|
Title: Best practices to handle BTC payments in a web based shop properly and secure Post by: deletedcoin on September 15, 2018, 10:11:16 AM In a Webshop users should be able to pay with several crypto currencies (for the beginning BTC, LTC, ETH, DASH...)
We won't store any private key on the web server but need to be able to receive funds from the customer while being also able to identify each payment to its particular purchase. This is how I would do it now, but I'd like to reflect the approach with the community. To make things more easier I'd like to use a symbolic programming language: 1. create locally a MultiSig wallet (2 of 3) with the keys from all 3 shop operators Code: wallet = createMultiSigWallet(key1, key2, key3) 2. create the base derivation path for each accepted coin, like this for BTC: "m/44'/0'/0'/0" Code: btcNode = wallet.derivePath("m/44'/0'/0'/0")3. store the xpubkey of each node on the Webserver for further derivation on a per customer bases: Code: server['keys']['btc'] = btcNode.xpubkey 4. On the Webserver, when a new payment is requested, the shop system would then create a new address per derivation from the xpubkeys: Code: address1 = node(server['keys']['eth']).derive('m/1')This way only the xpubkeys of a derived path needs to be stored on the Webserver without the need to hand out the master key. Will this be a proper, secure way to handle payments? Title: Re: Best practices to handle BTC payments in a web based shop properly and secure Post by: jackg on September 15, 2018, 12:22:07 PM Yes I think this is the most recognised way (without using a payment processor or something)...
You'd probably want a different xpub for each coin (and also you might want to think about using port numbers or something as a way to give people a truly unique address - that you haven't alreadly given to someone else)... If you list the number in the derivation path you're up to and take the starting port to be +1 to the original number (as there should only be one connection per port if your server is set up right). I'd suggest storing all of the private keys fully offline if you can also. Title: Re: Best practices to handle BTC payments in a web based shop properly and secure Post by: HeRetiK on September 15, 2018, 02:18:17 PM Yes, as long as the master key and the derived private keys are kept completely offline (eg. using a hardware wallet or an airgapped machine), this is a fairly sane and secure approach. Be aware that keeping private keys offline does not only include web servers but also any other machine that is connected to the internet including your development hardware and your clients' computers.
Minor heads up: Be aware of gap limits when checking the wallets for balances. HD wallets usually only check for 20-30 unused addresses in advance, after which they assume that no other addresses have been used so far. This may become relevant when multiple consecutive derived addresses have not been used due to eg. a cancelled payment. |