|
Title: txn file Post by: btctoo on May 17, 2020, 12:01:13 PM Just wanted to know whether disclosing a txn file is dangerous, or that our bitcoin address is at risk at losing funds,
Title: Re: txn file Post by: o_e_l_e_o on May 17, 2020, 12:25:21 PM Depends what you mean by "dangerous".
Your bitcoin is not at risk of being stolen if you disclose a transaction file. If you haven't signed the transaction, then a malicious party with access to the file can't do anything with it except read the contents. If you have already signed the transaction, then the most a malicious party could do would be to broadcast it, meaning the transaction you signed would be sent to nodes and miners, and the bitcoin you sent would end up at its intended destination. A malicious third party is unable to change a signed transaction in a way which allows them to steal your cleans (there are ways a signed transaction can be changed and yet remain valid, but they do not allow your bitcoins to be stolen or sent to anywhere other than the addresses you specified). There is a privacy risk, however. If someone gets their hands on a transaction file they know was generated by you, then they know the inputs within that file almost certainly belong to you, and can use that information to track your spending and discover other addresses which you own. Title: Re: txn file Post by: btctoo on May 17, 2020, 12:31:58 PM Depends what you mean by "dangerous". Your bitcoin is not at risk of being stolen if you disclose a transaction file. If you haven't signed the transaction, then a malicious party with access to the file can't do anything with it except read the contents. If you have already signed the transaction, then the most a malicious party could do would be to broadcast it, meaning the transaction you signed would be sent to nodes and miners, and the bitcoin you sent would end up at its intended destination. A malicious third party is unable to change a signed transaction in a way which allows them to steal your cleans (there are ways a signed transaction can be changed and yet remain valid, but they do not allow your bitcoins to be stolen or sent to anywhere other than the addresses you specified). There is a privacy risk, however. If someone gets their hands on a transaction file they know was generated by you, then they know the inputs within that file almost certainly belong to you, and can use that information to track your spending and discover other addresses which you own. thanks, the tx has been broadcasted few days ago and fulfilled , so in that case my coins are safe rit? Title: Re: txn file Post by: o_e_l_e_o on May 17, 2020, 12:43:41 PM thanks, the tx has been broadcasted few days ago and fulfilled , so in that case my coins are safe rit? Yes. If your transaction has confirmed and has a reasonable number of confirmations (most people would say greater than 6), then there is nothing anyone can do to reverse it short of attacking the entire bitcoin network, which would be hugely costly.Even if it hadn't been confirmed, sharing a signed transaction file would not be dangerous to the security of your coins. This is essentially what you do when you broadcast a transaction to the network - you share your signed transaction with the nodes and miners. Title: Re: txn file Post by: btctoo on May 17, 2020, 12:53:15 PM thanks, the tx has been broadcasted few days ago and fulfilled , so in that case my coins are safe rit? Yes. If your transaction has confirmed and has a reasonable number of confirmations (most people would say greater than 6), then there is nothing anyone can do to reverse it short of attacking the entire bitcoin network, which would be hugely costly.Even if it hadn't been confirmed, sharing a signed transaction file would not be dangerous to the security of your coins. This is essentially what you do when you broadcast a transaction to the network - you share your signed transaction with the nodes and miners. Title: Re: txn file Post by: Coding Enthusiast on May 17, 2020, 01:06:06 PM Assuming the "txn file" was created by Electrum and the transaction is unsigned you may want to look here: https://bitcointalk.org/index.php?topic=5082785.0
There are both privacy and security concerns: Privacy: you are revealing your entire list of past, present and future public keys (hence addresses). Security: revealing a single private key from that wallet some day will reveal all your private keys. Title: Re: txn file Post by: btctoo on May 17, 2020, 01:55:52 PM Assuming the "txn file" was created by Electrum and the transaction is unsigned you may want to look here: https://bitcointalk.org/index.php?topic=5082785.0 There are both privacy and security concerns: Privacy: you are revealing your entire list of past, present and future public keys (hence addresses). Security: revealing a single private key from that wallet some day will reveal all your private keys. thanks, the txn file is from electrum, does that mean, people now know my private key, i have a vanity addr? Also the transaction is confirmed few hours ago already Title: Re: txn file Post by: o_e_l_e_o on May 17, 2020, 02:24:40 PM No, the transaction file does not contain your private key. It contains your public key(s) only. These cannot be used to steal your coins unless you have exposed your private keys through another means. If someone else generated your vanity address for you, for example, then they will have access to your private key(s) and your coins.
If the transaction has been confirmed for several hours then it will have >10 confirmations by now and be essentially impossible to reverse. The concern about master public keys doesn't apply in this case since you are using a single vanity address rather than a hierarchical deterministic wallet. Title: Re: txn file Post by: btctoo on May 17, 2020, 02:26:40 PM No, the transaction file does not contain your private key. It contains your public key(s) only. These cannot be used to steal your coins unless you have exposed your private keys through another means. If someone else generated your vanity address for you, for example, then they will have access to your private key(s) and your coins. ok, my vanity address was gen from vante.me, the secure option in which i just provide a public keyIf the transaction has been confirmed for several hours then it will have >10 confirmations by now and be essentially impossible to reverse. The concern about master public keys doesn't apply in this case since you are using a single vanity address rather than a hierarchical deterministic wallet. Title: Re: txn file Post by: hugeblack on May 18, 2020, 01:36:04 AM ok, my vanity address was gen from vante.me, the secure option in which i just provide a public key They use split key generation, which means that the only thing they can see is the public key. Thus, once they give you the key, you mix it with the private key "which they do not know" and thus it becomes impossible for them to know the new private key "They can try to brute force it, but this will take a very long time."So in short, if you have generated your private key correctly and kept it in a safe/offline place, you are out of danger "stealing your money." the secure option in which i just provide a public key If you do it right, privacy is the only risk.Title: Re: txn file Post by: nc50lc on May 18, 2020, 03:19:20 AM Assuming the "txn file" was created by Electrum and the transaction is unsigned you may want to look here: https://bitcointalk.org/index.php?topic=5082785.0 The good thing is, the next release Electrum 4.0 (not yet released) will have a different export format.I have tried the dev version on a standard wallet and checked the 'full txn export file', 'psbt export file' and 'copy to clipboard' method. Both export files contains gibberish characters when opened with a text editor, suggests that it's not in human readable format. The Copied raw transaction however is in 'Base64' and if you convert it to HEX, you'll only find the input's Public key(s) and Redeem Script (if applicable). There's an option to export it together with the Master Public key, it's labeled as "for hardware device, include xpubs" but it's the same as the copied string above and there's no x/y/z pub in HEX (maybe for wallets paired with a hardware wallet?). @btctoo Since you're only using an imported wallet, then your exported unsigned Raw Txn will only contain the input's public key(s), no master public key. But the privacy issue is still the same (you're going to reuse the address anyways). If it came from an imported watch-only wallet that was created by pasting the address, then it wont even contain the public key. |