base58 offline transaction generator

[fergalish]

Inspired by the Isosceles's post linked below, I thought it would make an *excellent* addition to bitcoin - the ability to generate and export a transaction from an offline machine, then import that transaction to a networked machine which would broadcast it.

http://forum.bitcoin.org/index.php?topic=15068.msg215743#msg215743

So suppose you have your offline savings wallet.dat, and your online one for spending.  By shifting entire .bitcoin directories around on USB keys, and running two instances of bitcoin simultaneously on the offline machine (one with -nolisten, and with different RPC ports,  not for the faint-hearted), the offline wallet could come to know about its balance.

But in order to transact it must be connected to the network.  So... how about you could generate a base58 transaction from the offline client, save it on USB (or write it down if you're really paranoid) and import it to the online wallet which would then broadcast.

[1713567068]

1713567068

[1713567068]

1713567068

[1713567068]

1713567068

[fergalish]

Was this such an extraordinarily terrible idea that nobody wants to waste their time criticising it, or was it such an extraordinarily excellent idea that nobody wants to waste their time praising it?

[joan]

I think it's a nice idea
To bring the offline wallet up to date you could just copy the blockchain file over and restart the client. (using -rescan option if needed).
The exported transaction doesn't have to be Base58, it could just be in binary form or in JSON, as long as it can be transported elsewhere.

Could also be used to delay a transaction broadcast, or to reduce the risk of eavesdropping when the attacker controls nodes at both ends of your node. Create the TX, then send it by mail to a third party, and only they will start propagating it.

[fergalish]

The exported transaction doesn't have to be Base58, it could just be in binary form or in JSON, as long as it can be transported elsewhere.

The idea of base58 is so you can write the transaction down on paper, only for the ultra-paranoid: what if there's a trojan on your USB key?  To keep your offline wallet.dat as safe as can be, there must never be any possibility that information is digitally taken from the offline machine and placed on a networked machine.

Obviously, for the super-ultra-paranoid, you'd have to physically destroy the USB key you used to copy over the blockchain.  The regular ultra-paranoid could simply overwrite the USB device file with random data before removing it from the offline machine - see shred(1) or wipe(1).  You could, I suppose, take a sha256sum of the usb key before removing it, or mount it read-only, but that's all just software security.  USB keys do all sorts of funny dynamic block remapping and wear-leveling, and I wouldn't be too surprised if someone somewhere knows how to exploit that.

The normally paranoid (i.e. not ultra) amongst us (and who isn't, given the recent thefts), could use binary or json as you suggest, and copy the transaction over USB.

This could be used in conjunction with private key dumps (there was a thread about that) in order to keep a backup copy of the (encrypted?) private keys - still in base58 to write it down of course.  The super-ultra-paranoid might have to worry about EM radiation from their monitor leaking crucial information though... see
http://en.wikipedia.org/wiki/Side_channel_attack

[Ente]

I think this, to have offline transactions, is one of the most important pieces missing at the moment. Much more important than encryption on keyimport/export (which can be done with external tools by now).
No serious company handling a lot of money will accept to have their wallet.dat on an online node.

Yes, please, write a working toolset for this! This really has to find its way into the official client soon!

Ente

[payb.tc]

Yes, please, write a working toolset for this! This really has to find its way into the official client soon!

i'm almost certain someone has written a working implementation, although it's not in the official client yet.

(i wish i could remember who/where i read about it though).

[jackjack]

Yes, please, write a working toolset for this! This really has to find its way into the official client soon!

i'm almost certain someone has written a working implementation, although it's not in the official client yet.

(i wish i could remember who/where i read about it though).

Never heard about that before, and can't find anything
If you remember, please post

[payb.tc]

Yes, please, write a working toolset for this! This really has to find its way into the official client soon!

i'm almost certain someone has written a working implementation, although it's not in the official client yet.

(i wish i could remember who/where i read about it though).

Never heard about that before, and can't find anything
If you remember, please post

i searched the forum for "offline import" and found the thread i was thinking of:

https://bitcointalk.org/index.php?topic=28278.msg355646#msg355646

[NetTecture]

I think this, to have offline transactions, is one of the most important pieces missing at the moment. Much more important than encryption on keyimport/export (which can be done with external tools by now).
No serious company handling a lot of money will accept to have their wallet.dat on an online node.

Yes, please, write a working toolset for this! This really has to find its way into the official client soon!

Ente

it is not only offline. It would also those busineses more professional than mybitcoin allow to separate their backend from the frontend, keeping addresses and keys ina separate database system not connected to the bitcoin network. Nothing against the bitcoin application, but I doubt the scalability for hundreds of thousands of addresses permanently in use.

[ctoon6]

don't waste your time, it would be far easier to export signed transactions.

[etotheipi]

This is one of the main features I wanted to implement in my own client, but I'm not sure I understand your implementation.  I'm not sure why you would have to format your key after using it.

I believe the best way is to have a program on your offline computer that scans the blockchain and your wallet, finds all your available TxOuts that can be used, and then saves a signed transaction packet to  file.  The offline computer would ask "To whom and how much?"  You put in the target address and amount, and it spits out a transaction.tx file which you copy to your USB key.  You bring the key to your online computer and the client (perhaps a special program) would load the .tx file and broadcast it. 

At least that's what I plan on doing if I can ever get my client together.  This seems like the most straightforward way, and guarantees that no private key data ever touches the USB key. 

P.S. - In fact, I know there's a website someone made that allows you to copy the raw binary transaction into the textbox and it will broadcast it for you, so you don't even need any special client on the online computer.  If someone has the link for that site, I think it would be very useful.

[NetTecture]

don't waste your time, it would be far easier to export signed transactions.

It would also be safer. An enterprise solution would accept signed transactions from a backend - either via network, or via medium (i.e. saved to a file).

The backend could keep a database of addresses, balances and keys, read transactions from a web service (i.e. what did get moved) and generate signed transactions that then get imported / sent to a node.

[fergalish]

don't waste your time, it would be far easier to export signed transactions.

It would also be safer. An enterprise solution would accept signed transactions from a backend - either via network, or via medium (i.e. saved to a file).
The backend could keep a database of addresses, balances and keys, read transactions from a web service (i.e. what did get moved) and generate signed transactions that then get imported / sent to a node.

Sorry for the delay getting back.   This is more or less what I mean here.  You generate a transaction on an offline machine, and export it to some transportable encoding.  Why should the transaction be signed?  Because someone could change the destination address perhaps?  Ok you're right, hadn't thought of that.  Signed offline transactions so.

This is one of the main features I wanted to implement in my own client, but I'm not sure I understand your implementation.  I'm not sure why you would have to format your key after using it.

The offline computer would ask "To whom and how much?"  You put in the target address and amount, and it spits out a transaction.tx file which you copy to your USB key.  You bring the key to your online computer and the client (perhaps a special program) would load the .tx file and broadcast it.  

At least that's what I plan on doing if I can ever get my client together.  This seems like the most straightforward way, and guarantees that no private key data ever touches the USB key.  

Formatting the key, only if you're very paranoid, is necessary in case your offline machine is infected with (clever) malicious software which hides your private keys somewhere on the USB key.  Your method here would fail in that attack scenario.  e.g. Where did you download that ubuntu ditribution from?  Did you check the SHA256SUM and the GPG signatures?  Do you trust Canonical and all its employees?  Has anyone been in the room alone with your offline computer?  Ok, in that case, they've already downloaded the wallet file, but you get the idea.

This is why I suggest base58 - the offline computer spits out the transaction on-screen, you write it down pen-on-paper, and then manually type it in elsewhere.

Of course, if you're not so paranoid, USB is fine...

[etotheipi]

I think we're in agreement.  My own use cases don't require that level of paranoia, but someone with millions of dollars would probably prefer to spend the extra effort to avoid the remaining attack vectors. 

One thing you could do is keep the wallet on a laptop, and when you want to move the money, it will display a QR code on-screen containing the signed transaction (or print it).  Just hold it up to your online computer's camera and it will detect and broadcast automatically.  Perhaps it's more effort than it's worth, but it would probably be easier and less cumbersome for the rich guy that doesn't want to do a lot of work to maintain an offline wallet.

[piotr_n]

Yes, please, write a working toolset for this! This really has to find its way into the official client soon!

i'm almost certain someone has written a working implementation, although it's not in the official client yet.

(i wish i could remember who/where i read about it though).

Never heard about that before, and can't find anything
If you remember, please post

i searched the forum for "offline import" and found the thread i was thinking of:

https://bitcointalk.org/index.php?topic=28278.msg355646#msg355646

Yeap, I've covered it some time ago.
And it actually works - at least as far as I have needed it so far.
I believe importing/exporting of transactions should become an option that is built into the official client. Though, not necessarily this particular implementation.

[Jørgen Moe]

Yes, please, write a working toolset for this! This really has to find its way into the official client soon!

i'm almost certain someone has written a working implementation, although it's not in the official client yet.

(i wish i could remember who/where i read about it though).

Never heard about that before, and can't find anything
If you remember, please post

i searched the forum for "offline import" and found the thread i was thinking of:

https://bitcointalk.org/index.php?topic=28278.msg355646#msg355646

Very cool, thank you sir.