I never got around to implementing that, because I wanted the user to be able to examine the transaction before they click broadcast, but a raw transaction doesn't have all the info it needs (refer to SIGHASH_WITHINPUTVALUE discussion).  I probably should've put something in there anyway with a warning, but I never got around to it.

I suggest using https://blockchain.info/pushtx

I would not dismiss offline transactions a "meh, just a single use case."   That is the future of any serious Bitcoin users and HW wallets.  Accommodating them is in everyone's best interest.

Also, you are talking about a major protocol upgrade that is far from uncontroversial and could take months/years of debate, testing, etc.  I'm talking about a very simple, modification of a couple lines of code that completely solves a problem that a lot of Bitcoin innovators having today.

I'm all for UTXO commitment proposals.  After all, I have a pretty elaborate one I'd like to see pushed forward.  But that still serves a different purpose than this:  sending the offline computer UTXO proofs/branches is going to be a lot more than 8 bytes per input.  Part of the goal is to minimize the data sent across the online-offline channel, and the complexity of what needs to be done by the offline signing device.   

I'm not sure where the inelegance comes from -- we add 8 bytes to the data to be hashed and we close up a major oversight/inefficiency in the protocol.  If this was some kind of epic, controversial change, I'd agree that it may not be worth it.  I've already said it's not even worth its own hard-fork.  But given how simple-yet-useful the change is, I see little reason not to do it if the timing is right.  Unless it will be will feasibly be solved by some other major upgrade in the near future.

You seem to suggest there is consensus about your opinion it should not be done, and that there are seriously-considered proposals to change the meaning of the merkle root.  But, if you read the rest of this thread, there is a quite a bit of high-level support for this modification, as an "add-on" to any future hard forks.  Of course, we're all happy to discuss alternatives, and what other uses there are for the other SIGHASH types, but you haven't mentioned what they are or where I can go read about it.

On the other hand, if we were to implement such a drastic/breaking change in the protocol as you suggest, to actually change what the merkle root means in the header, we'd have no problem simply "fixing" the existing hash types to include the output values, as that would equally break all existing parsing/verification code as changing the meaning of the merkle root.  If your suggestion was implemented, we could remove the "wasted" SIGHASH_WITHINPUTVALUE bit and recover it for these other use cases you mention.

On a related note:  TierNolan, can you link to the thread where this was reported?  I'd like to see how this massive fee occurred.  Was it malicious?  Or just likely a bug in the way the online computer was reporting input values to the offline computer?  If I had to guess, it was someone who tried to manually execute the offline signing procedure, but did not include all the supporting transactions, and ended up mis-reporting input values to the offline computer (which would've been caught if they supplied and checked the supporting tx, or SIGHASH_WITHINPUTVALUE was implemented).

That turned out to be a bug that made it's way into the released version, but doesn't affect performance or functionality at all.  It should be fixed in the testing version, and will not be there for the next version ... but the worst thing it does is make the logs harder to access/read.  It's unrelated to the crashing.

---

Just to keep things consistent, there was a reddit post asking if Armory was dead.  Here's my response:

Yeah, I was going to integrate the compatible message signing algorithm in the next release.  It's just that the next release is taking far longer than I expected.    Soon though!

Grandma can't use Bitcoin yet.  Still beta.

For those interested, I got a few more quotes in the paper today.  This time USA Today!

http://www.usatoday.com/story/news/politics/2013/08/26/bitcoin-virtual-currency-regualtions/2702653/

There is a "Copy Raw Tx (Hex)" button on the "Sign and/or Broadcast Offline Transaction" window.  You could look for that button in the python code and copy what it's doing.  I'd look it up for you, but I'm on my phone.   I believe that you have a "TxDP" object which represents the signed transaction, and you do something like "txdp.prepareFinalTx()".   That should give you a raw binary transaction in the form that all other nodes on the network recognize.

On that same window is the "Broadcast" button which also should lead you to how I implement broadcasting to the connected bitcoind/-qt instance.  If you already have a running instance of Armory, it should be easy (because it's already connected), but it may take some work if you're writing an isolated script.

I have been working in the "ramreduceleveldb" branch for the past couple months.  I've been heavily distracted, so progress hasn't been as voluminous as I'd hoped, but progress is being made (see a few posts up about the most recent unit tests I passed).  I ran into issues with the new DB stuff being bottlenecked by SatoshiDice addresses and 1VayNert, but I should have the updates for that soon and then will start integrating the new DB stuff into the python layer.  For reference, this first version will use a lot of HDD space -- probably 1.7X the blk*.dat files -- but will provide instantaneous arbitrary address lookup (balances and UTXO sets).  This was the easiest to implement, and when this is done I'll be in a good position to implement much lighter variants. 

I should add, this isn't just a hand-tuned, optimized implementation of general ECDSA signature verification:  it's hand-tuned and optimized for the specific elliptic curve that Bitcoin uses (secp256k1).  The curve is actually one of the simpler ones blessed by NIST, and sipa is an optimization ninja  

That's part of what this post is asking... is there a use case for it?  I get a lot of people asking this question, but with only a half-baked idea of how they would use it.  I posted because I realized there's a somewhat-satisfactory answer to that question now, but I'm not sure how useful it really is.

There may be use cases for it that don't require proving you destroyed the key.  i.e. if you actually destroyed the private key, then it cannot be compromised, and the money is truly immobile until the locktime, and only to the specified address/script.  

Brian mentioned "inheritance", though locking money for 30 years is potentially similar to destroying it -- part of why you have inheritance is because you don't know when you're going to die, and you want to send whatever is leftover to your next of kin.  But if you time lock all your savings for 30 years, you can't use it yourself in case you live longer than you expected or you need it.  

More likely, someone might use it to force savings behavior.  You prevent yourself from having access to it until a given time.  Or you can give your kid money that they can only unlock when they are 18 years, etc.   Unfortunately, it does not have the benefit you get of an offline wallet, in that you can continue to send money to it afterwards (I know someone would lose money thinking they could...).

Meh.  It may not actually be that useful.  But it also wouldn't surprise me if it might combined with other network features (replacement, non-standard scripts), to do something very creative.

So I wasn't quite sure what to search for on this topic, so this is probably a repeat.  Please point me to it if it exists already.

Lots of people have asked if there is a way to control the direction of money behind an address/script. Through conventional means, the answer has always been: "No, the network only defines conditions to unlock the money, but can't control what is done with it." If you have the private key(s) for the money to be unlocked, you can do whatever you want with that money.

However, I realized that this is very much possible, through unconventional means. For instance, it's possible to "lock" money until a given time by doing the following.

• Produce two private keys, with addresses A and B.
• Send money to address A
• Create timelocked transaction sending all outputs of A to B
• Sign it with A
• Store signed tx in a safe place
• Destroy private key A

Although I hate the idea of destroying private keys that still have money, this does achieve what was requested (as long as you can be confident that the tx is valid and can be mined). The money is locked with no way to be moved until the locktime expires, and it will only move to address B. There is also no time limit by which it needs to be broadcast, you could keep it in A until you need it, long past the lock time.

The downsides include:

• (1) If a crazy bug leads to a bad signature or tx, then the money is locked forever
• (2) Who's going to destroy their private key that has money associated with it?  Users would probably save the private key in some remarkably inconvenient form that would be difficult to recover, but possible if absolutely necessary (encrypt it with a random 50-bit key that will have to be brute-forced, and then bury it in your backyard yard?)
• (3) If key B is compromised, trying to remove the money becomes a race: as soon as the tx(A->B) hits the network, both you and the attacker are racing to move the new output. You have an advantage though (if you know B was compromised), as you create the signature with A, so you know the OutPoint that needs to be spent by B, and can prepare a subsequent spend and broadcast it 1 microsecond after you broadcast the first tx. But that's by no means any guarantee that yours will be mined, especially if the attacker knows miners who will give him priority (and especially if replace-by-fee is standard)

Above I have only mentioned time-locking money.  I bet if you combine creative scripts and multiple transactions, there's some cool stuff you could do.  But you have to be careful with creating chained transactions, because the malleability of transactions means that you create A-->B and pre-prepare B-->C, but then some jerk on the network mines A-->B after adding an extra padding byte to your signature and the tx hash changes, then your B-->C tx is invalid (because it references A-->B by hash, which is no longer valid).  I know we enforced canonical signatures, but I assume that's not a hard network rule (yet?).

So what else can be done with this?  Is it actually useful?

I should mention that the timings are artificially inflated due to the fact that it destroys and rebuilds a testing database on every test.  This means there's quite a bit of hard disk I/O involved in just the SetUp and TearDown procedures, and executing a small batch of writes comes with huge overhead.  It will not take 0.6 seconds to add 5 blocks to the DB when doing a full database build...

With re-org handling implemented, I will start benchmarking DB building on much larger data sets (more than 5 blocks).  And then I'll see what has to change to hook this up to the GUI.  The upside is that nearly all the interfaces are the same, so the GUI probably won't see much change (other than not having to wait for startup and importing wallets).  The downside is that some stuff did change:  I added C++ support for compressed keys, multi-sig and P2SH.  This means I need a translation layer for the old wallets to work right until the new wallet format is complete.

But yeah... progress...

For anyone waiting patiently (or impatiently) for the updates, here's some good news for you:


That's a major milestone for the new "persistent blockchain" stuff.  It means that the DB successfully tracks all balances, even across reorgs.  Given how little the blockchain utilities interface has changed, integrating this into the GUI may not be ridiculously difficult.  Though, I won't put a timeline on it because I've been wrong so many times before...

I've become a big fan of the QR-video idea...partly because I have an extensive image-processing background.  I used to not like any video-based solution because I'm envisioning a mess of webcams and confused users trying to figure out which camera to point where, etc.  But if it's smartphone + laptop, it becomes a heck of a lot more usable. 

This is what testnet is for!

Run Armory with the "--testnet" flag (two dashes), and then in the settings tell it that you will manage Bitcoin-Qt yourself.  Then start Bitcoin-Qt with the "-testnet" flag (one dash).  Once it's all synchronized, start Armory, and create a new testnet wallet.  Once you have a wallet, you can get some free testnet coins from:  http://tpfaucet.appspot.com/

Everything that you can do on the main network you should be able to do from here.  So get some coins and test it!

Open a *.unsigned.tx file for writing and use the txdp.serializeAscii() method to dump it in the BIP 10 format which will be recognized by Armory GUI or cli_sign_txdp.py script.

Also note that since the Armory GUI does most of these things, you can probably find examples of what you're looking for, by simply searching the Armory codebase.   I haven't done it, but I'm sure if you search for "txdp" in the ArmoryQt.py and qtdialogs.py, there will only be a few hits, and one of them will be serializeAscii() and another one unserializeAscii().  I use ASCII/text for the encoding so that the data could theoretically be copied into emails, like ASCII-armored PGP data.

When exactly does it crash?  Does it not open at all?  Or does it start to open then crash immediately?  Do you use a native language other than English?  The most recent version had an issue with non-ASCII/non-English characters.  If so, you can go to the downloads page and try 0.87.2.  Many users have reported that working even when 0.88.1 doesn't.  (Googlecode downloads page:  https://code.google.com/p/bitcoinarmory/downloads/list)


As soon as I finish this RAM upgrade, I will have time to address these things.  Getting closer!

That's correct.  Everything the GUI does could be done from python scripts.  In fact, you could think of the GUI as one big python script that simply uses the utilities provided by armoryengine.py (and the massive set of underlying C++ utilities).  I've tried to keep the bulk of the functionality in armoryengine.py so that you don't have to import any Qt libraries in order to script it headlessly like this.  There's still lots of example code in ArmoryQt.py and qtdialogs.py that could be useful, but everything that Armory GUI can do, can be done through scripts without any GUI interaction.  If you run the cli_sign_txdp.py script, you'll see that it does the same thing as GUI, but through a text/terminal interface. 

To continue discussion on this, it might be worth starting a new thread, to help aggregate this kind of information into a single place for others wishing to do scripting. 

Have you completely uninstalled and reinstalled?  Sometimes the installer doesn't replace the old files properly when you are upgrading.  I've tried multiple things to fix that, but it doesn't work.