Topic: Wallet Features That Are Missing but Essential - page 2. (Read 314 times)

A better use case might be an employee having a budget, but needs some kind of approval from his boss to spend any money.

Realistically, the best solution would be a watch only wallet in a way somewhat similar to how n0nce described above. Although this scenario would mean that the boss, or approving authority would have complete control over the private keys.

If you want to guarantee that the "approver" cannot spend on their own, an alternative might be to implement shamir shared secret. The workflow might be as follows:
*The employee proposes a transaction
*The approver reviews and approves the transaction
*The transaction is loaded onto an offline computer
*The employee and approver review the transaction to confirm it is the same as the one being proposed/approved
*The employee and approver loads their secret onto the offline computer, which passes both secrets through a script that takes the following as inputs:
~secret 1
~secret 2
~transaction to be signed
*The script outputs the signed transaction, and the signed transaction is transmitted back to the employee who broadcasts the transaction to the bitcoin network
*The employee and approver both personally confirm that the RAM is cleared/wiped from the offline computer, removing their respective secrets from said computer

Electrum 2fa will work with the 2fa part being on the parents phone. Note 2fa not sperate multisig.
There are some custodial wallets that will allow for this, they need a Google Authenticator to send which does not need to be on the same phone.

They wont know how much their kid is spending, but they have to ask to spend it. And they will immediately see the transaction.

--------------
I might get flack for this but I think although the idea is good, the reason they want it is bad.
You are teaching the kid who wants the candy (or whatever) that there is a 2nd layer of security with BTC that in the real world is not there.

If you give your kid $20 allowance a week in cash and they loose that $20 bill it's gone, and they learned to protect their money.
Now you are just showing them that mom and dad are going to protect their BTC. That's not the way the world works.
Just my view, feel free to think I'm an ass about it.

-Dave

Yeah; sure, but I guess same could be true if the child asks the parent for a 2FA code via SMS and in reality the child's phone is compromised and it's someone else. The parent also sees destination and amount on their phone before signing, so if it's something beyond the occasional $5 candy purchase, they will should get suspicious.

I really like this option; actually prefer it over the one I suggested myself, because here both parents can sign, for example if sometimes one is at work, sometimes the other and stuff like that. Do note that 2-out-of-3 can be done with 1, 2 or even 3 hardware wallets as well.

Some hardware wallets (like Keystone) are working like this and you can only view seed words when you generate them or when you manually import them, after that they stay locked on device and you can't show or export them.
Note that for some other hardware wallets (Coldcard and others) you can simply click view and see seed words on the screen.

I wouldn't use 2FA in any wallet for sending coins and especially if it is connected with phone number.

Best option is to create some kind of multisig wallet, so that users of both wallets would have their own strong password, and nobody could send any coins unless both of them sign transactions.
Both of them could see the balance and you could even including more people in your multisig but it would increase complexity and transaction fees.

With what I have read about OP, I think he never known much about multisig wallet, he needs nothing more than a multisig wallet. Why did he needs a wallet that will not be able to reveal seed phrase ever again after wallet creation? Just because he wants to be secure and safe, but having 2-of-3 multisig suggested by Pmalek is enough with this in which also the 2fa he is requesting for is not needed.

If 1 key is compromised and the other two are not compromised, then the multisig setup is still safe even if two keys are compromised with nothing compromised about the third key, while it is best to make another multisig wallet and send all the funds to the wallet if any hack is noticed. While also best to be security conscious and making sure the parties involved are maintaining a safety standard.

Try and learn more about multisig wallet, it is all you need. Know that you can even use it on hardware wallets like Trezor and Ledger Nano which keeps your seed phrase offline. Also if the transaction fee is discouraging you, know that taproot activation is in less than 2 weeks from now, this will make multisig transaction fee the same as single public key wallet fee, let us expect reputed wallet to upgrade to it so we can enjoy low fee even with 15-of-of-15 transaction.

It's not what you wanted, but why not a 2 out of 3 multisignature wallet where the child has access to one key and the parent (admin) controls two other keys? You could even divide the keys further so that the mommy and daddy control one key each. If the child wanted to spend from the wallet, he/she needs a signature (permission) from mommy or daddy.  

There is no point in removing this feature from wallets.
Your wallet (assuming it is not watch-only) needs to be able to produce new keypairs anytime it needs to. In order to do that, the wallet requires the "master key" which is the "extended private key" usually starting with xprv. This master key is derived from your "recovery words" so not storing those words provides no security but storing them provides a useful option for users who may lose their physical backup and want to write down their words again.

The flaw in this idea is the communication part. Now the "admin" has to have a way to trust the PSBT file they receive. For example if it is done over the internet then anybody can create a PSBT and ask for payment pretending to be the user.

I don't know of such a wallet, and I understand your use case. However, that can be accomplished already in a slightly different way.

The non-privileged user can have watch-only access by running a watch-only wallet. This user can see the balance and generate addresses to receive BTC on, but cannot spend, since such a wallet holds no private keys at all. For spending, the user creates a PSBT, which it then has to send to someone who does hold the private key and signs the transaction for them.

For the scenario of parent / child, it may be easiest that the parent uses a hardware wallet like ColdCard or Passport, since these are made for such an airgapped application out-of-the box basically. The kid would take the PSBT which the watch-only wallet gives as a file or QR code, sends it to the parent, the parent scans / imports it into the hardware wallet and sends back the signed PSBT or submits it to the blockchain themselves.

This sending back and forth the PSBT is essentially what you were looking for with 2FA codes. Same amount and rounds of communication, but other data. It is physically not possible to solve it with (admittedly, shorter, easier to share) 2FA codes, since this would mean the 2FA is just securing the application's access to the seed words, but they are still in the hands of the child. My recommendation, using watch-only wallet for the child and sending back & forth PSBT's instead of 2FA codes, is cryptographically secure and implemented already.

For day-to-day usage, Passport will be easier than ColdCard, since it has a camera. The kid will be able to take a screenshot of the QR code that the watch-only wallet (e.g. in BlueWallet) displays; send it to the parent. Then the parent scans that QR code directly with the Passport, scans the Passport's signed QR code with their own phone and sends it out to the Bitcoin network.

Hello,

I have been looking for a crypto wallet that only shows you the recovery words once during the creation of the wallet. After that I want the wallet to NOT be able to show me the recovery words. Almost every wallet has a section where it says view recovery words and you put a pin/passcode or whatever and it reveals your 12/24 word recovery.
Is there a wallet that supports this? And if there is, is there a wallet that requires 2FA (google auth) to send crypto out? I know some wallets have 2FA but it's useless if you could just bypass that by clicking on the view recovery words lol.


Goal:

Basically, I am trying to have a wallet that has 2 users with 1 of the users being the admin essentially. User 1 (admin) creates the wallet and stores the recovery words offline or whatever. User 2 has access to the wallet but can only send crypto out with 2FA obtained from User 1. A pin won't work because then withdrawals can be done whenever User 2 wants, the withdrawal basically has to be agreed by both but User1 with more power per see.


Use Cases:

If a parent wants to monitor kids spending (considering crypto is used as dollars would be in this scenario) then the kid takes out his phone checks his app to see if he has enough money for the candy he wants then pays with his crypto but to send it she needs to call mommy or daddy to get the OTP (google auth) code to be able to send. A pin/passcode lock would enable the child to buy candy whenever she wants and if the wallet app reveals your recovery words the child will just recover her words in another wallet.


Anybody seen a wallet/app that supports any feature described above?