|
Title: How can I sign and send transaction without importing private key ? Post by: Uniex on August 23, 2018, 09:10:41 AM I want to create online wallet without storing user private keys.
For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance. Is there any way to do it ? any ideas ? Title: Re: How can I sign and send transaction without importing private key ? Post by: mdayonliner on August 23, 2018, 09:13:50 AM I want to create online wallet without storing user private keys. For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance. Is there any way to do it ? any ideas ? Quote from: https://bitcoin.stackexchange.com/questions/23694/is-it-possible-to-send-coins-without-importing-private-key There is a point I want to add, however. It is possible to send coins without importing the private key into a computer which is connected to the Internet. In fact, this is how a properly run exchange or online wallet service ought to maintain its cold storage. Normally, funds are just sent to the public address of the cold storage. When it comes time to send coins out of cold storage, the private key is imported into an offline computer, the transaction is generated and signed, and the signed transaction is then broadcast using a different computer (which is connected to the network). This increases security as it prevents malicious attackers from gaining access to the private key because they simply have no way of connecting to the offline computer on which it is stored. Hope this reference helps... Title: Re: How can I sign and send transaction without importing private key ? Post by: bob123 on August 23, 2018, 09:21:37 AM I want to create online wallet without storing user private keys. This definitely is doable. You might simply want to do this with JS or PHP. Then just host it and open source the code. For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance. The signing and address generation should be done on the client side. Your server should only be providing the required information (balances of given addresses, service to push the transaction, ...). Is there any way to do it ? any ideas ? Besides all sensitive information always being processed client-sided, you'd need to create your backend which interacts with the core node to retrieve the information. Blockchain.com (previously blockchain.info) basically does that with the exception that they are storing encrypted copies of the private keys. The better approach regarding security would be to not store these information on the server (e.g. like MEW with a wallet file / seed). Title: Re: How can I sign and send transaction without importing private key ? Post by: NeuroticFish on August 23, 2018, 11:14:43 AM user sends to server his private key(via https) just to sign transaction or view his balance. Just a small correction, you need the private key only to sign the transaction. For viewing balance and all other things, including the build of the transaction, the address should be enough. I think that with this approach your project could be even safer. Title: Re: How can I sign and send transaction without importing private key ? Post by: Thirdspace on August 23, 2018, 12:46:36 PM I want to create online wallet without storing user private keys. you can create something similar to MyEtherWallet.com (MEW) but for bitcoin so the user is responsible for his own private keys (or mnemonic seed) For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance. your server runs a full node with web and js interface for user's wallet Is there any way to do it ? any ideas ? user SHOULD NEVER send private key to your server your code should be able to create and sign raw transaction on client's side then your server accepts only the signed rawtx and passes it to your node and finally your node broadcasts the transaction to bitcoin network Title: Re: How can I sign and send transaction without importing private key ? Post by: odolvlobo on August 23, 2018, 05:41:25 PM Private keys must never be transmitted. The transaction should be signed offline. A hardware wallet is an excellent solution.
Title: Re: How can I sign and send transaction without importing private key ? Post by: HCP on August 23, 2018, 09:42:10 PM ... user sends to server his private key(via https) just to sign transaction... Seriously? ??? :o You want users to transmit their private keys to a remote server??!? ??? :o :oyou should NEVER be transmitting private keys (regardless of whether or not HTTPS is used). This entire idea is Broken™ any ideas ? Yes, go away and rethink your design. ::)Title: Re: How can I sign and send transaction without importing private key ? Post by: Jaycee99 on August 23, 2018, 11:04:24 PM I want to create online wallet without storing user private keys. For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance. Is there any way to do it ? any ideas ? Online wallet? Without using any privet key? Not new here but I can see an option wheere you need to use a onlile wallet which means you need to. As of I know that privet key is a password? So guessing it is a bad idea to send it using https?(first time to heard of it *peace*)so in my side it is a bad idea. Is my translation working for this discussion? Is it correct? Please to clarify my correction. I just want to help here:) Now, as I can see that the best any kind of option is online like binance wallet still base on what I understand and basing from my small knowledge about bitcoin node it has many risk but still it is up to one person to make it work without any kind of hesitation. Title: Re: How can I sign and send transaction without importing private key ? Post by: andreibi on August 24, 2018, 02:26:46 AM I want to create online wallet without storing user private keys. For example - I have full Bitcoin node, user sends to server his private key(via https) just to sign transaction or view his balance. Is there any way to do it ? any ideas ? You can't create an online wallet in the purest sense of the word without storing the encrypted private keys. The only thing you can do is make the signed broadcast transaction service much simpler. |