Bitcoin Forum
January 21, 2017, 06:42:52 AM *
News: Latest stable version of Bitcoin Core: 0.13.2  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Open Source Online Wallet  (Read 4437 times)
riush
Member
**
Offline Offline

Activity: 73


View Profile
June 05, 2011, 09:24:55 PM
 #1

During the last days I started hacking together a little online-wallet and thought some of you might be interested.

It is based on the bitcoind RPC API for handling accounts and adds custom labels stored in database.

If you want to send coins to a labeled address, just start typing the label and it will autocomplete.

It is a Ruby/Rails application released under the MIT license, so you can setup your own online wallet or even run it locally and use it instead of the default client UI.

Note that this is just a very early development version which still needs a lot of work.

Project/Source: http://open.sourceagency.org/projects/webtc
Demo (testnet): http://webtc.interesthings.de
(There is a demo Account: foo@bar.baz / password, but feel free to create new accounts, the email doesn't have to exist)

Feedback, bug reports, patches and donations welcome Smiley

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
riush
Member
**
Offline Offline

Activity: 73


View Profile
June 15, 2011, 03:25:24 PM
 #2

Okay, I have deployed some updates, namely

  • localized everything and translated to english/german
  • account settings for language and units
  • display and treat all amounts in the configured unit (BTC, mBTC, uBTC, satoshi)

Despite no replies here, I noticed a few people were checking it out. What do you think? Does it look that bad? Wink

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
RodeoX
Legendary
*
Offline Offline

Activity: 2156


The revolution will be monetized!


View Profile
June 16, 2011, 01:14:27 PM
 #3

riush, that looks awesome! last night I used my Blu-Ray player to test! Thanks for distributing this as an open source project. It just expanded the world of bitcoin transactions to many new platforms.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin - https://bitcointalk.org/index.php?topic=1610684
wujh
Jr. Member
*
Offline Offline

Activity: 49


View Profile
June 16, 2011, 05:23:22 PM
 #4

During the last days I started hacking together a little online-wallet and thought some of you might be interested.

It is based on the bitcoind RPC API for handling accounts and adds custom labels stored in database.

If you want to send coins to a labeled address, just start typing the label and it will autocomplete.

It is a Ruby/Rails application released under the MIT license, so you can setup your own online wallet or even run it locally and use it instead of the default client UI.

Note that this is just a very early development version which still needs a lot of work.

Project/Source: http://open.sourceagency.org/projects/webtc
Demo (testnet): http://webtc.interesthings.de
(There is a demo Account: foo@bar.baz / password, but feel free to create new accounts, the email doesn't have to exist)

Feedback, bug reports, patches and donations welcome Smiley

it's wonderful. why not find some venture capital, and start a real business around the online wallet storage and payment service?

jimbo77
Member
**
Offline Offline

Activity: 78


View Profile
June 16, 2011, 07:31:13 PM
 #5

What do you do for security?
riush
Member
**
Offline Offline

Activity: 73


View Profile
June 17, 2011, 01:58:18 PM
 #6

it's wonderful. why not find some venture capital, and start a real business around the online wallet storage and payment service?

I'm thinking about that, but am not sure if I have the means/skills to cope with all the legal issues arising from taking responsibility for other people's money...
Maybe if we could get some kind of organisation started that can manage all of this - if anyone is interested and has the missing legal/financial experience, please contact me!

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
riush
Member
**
Offline Offline

Activity: 73


View Profile
June 17, 2011, 02:06:52 PM
 #7

What do you do for security?

That's a very good question, I'm thinking about it a lot.

The way I see it, there are different angles of security (and a few ideas what could be done about them, certainly not complete):

* Account security (someone steals your password or hacks your PC)
- Spending limits
- Transaction Authentication Numbers (TAN) - basically a big block of numbered passwords.
  Would it make sense to send them via email (optionally PGP/GPG encrypted)?
- Email Authentication - Confirmation email with code you have to enter for every transaction
- SMS Authentication - Basically the same but via SMS

* Server security (someone breaks into the server)
- Run a 'frontend' bitcoind and the 'real' (wallet-holding) bitcoind connects only to that
- Maybe run the webserver on yet another machine (but if an attacker were to get on the webserver,
  couldn't he just tell the bitcoind to spend the money - so it doesn't really improve anything..)
- Firewall everything except port 80 (443) on the webserver and a connection between our bitcoind's.

There is also the wallet encryption patch and the key im/export patch coming up. I didn't have time
to try them out yet; I'm really hoping they can be made to work together Wink

My vision is to have each user's keys encrypted separately, with me not having the ability to decrypt
them, until the user sends me a password/key which I'll never store on file anywhere.
Could ask for a password for every transaction, or take the account password and keep it in memory as long as the
session is active.

I'll definitely work on some of this over the weekend Smiley

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
flyswatta
Member
**
Offline Offline

Activity: 101



View Profile
June 17, 2011, 02:49:39 PM
 #8

Nice!  I like your idea of having it to front bitcoind or something.  I can see me using something like this so I could access my wallet while I'm not at home - much like mybitcoin.   I could even see me hosting it my self in the cloud somewhere so I wouldn't have to worry about my pc crashing or something losing my btc.  I wonder if something like this could run on dropbox? 
NothinG
Hero Member
*****
Offline Offline

Activity: 560



View Profile
June 17, 2011, 10:46:48 PM
 #9

Awesome project idea!

Nice!  I like your idea of having it to front bitcoind or something.  I can see me using something like this so I could access my wallet while I'm not at home - much like mybitcoin.   I could even see me hosting it my self in the cloud somewhere so I wouldn't have to worry about my pc crashing or something losing my btc.  I wonder if something like this could run on dropbox? 
Wouldn't dropbox need ruby support?

riush
Member
**
Offline Offline

Activity: 73


View Profile
June 19, 2011, 08:04:26 PM
 #10

Deployed another big update: bitcoin key encryption!

Quote from: README
Every user has a GPG key secured with his account password.
When a user signs out, all his bitcoin private keys are encrypted to this GPG key
and then removed from bitcoind.
When the user signs in again, he gives his password, the keys are decrypted and
loaded into bitcoind.
This way an attacker who compromised the server only has access to the currently
logged in users' money.

For this to work, you need a bitcoind that supports dumping, loading and removing
private keys. For the time being you have to use the 'showwallet' and 'removeprivkey'
branches from my git repo (git://github.com/mhanne/bitcoin.git).

This is still a little fragile so please report any bugs you notice.
Unfortunately, I had to dump all accounts so you have to create new ones.

I also fixed an issue with displaying and parsing amounts and added double check in english words on transaction confirmation page.

For those of us who run the server ourselves, there is now a little admin view giving a basic overview of all accounts.
Users have an is_admin column, just set it in the console for now.

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
riush
Member
**
Offline Offline

Activity: 73


View Profile
June 19, 2011, 08:19:45 PM
 #11

I forgot, there's one little problem: /dev/random is running low so generating a gpg key when an account is created takes ages...
For the testing instance I'm now filling /dev/random with 'entropy' from /dev/urandom, which is obviously not the way to go.
Does someone have any ideas about this - do i need a hardware random generator?

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
riush
Member
**
Offline Offline

Activity: 73


View Profile
June 25, 2011, 05:51:21 AM
 #12

Deployed a few updates again. Most notably transaction verification:

Quote from: README
There are different kinds of verifications, all have in common that they generate a
code, store a salted hash, and send it to the user through a specified delivery method.
Delivery methods can be email, SMS, Jabber, whatever.. (only email yet).
A user can define rules which specifiy an amount, a time frame and a verification method.
Each transaction exceeding the amount in the given timeframe needs to be verified with
the defined method. Codes are sent to the user and they must be entered on a confirmation
page before the transaction is sent to bitcoind.
There are also two special kinds of verifications:
"Confirm" only displays the confirmation page, but provides the code in a hidden form field.
"Deny" throws away the code so it can never be verified; to be used for hard limits.

In other words, you can define rules like ">1 BTC per day must be verified by email", ">10 BTC per day must be verified by SMS" or ">100BTC per day may never be sent".
When you create a transaction, it applies all matching rules and asks for verification via all the methods.

I'm also planning on implementing various other verification methods like SMS, Jabber, TANs, etc. Any other ideas?

The bitcoin key encryption is now optional, so it can be used with a regular (unpatched) bitcoind again, and every user can choose if he wants it (and thus be responsible for not forgetting his password).

Last but not least, I've startet writing tests for the whole beast, quite random and incomplete yet, but it's a start - if you change something please make sure they pass Smiley

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
Ryland R. Taylor-Almanza
Hero Member
*****
Offline Offline

Activity: 826



View Profile
July 12, 2011, 03:23:11 AM
 #13

Cool project. I'll be watching this.
riush
Member
**
Offline Offline

Activity: 73


View Profile
July 13, 2011, 09:11:55 PM
 #14

Little warning: Don't use with 0.3.24 - it has a bug where bitcoind doesn't consider the address for newly created accounts as "mine". It's fixed in git master.

Also, fixed a few bugs and added transaction display in admin.

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
idev
Hero Member
*****
Offline Offline

Activity: 847


View Profile WWW
July 16, 2011, 07:17:51 PM
 #15

Cool project. I'll be watching this.

Indeed, very nice.
riush
Member
**
Offline Offline

Activity: 73


View Profile
July 18, 2011, 10:55:48 PM
 #16

Cool project. I'll be watching this.

Indeed, very nice.

Glad you like it! Feedback is much appreciated Smiley

Unfortunately I haven't had much time lately, but I'll definitely try to clear a few hours this week.

Has anybody looked at the code yet? Do you think it's a good idea to basically use the data from bitcoind and 'augment' it with stuff from the database?
The next thing i was planning to do is to better integrate transactions from bitcoind and the database.

Another important thing is how verification rules can be removed. Currently you can just go 'delete', which kinda defeats the whole purpose.
I was thinking to just verify the deletion of the rule with the specified method (to delete an email verification rule, you need to do an email verification, etc).
But I'm not sure what to do about the limits.. Do you think its okay to just wait a week until the weekly limit is removed, for example?

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
riush
Member
**
Offline Offline

Activity: 73


View Profile
July 21, 2011, 12:12:30 AM
 #17

Took a minor detour from what I had planned and implemented support for importing/rebroadcasting offline transactions as implemented by piotr:
https://forum.bitcoin.org/index.php?topic=28278.0

Everyone (not just registered users) can upload an offline transaction and it gets broadcast to the network every half hour until it makes it into a block.
(With a limit of 100 tries in case the transaction is just bogus / will never be accepted)

http://webtc.interesthings.de/transactions/import

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!