In a Webshop users should be able to pay with several crypto currencies (for the beginning BTC, LTC, ETH, DASH...)
We won't store any private key on the web server but need to be able to receive funds from the customer while being also able to identify each payment to its particular purchase.
This is how I would do it now, but I'd like to reflect the approach with the community. To make things more easier I'd like to use a symbolic programming language:
1. create locally a MultiSig wallet (2 of 3) with the keys from all 3 shop operators
wallet = createMultiSigWallet(key1, key2, key3)
2. create the base derivation path for each accepted coin, like this for BTC: "m/44'/0'/0'/0"
btcNode = wallet.derivePath("m/44'/0'/0'/0")
ethNode = wallet.derivePath("m/44'/60'/0'/0")
...
3. store the xpubkey of each node on the Webserver for further derivation on a per customer bases:
server['keys']['btc'] = btcNode.xpubkey
server['keys']['eth'] = ethNode.xpubkey
...
4. On the Webserver, when a new payment is requested, the shop system would then create a new address per derivation from the xpubkeys:
address1 = node(server['keys']['eth']).derive('m/1')
address2 = node(server['keys']['eth']).derive('m/2')
address3 = node(server['keys']['eth']).derive('m/3')
address4 = node(server['keys']['eth']).derive('m/4')
... and so on ...
This way only the xpubkeys of a derived path needs to be stored on the Webserver without the need to hand out the master key.
Will this be a proper, secure way to handle payments?