nakotashisamatoshoketchup (OP)
Newbie
 Offline
Activity: 6
Merit: 2
|
 |
February 12, 2018, 05:15:14 PM |
|
Hi, I'm trying to understand few points about blockchain and the way transactions works (and different possiblities). There are my questions  1/ can we 'generate' a transaction offline, or generating a transaction has to interact with the blockchain (and be connected to the network) ? 2/ in the case a transaction has to necessarily be generated online : i understood that generating a transaction (from a source public address, destination, amount to transfer) is creating a 'raw' text that contains a lot of data ... i tried to generate one, it gives me a a raw text of more than 2000 caracters. 3/ to sign offline my transaction (which needs my private key), do i need necessarly this raw transaction ? or the transaction id is enough ?... 4/ how a signed transaction message looks like ? what exactly needs to be broadcasted ? If you got it, i'm searching for a way to sign my transactions offline and understand which data are sent at what moment. Ideally, i would use qr-codes for communication, but not sure if it's possible : it depends if data exposed are too heavy in caracters numbers, or not. Thanks gents for your help, |
|
|
|
|
|
RGBKey
|
Transaction creation must be done on an online computer that has access to the blockchain. This is because to create a transaction, you need to know information about the inputs that are available to you to spend. Transaction signing can be done on an offline computer. Since the offline computer wouldn't have access to the blockchain, typically the following is done: - Generate the unsigned transaction on an online, watching-only wallet. This wallet knows the public key of the Bitcoin address(es) you want to spend from but not the private key. This means it's secure, because if the online machine were hacked, attackers would not be able to gain access to your private keys.
- Move the transaction via qr codes/flash drive/typing onto your offline computer that does contain your private keys, and sign the transaction.
- Move the now signed transaction back to the online computer (or any online computer) and broadcast it to the Bitcoin network. This can be done via node software like Bitcoin Core, or through a few different web portals provided by other services.
This is typically referred to as cold storage, and is one of the safest ways to store Bitcoins. |
|
|
|
|
nakotashisamatoshoketchup (OP)
Newbie
Offline
Activity: 6
Merit: 2
|
|
February 12, 2018, 05:43:42 PM |
|
Thank you for the clarifications Do you see any contrainst that can make it difficult for to move the transactions (in the two ways : from connected device, to disconnected and disconnected to connected) through QR-codes ? I guess the limit is the number of caracters i'm moving. I don't want any physical connection between my computer and my 'cold' storage device. Also, does these processes (generating a tx offline, signing it offline, broadcast it online) apply to Etherum and other cyrpto-currencies ? Thanks in advance, For example: This is an unsigned transaction: Looks too long to be qr-coded ? {
"lock_time":0,
"size":1364,
"inputs":[
{
"prev_out":{
"index":0,
"hash":"2738c88b71a466c1e844b46156abfb1533fd11adf1db97215e6c80162b7cb9ce"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"2527485015ce0502988cbc3f8b7f4ef7e38ebb00ad6d4b4f5a817c0b5869b657"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"19f54045219638bdb6bf04c1599a64d9915b0c07c71159224e0927ec65ae26f5"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"e100fa80e99a0928bbd55278cd85d8ed9ecc54dd2de4f93a3e7dd1fabaac22e7"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"b0b96a76f6d65f49328586844589128072f877e7e0b78d67268e4ccf8246d005"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"a19c058e8edcbc63028f7bf92aa75de983aa8c589cb226040cc6425f9fedfaf9"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"eab87650588dfec3cafcf616984a57aab7769c989923ca6920407ae0459b4454"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"93afec66aa1b4e5cac21d13f8225c1d04ceb3779c07e9ce4294ebad12d264824"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"41ec28321aac32d3200cf218b4a287167ac5f2c65bcef51caea0e80a8f151e67"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"eb703740c78563e9b3ddc6eca3004a1899c261c0f4b8f8c2a30609cfb218fe60"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"23a82ae670ba05d9e631465cd80119099a698f7bb6ce35bd7925054ecbb5d23d"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"73f656e5a7a5e03ffe878730d5518802e247556396cac243792f103ced3a838a"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"d7196db8b3f3b1dea43536eceaf08ad386d8e7770274c412fb78e90d7cacba3a"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"97186e2560f46594f569691b2b2f4e9b066fefe9705e9fb33fbc4dcbdf5fe8e9"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"32738d5ee1a8f3079a362fc7718ea778ac7d4c513b04676fc3438e892164cdce"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"2798a6aae2ef13cac83d30e4608fd5ad16f99d0c57d254e357664aab6a3bd923"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"ec1a10ad665073d355d55755677590e1f6f4b0075bc5ad7e70fb51007deab206"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"9855ea9b048f25294681868264886b5fc44c8c295cd8c3f938f4fa492de5a057"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"4fa4a09cdade58c8e7217f64bc4e3b99e04e0b1f56613ca1dd03370d1abc6cc4"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"761b4472f7ec584799e9e16b2c075cd71a2c8cddc2b4d3a990eba93796ecbe10"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
}
],
"version":1,
"vin_sz":20,
"hash":"a523768de0835ee210d8afe47593328df2369267cecd5cea57ab5be28520ad5e",
"vout_sz":1,
"out":[
{
"script_string":"OP_DUP OP_HASH160 d29dde3ae2b63619bb2ccaf0219a368d758dfcd0 OP_EQUALVERIFY OP_CHECKSIG",
"address":"1LCe29mys7ieDGJunTczRos9PjvvzF2ggu",
"value":6660000000,
"script":"76a914d29dde3ae2b63619bb2ccaf0219a368d758dfcd088ac"
}
]
} |
|
|
|
|
|
pebwindkraft
|
|
February 12, 2018, 07:38:58 PM |
|
I think RGBKey explained it pretty well for use of bitcoin core wallet. I agree to the steps and process. However: if you don‘t use a wallet software, and create the tx e.g. at the command line, you can assemble a tx completely offline. You would transfer only public known information. For sure you would need to know the tx details, like previous tx IDs, outpoints, amounts and pk scripts. Assembly could happen on the offline PC, and signing as well.
At the end the signing is a process of the tx hash, but it involves several steps of data management, and therefor you need all tax details on the cold storage system before signing.
|
|
|
|
|
|
RGBKey
|
|
February 12, 2018, 08:03:36 PM |
|
Thank you for the clarifications Do you see any contrainst that can make it difficult for to move the transactions (in the two ways : from connected device, to disconnected and disconnected to connected) through QR-codes ? I guess the limit is the number of caracters i'm moving. I don't want any physical connection between my computer and my 'cold' storage device. Also, does these processes (generating a tx offline, signing it offline, broadcast it online) apply to Etherum and other cyrpto-currencies ? Thanks in advance, For example: This is an unsigned transaction: Looks too long to be qr-coded ? {
"lock_time":0,
"size":1364,
"inputs":[
{
"prev_out":{
"index":0,
"hash":"2738c88b71a466c1e844b46156abfb1533fd11adf1db97215e6c80162b7cb9ce"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"2527485015ce0502988cbc3f8b7f4ef7e38ebb00ad6d4b4f5a817c0b5869b657"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"19f54045219638bdb6bf04c1599a64d9915b0c07c71159224e0927ec65ae26f5"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"e100fa80e99a0928bbd55278cd85d8ed9ecc54dd2de4f93a3e7dd1fabaac22e7"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"b0b96a76f6d65f49328586844589128072f877e7e0b78d67268e4ccf8246d005"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"a19c058e8edcbc63028f7bf92aa75de983aa8c589cb226040cc6425f9fedfaf9"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"eab87650588dfec3cafcf616984a57aab7769c989923ca6920407ae0459b4454"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"93afec66aa1b4e5cac21d13f8225c1d04ceb3779c07e9ce4294ebad12d264824"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"41ec28321aac32d3200cf218b4a287167ac5f2c65bcef51caea0e80a8f151e67"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"eb703740c78563e9b3ddc6eca3004a1899c261c0f4b8f8c2a30609cfb218fe60"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"23a82ae670ba05d9e631465cd80119099a698f7bb6ce35bd7925054ecbb5d23d"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"73f656e5a7a5e03ffe878730d5518802e247556396cac243792f103ced3a838a"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"d7196db8b3f3b1dea43536eceaf08ad386d8e7770274c412fb78e90d7cacba3a"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"97186e2560f46594f569691b2b2f4e9b066fefe9705e9fb33fbc4dcbdf5fe8e9"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"32738d5ee1a8f3079a362fc7718ea778ac7d4c513b04676fc3438e892164cdce"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"2798a6aae2ef13cac83d30e4608fd5ad16f99d0c57d254e357664aab6a3bd923"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"ec1a10ad665073d355d55755677590e1f6f4b0075bc5ad7e70fb51007deab206"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"9855ea9b048f25294681868264886b5fc44c8c295cd8c3f938f4fa492de5a057"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"4fa4a09cdade58c8e7217f64bc4e3b99e04e0b1f56613ca1dd03370d1abc6cc4"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
},
{
"prev_out":{
"index":0,
"hash":"761b4472f7ec584799e9e16b2c075cd71a2c8cddc2b4d3a990eba93796ecbe10"
},
"script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
}
],
"version":1,
"vin_sz":20,
"hash":"a523768de0835ee210d8afe47593328df2369267cecd5cea57ab5be28520ad5e",
"vout_sz":1,
"out":[
{
"script_string":"OP_DUP OP_HASH160 d29dde3ae2b63619bb2ccaf0219a368d758dfcd0 OP_EQUALVERIFY OP_CHECKSIG",
"address":"1LCe29mys7ieDGJunTczRos9PjvvzF2ggu",
"value":6660000000,
"script":"76a914d29dde3ae2b63619bb2ccaf0219a368d758dfcd088ac"
}
]
}That is an unusually large transaction with many inputs, and it is also in JSON format instead of standard raw hex format used for transactions. It would need to be serialized first or read by a program that understands that encoding. |
|
|
|
|
|
|
nakotashisamatoshoketchup (OP)
Newbie
Offline
Activity: 6
Merit: 2
|
|
February 13, 2018, 10:01:17 AM |
|
If i cannot move the information trough a qr-code.. then, or with difficulty, the only option remaining is to transfer it between the two devices (online > offline & offline > online) through a cable. How trezor/ledger and other cold wallet devices manage to unsure this communication ? I imagine that the communication is itself encrypted, and that it doesnt contain at any moment private keys. Let's say i have two computers, one connected to the blockchain, and one that will never be. Instead of linking the two devices with a cable that can compromise the cold device, what do you think of the idea of putting a 'cold' stack storage in the middle that each device can communicate with the other using a middle cold storage by depositing certain types of files ? (which can be an sd-card, for example) ? See my proposal attached. https://imgur.com/a/4mGin |
|
|
|
|
|
RGBKey
|
|
February 13, 2018, 03:55:46 PM |
|
You can just use a flash drive, or hand type it.
|
|
|
|
|
nakotashisamatoshoketchup (OP)
Newbie
Offline
Activity: 6
Merit: 2
|
|
February 13, 2018, 04:24:52 PM |
|
I'm trying more to find a way to industrialize it and minimize user interaction.
Also, i'm trying to find out what can be a the safest way to interact between the 2 devices.
For information, i'm planning to use AES 256 to encrypt the private keys on the cold device part.
- exporting unsigned transactions through qr-code seems complicated when it comes to +2K characters. I thought about cuting the transaction into 5 smaller qr-code with different colors and concatenate the transaction on the other device. Seems a bit complicated, right ?
- if i plan to have a physical connection between the devices, then, what about a usb cable that has a two-way read/write function on a 'temp' storage ? in clear: ability to deposit/read files and detect the presence of new files. Can it be safe ?
thanks
|
|
|
|
|
|
RGBKey
|
|
February 14, 2018, 02:01:49 AM |
|
I'm trying more to find a way to industrialize it and minimize user interaction.
Also, i'm trying to find out what can be a the safest way to interact between the 2 devices.
For information, i'm planning to use AES 256 to encrypt the private keys on the cold device part.
- exporting unsigned transactions through qr-code seems complicated when it comes to +2K characters. I thought about cuting the transaction into 5 smaller qr-code with different colors and concatenate the transaction on the other device. Seems a bit complicated, right ?
- if i plan to have a physical connection between the devices, then, what about a usb cable that has a two-way read/write function on a 'temp' storage ? in clear: ability to deposit/read files and detect the presence of new files. Can it be safe ?
thanks
Sounds like you're almost talking about hardware wallets. Hardware wallets are devices which hold the private keys on them. You connect them to online computers, which build unsigned transactions and send them to the hardware wallet to sign. The transactions are then signed by the hardware wallet when the user presses a button confirming the transaction, the details of which are usually displayed on a screen. This way the private keys never touch the online device |
|
|
|
|
|
pebwindkraft
|
|
February 14, 2018, 07:45:21 PM |
|
I'm trying more to find a way to industrialize it and minimize user interaction.
Also, i'm trying to find out what can be a the safest way to interact between the 2 devices.
For information, i'm planning to use AES 256 to encrypt the private keys on the cold device part.
...
thanks
I am currently playing with my cold storage systems (single board computers like OrangePi, RaspberryPi...). They usually have a USB and Ethernet and/or WiFi. - Ethernet is not desired, cause all known problems of „connectivity“ malware - USB cable would be like a HW wallet (no re invention of the wheel please) - USB Stick between two different OS is deemed to be secure - QR Codes: you outlined already everything remains serial and Bluetooth. Both allows to send data in a client-to-client way. Looking at serial, they are most probably dead on standard HW, but I use USB2serial. Advantage is, that the listening Programm cannot inject malware, cause code stacks are well known, open source. And you really see “immediately”, what data get’s exchanged, when using terminal programs like minicom/cu/screen or the Windows terminal. Bluetooth has a similar approach, but there again is often a stack or library below, that one cannot always control. |
|
|
|
|
nakotashisamatoshoketchup (OP)
Newbie
Offline
Activity: 6
Merit: 2
|
|
February 15, 2018, 11:43:53 AM |
|
Wow. thanks. that was exactly my point I have actualy two options: - divide the unsigned (and signed) transaction into x qr-code, but it doesn't seem super user-friendly - work on a specific cable with a middle 'storage' communication device, based on an sd-card. subtility: be able to detect when the sd-card is in use by one of the device and avoid writing/reading from the other. I'll just write json files and timestamp them to allow the devices to interact with each others. I'm trying more to find a way to industrialize it and minimize user interaction.
Also, i'm trying to find out what can be a the safest way to interact between the 2 devices.
For information, i'm planning to use AES 256 to encrypt the private keys on the cold device part.
...
thanks
I am currently playing with my cold storage systems (single board computers like OrangePi, RaspberryPi...). They usually have a USB and Ethernet and/or WiFi. - Ethernet is not desired, cause all known problems of „connectivity“ malware - USB cable would be like a HW wallet (no re invention of the wheel please) - USB Stick between two different OS is deemed to be secure - QR Codes: you outlined already everything remains serial and Bluetooth. Both allows to send data in a client-to-client way. Looking at serial, they are most probably dead on standard HW, but I use USB2serial. Advantage is, that the listening Programm cannot inject malware, cause code stacks are well known, open source. And you really see “immediately”, what data get’s exchanged, when using terminal programs like minicom/cu/screen or the Windows terminal. Bluetooth has a similar approach, but there again is often a stack or library below, that one cannot always control. |
|
|
|
|
|
