We would like to offer bitcoin wallets to our clients.
What is the best and most secure way to do this? Preferably we would not want to store the private keys of the address due to security issues but as I understand, there is no way to do this. So probably, the best way would be to secure the wallets as much as possible.
We are familiar with bitcoin-cli, blockchain.info API, PHP, Perl, databases, blockchain, 2FA, and various other APIs.
We want to achieve the following:
- client can access his / her wallet from the web or mobile apps
- client can only see and spend the funds that are on his account
- the most secure way to store the funds (basically noone should be able to access client's funds except the client, not even me as website owner or any of my developers...
)
Right now, our own wallet is on a standalone server running under bitcoin core, where all outgoing ports are closed except SSH for certain IPs.
Your comments and suggestions are quite welcome. Thanks.