Android app (preferable compatible with OLD versions of Android down to version 1.6 or 2.0) that has the following features:
The import/export format of ASCII strings for the list of bitcoin addresses, the "unsigned" and the "signed" message should be STANDARDIZED, such that other apps (that are the online-counterpart only running the online wallet without the private keys) can interoperate with this app!
So this interface should be documented somewhere. An example is to use today's Electrum format as the standard, I don't know if Armory uses the same.
So furthermore, there must be a corresponding ONLINE-instance of a bitcoin client that is used by the user to administer his/her wallet, watch his/her current balance, administer his/her address book, and last but not least initiate unsigned transactions or send out signed transactions. Before sending out a signed transaction, the client should show the user in human readable format the details of the signed transaction that he/she is about to send out to the bitcoin network.
This online instance of the client could be for example...
- the same app, just running in "online-mode" instead of "offline mode",
- any other app that supports the standardized interface for exchange of (un)signed transactions and bitcoin addresses,
- an interface-compliant client on any personal computer.
I hope that such a project starts some time in the near future - this would make mass adoption of SECURE bitcoin usage possible, and make sure people make reasonable use of their OLD smartphones, and people won't have to bother about any malware on their online PCs stealing their bitcoins!
Note that after installing this app on the old smartphone, it should go offline FOREVER! Remove SIM card, delete the WLAN password (to avoid unintentionally going online) etc., and the app should push the user to do so by corresponding screen displays in a very naggy and paranoid way, and it should check as much as possible that the user has done so, e.g. check if the user has not yet deleted all WLAN passwords or has not yet removed the SIM card, the app shall reject creating or importing any private keys until this is the case! Also, when the app detects any time later (when everything has been set-up) that the user has again entered a WLAN passsword, entered a SIM card or has been online ANY time since (e.g. in Android the 2G/3G/WLAN data counters could be queried), the app should from this moment ALWAYS display a NAG SCREEN that tells the user that this app is not safe any more because the phone was online in the meantime.
If this happens, there could be a way that the app proposes the user to re-establish secure operation: It asks the user to go offline and delete all WLAN passwords etc., then to create NEW private key(s), and initiate a transaction that transfers all funds of the current (possibly compromised) private keys to the new generated address(es). Also it should ask the user to create a new passphrase for protecting the private key(s). This is a new special operation that requires an additional specific signed message to be transferred from the offline to the online client instance, such that the online client can then actually initiate this transfer as a new normal unsigned transaction (only the online client knows the current balance and can actually initiate the transaction). So this extra message also needs to be STANDARDIZED, as a signed message (signed by the old and NEW private key(s), and including the bitcoin address(es) of the new private key(s)) that acts as a "transaction creation request" from the offline PC (=old phone's app) towards the online PC.
PS: The offline-storage app I am talking about could ideally save the private keys in encrypted containers that can (optionally!) have hidden volumes. This would provide plausible deniability, like in TrueCrypt, i.e. if someone forces you to give the password to your offline keys, you disclose this "alibi password" for the outer volume containing only some keys with a fraction of your overall savings, while the hidden volume contains all your keys.
Hello,
I use an EeePC with Electrum bitcoin client as offline storage. But the EeePC is expensive and difficult to set up, so this won't be done easily by a "normal person" from the street. On the other hand, installing a smartphone app is as easy as a click, and more and more people have old smartphones that they do not use any more.
So today there already exist solutions for secure offline storage of private keys on offline computers. On such an offline computer you are able to sign transactions created on a corresponding online computer. The transfer of the (un)signed transaction data back and forth between the two computers is typically done via USB stick. (examples: Armory or Electrum bitcoin clients, or the "S-Electrum" Linux user front-end for Electrum).
The problem that avoids mass-adoption of this scheme: People need to own an extra computer (the offline PC). This is an investment that most don't want to make (e.g. a Linux EeePC >= 200 USD). Also, such an extra EeePC needs some space in your flat (at least more space than a small smartphone), and you might be tempted to use that neat new netbook for other purposes than just "bitcoin-banking", which you shouldn't.
On the other hand, more and more people (me included) have old "worn-out" smartphones that they do not use any more, because too little memory, or too slow, or a scratched screen. So the solution is quite evident:
Use your OLD worn-out SMARTHPONE as OFFLINE STORAGE!
Idea: Create an open-source Android app (preferable compatible with OLD versions of Android down to version 1.6 or 2.0) that has the following features:
- Generate new private key(s) [by collecting random data from physical sensors, like mic/gyroscope/compass/camera/touch-screen input, or a combination thereof, compare how "TrueCrypt" is doing it when creating a new encrypted container!]
- Store the private keys encrypted (AES256) on this smartphone
- Display the (encrypted) private keys on screen (plain text or QR code) for backup purposes
- Export the encrypted(!) private keys to micro-SD card
- Import an (encrypted) private key (or many together) from reading a QR code, or from µSD-card (to restore the same instance on a second (old) smartphone)
- Export of the corresponding Bitcoin Addresses, to be used in a corresponding "online version" of this app (or another app) - via QR code or µSD card
- Ability to detect if this smartphone has ever gone online any time since the app was installed (I suspect there are some data from the Android/iOS system that can be queried to find this out). If yes show a BIG warning message to indicate to the users that this is not what he/she should have done and that the private keys could be compromised now. (see end of this posting for what the app should do in this case)
- Import of an "unsigned" transaction, by reading a corresponding QR-code or via ASCII file from µSD-card
- Display the transaction details of the imported unsigned transaction on the screen
- Sign the unsigned transaction with the private keys (requires entering the passphrase to unlock the private key(s) [offline wallet]).
- Generate an ASCII string of the signed transaction and display it as QR code, or export to text file on µSD-card.
The import/export format of ASCII strings for the list of bitcoin addresses, the "unsigned" and the "signed" message should be STANDARDIZED, such that other apps (that are the online-counterpart only running the online wallet without the private keys) can interoperate with this app!
So this interface should be documented somewhere. An example is to use today's Electrum format as the standard, I don't know if Armory uses the same.
So furthermore, there must be a corresponding ONLINE-instance of a bitcoin client that is used by the user to administer his/her wallet, watch his/her current balance, administer his/her address book, and last but not least initiate unsigned transactions or send out signed transactions. Before sending out a signed transaction, the client should show the user in human readable format the details of the signed transaction that he/she is about to send out to the bitcoin network.
This online instance of the client could be for example...
- the same app, just running in "online-mode" instead of "offline mode",
- any other app that supports the standardized interface for exchange of (un)signed transactions and bitcoin addresses,
- an interface-compliant client on any personal computer.
I hope that such a project starts some time in the near future - this would make mass adoption of SECURE bitcoin usage possible, and make sure people make reasonable use of their OLD smartphones, and people won't have to bother about any malware on their online PCs stealing their bitcoins!
Note that after installing this app on the old smartphone, it should go offline FOREVER! Remove SIM card, delete the WLAN password (to avoid unintentionally going online) etc., and the app should push the user to do so by corresponding screen displays in a very naggy and paranoid way, and it should check as much as possible that the user has done so, e.g. check if the user has not yet deleted all WLAN passwords or has not yet removed the SIM card, the app shall reject creating or importing any private keys until this is the case! Also, when the app detects any time later (when everything has been set-up) that the user has again entered a WLAN passsword, entered a SIM card or has been online ANY time since (e.g. in Android the 2G/3G/WLAN data counters could be queried), the app should from this moment ALWAYS display a NAG SCREEN that tells the user that this app is not safe any more because the phone was online in the meantime.
If this happens, there could be a way that the app proposes the user to re-establish secure operation: It asks the user to go offline and delete all WLAN passwords etc., then to create NEW private key(s), and initiate a transaction that transfers all funds of the current (possibly compromised) private keys to the new generated address(es). Also it should ask the user to create a new passphrase for protecting the private key(s). This is a new special operation that requires an additional specific signed message to be transferred from the offline to the online client instance, such that the online client can then actually initiate this transfer as a new normal unsigned transaction (only the online client knows the current balance and can actually initiate the transaction). So this extra message also needs to be STANDARDIZED, as a signed message (signed by the old and NEW private key(s), and including the bitcoin address(es) of the new private key(s)) that acts as a "transaction creation request" from the offline PC (=old phone's app) towards the online PC.
PS: The offline-storage app I am talking about could ideally save the private keys in encrypted containers that can (optionally!) have hidden volumes. This would provide plausible deniability, like in TrueCrypt, i.e. if someone forces you to give the password to your offline keys, you disclose this "alibi password" for the outer volume containing only some keys with a fraction of your overall savings, while the hidden volume contains all your keys.
Jump to: