Idea: Make it possible to import public keys

[holgero]

Hi,

I was reading through the guides how to set aside some of your bitcoins in a secured wallet. (Works like this: Create a new wallet on a second PC without internet access, create some addresses in it and store the wallet somewhere safe. Later on just send your money to the addresses in that wallet from your day to day wallet to tuck them away. Check with the blockexplorer if your funds arrived at the secured wallet. Never connect your secured wallet with the internet...)

But I found it a bit inconvenient to have to use the blockexplorer to verify whether your funds arrived safely in your secured wallet. So here is the idea:
If I could import the address from the secured wallet into my everyday wallet (but not the private keys!), I could let the bitcoin client take care of monitoring the transactions that concern my secured wallet. This way I could see (an estimate of) the balance in my secured wallet without compromising its security.

I could try coding this, but would you say it might be worth the effort (i.e. would it have a chance to be pulled)?

BTW: A side effect is that this functionality could be used to monitor the balance on arbitrary addresses conveniently with the client, but you can do this currently with the blockexplorer anyway.

[Forp]

I had a similar problem and wrote a small html page with embedded javascript. It checks the blockexplorer and the exchangerate and produces a nice web page where it lists all my accounts, with my btcs and converted into EUR - without having to start the bitcoin client with my wallet and the private keys.

There are 4 files you need, bitcoin.js with the script funcitonality, config.js (where you should edit the addAccount lines, replacing the FILLIN stuff with your bitcoin addresses, style.css for some cometics and sum.html as main file. I am using a bit of jquery, so you should make sure that all files including jquery_min.js (to be picked at the jquery website) reside in the same directory.

Then just load it with firefox version 3 and confirm the security dialogue. You will have to navigate to about:config and set signed.applets.codebase_principal_support to true as well.

I am including the files below. They are very far from perfect but help me solve my problem. They do not run in firefox 5 (mozilla removed the privilege manager), but version 3.6 is fine for this purpose. Do NOT put the code on a web server, it has security issues if you do not understand what I am doing here.

=== config.js:


// URL of the block explorer
const SERVICE_URL = "http://blockexplorer.com/address/";

// URL for the exchange rate
const EXC_RATE = "http://bitcoincharts.com/t/weighted_prices.json";

// default exchange rate
const CURR = "EUR";

// default weighting
const WHEN = "24h";

addAccount ("1PFILLIN", "Eligius");
addAccount ("1FILLIN", "Other");
fakeAccount ("1PRCQbVgLkNjUCWafA8UYsmBH1Ay7zyvu8");

exRate();
dobit();

=== bitcoin.js

var accounts=[];

function addAccount (address, name) { accounts.push ({address:address , name: name , org:true});}
function fakeAccount (address) {accounts.push ({address:address, name:"other", org: false});}

/// try to log a text in case console.log is defined
function myLog (text) {
  if (console && console.log) {
    try {console.log (text);} catch (x) {}
  } else {
    // alert ("Console not found for logging");
  }  
  return;
}

var request = false;
 
var sumReceived = 0;
var sumSent = 0;
var timesSent = 0;
var timesRcv = 0;
  
function makeRequest(account, mine, title) {
  url = SERVICE_URL+account;
  
  // check if we are loading from local file system
  if (!location.href.match(/^file.*$/)) {alert ("Incorrect location for privilege escalation; rejecting; probably attempted attack"); try{alert (location.href);} catch(e){} return;}
  try {netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");} catch (e) {alert("Permission UniversalBrowserRead denied.");}
 
  var request = false; request = new XMLHttpRequest(); if (!request) {alert('Cannot create XMLHTTP instance');return false;}
 
  request.title = title;
  request.mine = mine;
  request.account = account;
  
  request.onreadystatechange =  function () {
    myLog ("readystatechanged: "+ request.readyState + " " + request.status);
    if (request.readyState == 4) {
      if (request.status == 200) {
 
        myLog ("returned");
        if (!request.mine) {myLog ("Skipping output, not mine"); return;}
        
        var string = request.responseText;
        var received, sent, rTx, sTx;
        $(string).filter(".infoList").children().filter(":contains('Received BTC:')").each(function(idx,elem){
          received = elem.textContent;
          myLog(" "+elem.textContent);
          
        });
        myLog ("second");
         $(string).filter(".infoList").children().filter(":contains('Sent BTC:')").each(function(idx,elem){
          sent = elem.textContent;
          myLog(" "+elem.textContent);
          
        });
        
        $(string).filter(".infoList").children().filter(":contains('Received transactions:')").each(function(idx,elem){
          rTx = elem.textContent;
          myLog(" "+elem.textContent);
          
        });
        
        $(string).filter(".infoList").children().filter(":contains('Sent transactions:')").each(function(idx,elem){
          sTx = elem.textContent;
          myLog(" "+elem.textContent);
          
        });
        
        received = received.substring(14);
        sent = sent.substring (10);
        rTx = rTx.substring(23);
        sTx = sTx.substring(19);
        
        received = parseFloat (received);
        sent = parseFloat (sent);
        rTx = parseInt (rTx);
        sTx = parseInt (sTx);  
        timesSent += sTx;
        timesRcv  += rTx;
        
        sumReceived += received;
        sumSent += sent;

        try{$("#last").remove();} catch (x){} // before append, remove a last line (if exists)
        try{$("#curr").remove();} catch (x){} // before append, remove a last line (if exists)
      
        $("#mytable").append("<tr>" + "<td class='c1'>"+ request.title + "</td><td>" + request.account + "</td><td class='c2'>" + received + "</td><td>" +rTx + "</td><td class='c3'>" + sent + "</td><td>" +sTx+  "</td><td class='c4'>" + (received-sent) + "</td></tr>" );  
        
        finalize();  // calculate overall sums
        
     // alert(string);
      } else {
        alert('There was a problem with the request:'+request.status);
        console.log (request);
      }
    }
  }
  
  try {request.open('GET', url, true);} catch (e) {alert ("Exception on opening XHR"); alert(e);}
  try {request.send(null);} catch(e) {alert ("Exception on sending XHR"); alert (e);}
  
  try {netscape.security.PrivilegeManager.revertPrivilege ("UniversalBrowserRead");}
  catch (e) {alert ("error on reverting");}
}
 
function finalize() {
  $("#mytable").append("<tr id='last' style='font-weight:bold;'>" + "<td>"+ "Totals in BTC"+ "</td><td></td><td>" + sumReceived + "</td><td>" + timesRcv + "</td><td>" +sumSent + "</td><td>" +timesSent+ "</td><td>" + (sumReceived-sumSent) + "</td></tr>");
  $("#mytable").append("<tr id='curr' style='font-weight:bold;'>" + "<td>"+ "Totals in "+ CURR +" of "+ WHEN + "</td><td></td><td>" + sumReceived*exRate + "</td><td></td><td>" + sumSent*exRate + "</td><td></td><td>" + (sumReceived-sumSent)*exRate + "</td></tr>");
}

function dobit () {
  for (var i = 0; i < accounts.length; i++) {makeRequest (accounts.address, accounts.org, accounts.name);} }  

// get the exchange rate
function exRate() {
  
  // standard start
  if (!location.href.match(/^file.*$/)) {alert ("Incorrect location for privilege escalation; rejecting; probably attempted attack"); try{alert (location.href);} catch(e){} return;}
  try {netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");}  catch (e) {alert("Permission UniversalBrowserRead denied");}
  var request = false; request = new XMLHttpRequest(); if (!request) {alert('Cannot create XMLHTTP instance');return false;}
  
  request.onreadystatechange =  function () {
    myLog ("readystatechanged: "+ request.readyState + " " + request.status);
    if (request.readyState == 4) {
      if (request.status == 200) {
        myLog ("returned exchange rate");
        var string = request.responseText;
        var exch = JSON.parse (string);
        exRate = exch[CURR][WHEN];
        } else {
        alert('There was a problem with the exchangerate request request:'+request.status);
      }
    }
  }
  // standard end
  try {request.open('GET', EXC_RATE, true);} catch (e) {alert ("Exception on opening XHR"); alert(e);}
  try {request.send(null);} catch(e) {alert ("Exception on sending XHR"); alert (e);}
  try {netscape.security.PrivilegeManager.revertPrivilege ("UniversalBrowserRead");}  catch (e) {alert ("error on reverting permission at exRate()");}
}  
  
=== sum.html

<html>
<head>
<title>Bitcoin Summary</title>
<script src="jquery_min.js"></script>
<LINK REL=StyleSheet HREF="style.css" TYPE="text/css" MEDIA=screen>
</head>
<body>

<table id="mytable">
<tr id="row"><td class='c1'>Account</td><td class=''>Address</td><td class='c2'>BTC Rcvd</td><td>Tx Rcvd</td><td class='c3'>BTC Snt</td><td>Tx Snt</td><td class='c4'>BTC Total</td></tr>
</table>

<script src="bitcoin.js"></script>
<script src="config.js"></script>

</body>
</html>


=== style.css


html table tr td {font-family:verdana,sans-serif; font-size:smaller;}

#row {font-weight:bold; background-color:Aquamarine;}

#mytable {width:100%;}

tr {background-color:Bisque;}

.c1 {}

.c2 {}

.c3  {}

.c4  {}

#last {background-color:Aquamarine;margin:10px 0px 0px 0px;}

#curr {background-color: LightPink;}


=== and jquery_min.js from the jquery site


Enjoy !

[JoelKatz]

Once we get a good split of public/private keys in the client, I think the next step will be the ability to export, import, and delete public keys, private keys, and transactions.

I'm sure you were all with me until I said transactions. But think how useful this could be. You have a secure machine that has the private key to your savings account on it. You want to pay out some money, so you command the pay out on the secure machine. Then you export the transactions. You take the transactions to a machine that's online but doesn't have the private key to your savings account. You import the transactions. Done.

[holgero]

Thanks for your answers!

@Forp: Gave me a way to achieve what I wanted much easier than what I intended to do. I am sure I will give your java scripts a try soon! Thanks!

@JoelKatz: Yep, I can see that this is the bigger picture and export/import of transactions makes a lot of sense. With this approach one can even withdraw money from the secured wallet without ever exposing any private key to the internet. Very cool, thanks!