POLL - Importing Private Keys in Satoshi Client.

[DannyHamilton]

. . . Right below the text box where they type the key.  "Remember this key and sweep any future incoming payments?". . .

Interesting idea, I'm curious though about how it would handle the likelihood that autoswept funds would need a transaction fee?  What if the transaction fee ended up being a significant portion (or all) of the the swept funds?

[casascius]

. . . Right below the text box where they type the key.  "Remember this key and sweep any future incoming payments?". . .

Interesting idea, I'm curious though about how it would handle the likelihood that autoswept funds would need a transaction fee?  What if the transaction fee ended up being a significant portion (or all) of the the swept funds?

It would have to pay the fee out of the autoswept funds - there's no clean alternative.  To avoid the fee, it would have to involve some of the user's coins (messy), or wait until the transaction is old enough (not good).

If the fee were most or all of the swept funds, it might as well not attempt to sweep them.

Advanced configuration options could include: Minimum amount to auto-sweep? (default: 0.01 BTC).  Auto-sweep even when a fee must be deducted? (default: yes)

[JackH]

Guys I really think this should be either kept extremely simple or extremely complex (from a general users point of view).

Mom and pop out there (which is pretty much the entire world online right now), have never even touched anything we all know as FTP client.

The gap between this little core of people here and the world is huge. Adding something that is way to user friendly will piss people off here since its not allowing for cool functions. Adding it too complex wideness the gap to mom and pop people. Plugins are seriously a great way to archive all the geekishness and still have a client that will only take mom and pop users 1 year to understand 

[casascius]

Guys I really think this should be either kept extremely simple or extremely complex (from a general users point of view).

Mom and pop out there (which is pretty much the entire world online right now), have never even touched anything we all know as FTP client.

The gap between this little core of people here and the world is huge. Adding something that is way to user friendly will piss people off here since its not allowing for cool functions. Adding it too complex wideness the gap to mom and pop people. Plugins are seriously a great way to archive all the geekishness and still have a client that will only take mom and pop users 1 year to understand  

I totally agree with the concept of plugins but believe that sweeping private keys should be a core feature.  Kind of like a normal bank account: depositing cash and checks is a core feature, investing in stocks is a plugin.

Everyone has used an FTP client before... to name a few in no particular order: Internet Explorer, Chrome, Safari, Firefox.  Being able to browse the web doesn't make them any less an FTP client.

[Sukrim]

I believe on the contrary that private keys should be kept private as much as possible and never exposed to users to "redeem" or "swipe" in the first place. Importing private keys for anything else than constantly monitoring their addresses and swiping them is dangerous at best and leads to a lot of coins lost at worst.

I'd rather have people come up with a way to create signed transactions that can go to any address and trade these around than exposing private keys and thinking about how to swipe them again and who else might have seen them.

[SgtSpike]

I believe on the contrary that private keys should be kept private as much as possible and never exposed to users to "redeem" or "swipe" in the first place. Importing private keys for anything else than constantly monitoring their addresses and swiping them is dangerous at best and leads to a lot of coins lost at worst.

I'd rather have people come up with a way to create signed transactions that can go to any address and trade these around than exposing private keys and thinking about how to swipe them again and who else might have seen them.

I disagree.

Say I've just generated a vanity address that I wish to use in my QT client.  Aside from some command-prompt wizardry, there is no way for me to use it.

If an import option is offered, it absolutely MUST have the option to NOT sweep the funds.  I don't care if that is a feature reserved in some advanced options dialog, but it NEEDS to be an option.  There are plenty of legitimate use cases where private key importation without instant sweeping is necessary and desirable.

Also, I am 100% for GUI-based private key exportation as well.  Keeping the private keys locked up in a non-accessible format only hinders flexibility.  Again, it can be in an advanced options dialog for all I care, but it really needs to be an option for those who want to use it.

[casascius]

I believe on the contrary that private keys should be kept private as much as possible and never exposed to users to "redeem" or "swipe" in the first place. Importing private keys for anything else than constantly monitoring their addresses and swiping them is dangerous at best and leads to a lot of coins lost at worst.

I am not sure I agree with such a blanket proposition.  I think the term "private key" is simply a language expression and does not mean that all "private keys" should be kept "private" the same way people should keep their genitals "private" while riding public transit.  Rather it should be dictated by the needs of the application employing them.

If a Bitcoin client using a deterministic wallet scheme would suffer a compromise of the whole wallet if one were to disclose a private key, well hell yeah, let's do our best to make sure the only way one can ever see one is to use no less than a debugger or a hacked client.  But if I want to make up a random number to assist me in handing you bitcoins on a piece of paper - a number that will be thrown away once you're done - just like a gift card or a money pack or phone card - I see no reason that that I should need to shield that number from your eyes the same way I'd be expected to shield you from seeing up my shorts... just because the algorithm you'll be feeding that number to refers to it as a "private" key.

[Sukrim]

Bad example:

The difference is like giving you a cheque that you can cash and teaching you how to forge my signature to sign one single transaction that I know about.

I know you want this functionality because of your coins and whatnot, but seriously I'd rather have sweeping private keys/wallets as a web service than within the client.
There needs to be a better way to keep bitcoins "portable" (= not under my control anymore but anyone else can redeem them to any address) than to give away private keys.

About vanity addresses, as far as I saw one can already combine a private key to such an address made up of 2 parts (so people can mine for them without knowing the private key), so that could be built in in some point of time. As you still need to have the 2nd part unique (and to your own) that doesn't solve the "physical bitcoin coin" issue though that anyone should be able to redeem.

[bg002h]

I think import private key should not be exposed to average users. Sweep private key should be offered instead.

Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.

https://en.bitcoin.it/wiki/Sweepprivkey

On the other hand, I see no reason why "sweep" would need to be under an advanced menu, any more than you'd expect "Redeem iTunes Gift Card" to be on the advanced menu of iTunes.

This would make a good topic for the foundation..

[casascius]

I know you want this functionality because of your coins and whatnot, but seriously I'd rather have sweeping private keys/wallets as a web service than within the client.

Because of my coins... and the bills you can print... and the bitcoins one can dispense from a vending machine, or a POS receipt printer, or a million other uses that don't involve smartphones and desktop PC's.

I'd rather have it in bitcoind, because then other websites can accept private keys directly as payment.  If I had to pick between having a "Casascius Coin Redeemer" in the client versus an RPC call for sweeping private keys, I'd enthusiastically opt for the latter.

There needs to be a better way to keep bitcoins "portable" (= not under my control anymore but anyone else can redeem them to any address) than to give away private keys.

But there's not, and there's nothing wrong with that.  Private keys are just numbers.  Ultimately you have to give somebody 1's and 0's they have to keep private so they can take the money and nobody else, regardless of how it's implemented.

About vanity addresses, as far as I saw one can already combine a private key to such an address made up of 2 parts (so people can mine for them without knowing the private key), so that could be built in in some point of time. As you still need to have the 2nd part unique (and to your own) that doesn't solve the "physical bitcoin coin" issue though that anyone should be able to redeem.

That's already been built.  https://bitcointalk.org/index.php?topic=128699.0.  You can have a two-factor trust-in-nobody physical bitcoin today, and I brought it to you.  You can even print your own two-factor paper wallets.  The second factor can be a full private key or just a passphrase.  Best yet (fwiw), if a website offered a "redeem" option, a user would never see the unencrypted private key (assuming that really matters).

[FreeMoney]

but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?".

This is good. May be instead of 'your other secure addresses' this warning should read 'your organic addresses'? Just mark addresses to imported and organic with proper warning if imported addresses are attempted to be used as payment receipt or request payment addresses.

Small nitpick. The wording should not be "Your funds can be stolen" but "The funds are not yours" or something like that.

[bitfreak!]

Just look at the results of the poll so far. Why are we even debating whether people want this or not. It's clear most people want it. Hell, there have been several times where I could have used it for multiple different reasons. And a lot of those times I wouldn't need the sweep function either, I just wanted to import my private keys in a simple easy way. Is that so much to ask for christ sakes. If we are letting stupid people be the guide of bitcoins future, the future is looking dull.

My suggestion solves all the problems. It lets people know the risk of not sweeping the funds, and gives them the option of sweeping the funds, but also allows them to import the key without sweeping the funds. It's important to have both options available because they both server their own purpose and are useful under different circumstances. This isn't rocket science.

[SgtSpike]

Bad example:

The difference is like giving you a cheque that you can cash and teaching you how to forge my signature to sign one single transaction that I know about.

I know you want this functionality because of your coins and whatnot, but seriously I'd rather have sweeping private keys/wallets as a web service than within the client.
There needs to be a better way to keep bitcoins "portable" (= not under my control anymore but anyone else can redeem them to any address) than to give away private keys.

About vanity addresses, as far as I saw one can already combine a private key to such an address made up of 2 parts (so people can mine for them without knowing the private key), so that could be built in in some point of time. As you still need to have the 2nd part unique (and to your own) that doesn't solve the "physical bitcoin coin" issue though that anyone should be able to redeem.

So that's your preference, but why prevent other people from using the client how they wish?  If I KNOW I am the sole owner of a particular private key, then why should I not be able to import it into my client so it can hang with the rest of my bitcoin wallet?

Vanity addresses can easily be generated by anyone on their home machines.  It doesn't have to be through a two-factor system (though I admit that the vanity-gen pool is very neat as well!)

I understand protecting people from stupidity, but the restrictions you'd like to see are going too far.  You eliminate so many use-cases by not allowing private key imports.

Just look at the results of the poll so far. Why are we even debating whether people want this or now. It's clear most people want it. Hell, there have been several times where I could have used it for multiple different reasons. And a lot of those times I wouldn't need the sweep function either, I just wanted to import my private keys in a simple easy way. Is that so much to ask for christ sakes. If we are letting stupid people be the guide of bitcoins future, the future is looking dull.

My suggestion solves all the problems. It lets people know the risk of not sweeping the funds, and gives them the option of sweeping the funds, but also allows them to import the key without sweeping the funds. It's important to have both options available because they both server their own purpose and are useful under different circumstances. This isn't rocket science.

Lol, +1.  I don't understand why this is even a debate.

[etotheipi]

If you're willing to go as far as creating plugins for Bitcoin-Qt to do this, you might as well just use Armory.  It basically is an add-on, and both importing and sweeping are supported.  Only sweeping is supported if you are in "Standard" usermode, with importing being available in "Advanced" and "Expert" (for reasons already described here).  It also has batch-importing/sweeping so you don't have to wait for a rescan between each one.  Not to mention all the other nice benefits of Armory: printable one-time-only-needed backups, multi-wallet interface, simple cold storage with watching-only wallets... </shameless plug>

[SgtSpike]

If you're willing to go as far as creating plugins for Bitcoin-Qt to do this, you might as well just use Armory.  It basically is an add-on, and both importing and sweeping are supported.  Only sweeping is supported if you are in "Standard" usermode, with importing being available in "Advanced" and "Expert" (for reasons already described here).  It also has batch-importing/sweeping so you don't have to wait for a rescan between each one.  Not to mention all the other nice benefits of Armory: printable one-time-only-needed backups, multi-wallet interface, simple cold storage with watching-only wallets... </shameless plug>

I just wish it didn't require running both clients at the same time.  I suppose it's the same difference, but I don't like waiting for two large softwares to load up instead of just one.    I do agree that Armory is a much superior client to QT for a variety of reasons though.

[etotheipi]

If you're willing to go as far as creating plugins for Bitcoin-Qt to do this, you might as well just use Armory.  It basically is an add-on, and both importing and sweeping are supported.  Only sweeping is supported if you are in "Standard" usermode, with importing being available in "Advanced" and "Expert" (for reasons already described here).  It also has batch-importing/sweeping so you don't have to wait for a rescan between each one.  Not to mention all the other nice benefits of Armory: printable one-time-only-needed backups, multi-wallet interface, simple cold storage with watching-only wallets... </shameless plug>

I just wish it didn't require running both clients at the same time.  I suppose it's the same difference, but I don't like waiting for two large softwares to load up instead of just one.    I do agree that Armory is a much superior client to QT for a variety of reasons though.

It's a feature, not a bug... Armory inherits all the security properties of Bitcoin-Qt by using it as a gateway to the Bitcoin network.  If I rewrote all that stuff myself, it'd probably be a disaster.  And in the end, since you don't ever need to touch Bitcoin-Qt, you can just minimize it and pretend it isn't there.  Armory is a bit slow to start, but the recent beta release includes insta-load so you can manage your wallets (like importing keys) while it is scanning the blockchain. 

[SgtSpike]

If you're willing to go as far as creating plugins for Bitcoin-Qt to do this, you might as well just use Armory.  It basically is an add-on, and both importing and sweeping are supported.  Only sweeping is supported if you are in "Standard" usermode, with importing being available in "Advanced" and "Expert" (for reasons already described here).  It also has batch-importing/sweeping so you don't have to wait for a rescan between each one.  Not to mention all the other nice benefits of Armory: printable one-time-only-needed backups, multi-wallet interface, simple cold storage with watching-only wallets... </shameless plug>

I just wish it didn't require running both clients at the same time.  I suppose it's the same difference, but I don't like waiting for two large softwares to load up instead of just one.    I do agree that Armory is a much superior client to QT for a variety of reasons though.

It's a feature, not a bug... Armory inherits all the security properties of Bitcoin-Qt by using it as a gateway to the Bitcoin network.  If I rewrote all that stuff myself, it'd probably be a disaster.  And in the end, since you don't ever need to touch Bitcoin-Qt, you can just minimize it and pretend it isn't there.  Armory is a bit slow to start, but the recent beta release includes insta-load so you can manage your wallets (like importing keys) while it is scanning the blockchain. 

We're getting a bit sidetracked here, but if I import a key via Armory, is it then available in QT?

[etotheipi]

We're getting a bit sidetracked here, but if I import a key via Armory, is it then available in QT?

This is mostly relevant:  if users care this much about importing/sweeping keys, they should know that there are clients that support it -- and Armory makes it damned easy.  The downsides of Armory are also relevant, for those who are intrigued by this posting that haven't used Armory before.  Obviously, the discussion still needs to be had whether/how importing makes it into Bitcoin-Qt -- but I think it's appropriate for context to mention that there are alternatives.

The key will not be available in Bitcoin-Qt.  Using Armory is using a new wallet with a new interface, and is unrelated to your Bitcoin-Qt wallet.  You likely won't use your Bitcoin-Qt wallet again.  Not everyone wants to make the jump, but few users that do want to go back (especially users advanced enough to be importing keys).   Bitcoin-Qt functionality is almost strictly a subset of Armory's functionality.  It gives GUI users a ton more stuff (though, Armory doesn't do much for bitcoind users).  I can't imagine ever going back to a wallet that requires multiple backups at risk of losing coins...

[BkkCoins]

I find it odd that blockchain.info is reputed to be one of the easy clients and yet it has "Import Private Key" functionality, and Bitcoin-Qt is reputed to be the hard-to-use one and yet it doesn't have several features blockchain.info does. Have people complained that advanced features get in the way of simplicity with blockchain.info? If not, then what's the problem with bringing some more advanced features into Bitcoin-Qt?

I like the idea of plugins. ImportPrivKey could start out as a plugin included but disabled by default. Similar to how Deluge or other apps ship initially with some plugins included but not enabled.

[justusranvier]

It's a feature, not a bug... Armory inherits all the security properties of Bitcoin-Qt by using it as a gateway to the Bitcoin network.  If I rewrote all that stuff myself, it'd probably be a disaster.  And in the end, since you don't ever need to touch Bitcoin-Qt, you can just minimize it and pretend it isn't there.  Armory is a bit slow to start, but the recent beta release includes insta-load so you can manage your wallets (like importing keys) while it is scanning the blockchain.

Do you ever plan to make it possible to use bitcoind (possibly running on a different machine) instead of Bitcoin-Qt?