Bitcoin Forum
October 31, 2020, 07:54:58 AM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Transaction generation / offline signing blockchain  (Read 144 times)
nakotashisamatoshoketchup
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
February 12, 2018, 05:15:14 PM
 #1

Hi,
I'm trying to understand few points about blockchain and the way transactions works (and different possiblities).
There are my questions Smiley

1/ can we 'generate' a transaction offline, or generating a transaction has to interact with the blockchain (and be connected to the network) ?
2/ in the case a transaction has to necessarily be generated online : i understood that generating a transaction (from a source public address, destination, amount to transfer) is creating a 'raw' text that contains a lot of data ... i tried to generate one, it gives me a a raw text of more than 2000 caracters.
3/ to sign offline my transaction (which needs my private key), do i need necessarly this raw transaction ? or the transaction id is enough ?...
4/ how a signed transaction message looks like ? what exactly needs to be broadcasted ?

If you got it, i'm searching for a way to sign my transactions offline and understand which data are sent at what moment.
Ideally, i would use qr-codes for communication, but not sure if it's possible : it depends if data exposed are too heavy in caracters numbers, or not.

Thanks gents for your help,
1604130898
Hero Member
*
Offline Offline

Posts: 1604130898

View Profile Personal Message (Offline)

Ignore
1604130898
Reply with quote  #2

1604130898
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1604130898
Hero Member
*
Offline Offline

Posts: 1604130898

View Profile Personal Message (Offline)

Ignore
1604130898
Reply with quote  #2

1604130898
Report to moderator
1604130898
Hero Member
*
Offline Offline

Posts: 1604130898

View Profile Personal Message (Offline)

Ignore
1604130898
Reply with quote  #2

1604130898
Report to moderator
1604130898
Hero Member
*
Offline Offline

Posts: 1604130898

View Profile Personal Message (Offline)

Ignore
1604130898
Reply with quote  #2

1604130898
Report to moderator
RGBKey
Hero Member
*****
Offline Offline

Activity: 854
Merit: 631


rgbkey.github.io/pgp.txt


View Profile WWW
February 12, 2018, 05:38:33 PM
Merited by achow101 (2), nullius (1)
 #2

Transaction creation must be done on an online computer that has access to the blockchain. This is because to create a transaction, you need to know information about the inputs that are available to you to spend.

Transaction signing can be done on an offline computer. Since the offline computer wouldn't have access to the blockchain, typically the following is done:

  • Generate the unsigned transaction on an online, watching-only wallet. This wallet knows the public key of the Bitcoin address(es) you want to spend from but not the private key. This means it's secure, because if the online machine were hacked, attackers would not be able to gain access to your private keys.
  • Move the transaction via qr codes/flash drive/typing onto your offline computer that does contain your private keys, and sign the transaction.
  • Move the now signed transaction back to the online computer (or any online computer) and broadcast it to the Bitcoin network. This can be done via node software like Bitcoin Core, or through a few different web portals provided by other services.

This is typically referred to as cold storage, and is one of the safest ways to store Bitcoins.
nakotashisamatoshoketchup
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
February 12, 2018, 05:43:42 PM
 #3

Thank you for the clarifications Smiley

Do you see any contrainst that can make it difficult for to move the transactions (in the two ways : from connected device, to disconnected and disconnected to connected) through QR-codes ? I guess the limit is the number of caracters i'm moving.

I don't want any physical connection between my computer and my 'cold' storage device.

Also, does these processes (generating a tx offline, signing it offline, broadcast it online) apply to Etherum and other cyrpto-currencies ?

Thanks in advance,

For example:
This is an unsigned transaction:
Looks too long to be qr-coded ?

Code:
{
   "lock_time":0,
   "size":1364,
   "inputs":[
      {
         "prev_out":{
            "index":0,
            "hash":"2738c88b71a466c1e844b46156abfb1533fd11adf1db97215e6c80162b7cb9ce"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"2527485015ce0502988cbc3f8b7f4ef7e38ebb00ad6d4b4f5a817c0b5869b657"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"19f54045219638bdb6bf04c1599a64d9915b0c07c71159224e0927ec65ae26f5"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"e100fa80e99a0928bbd55278cd85d8ed9ecc54dd2de4f93a3e7dd1fabaac22e7"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"b0b96a76f6d65f49328586844589128072f877e7e0b78d67268e4ccf8246d005"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"a19c058e8edcbc63028f7bf92aa75de983aa8c589cb226040cc6425f9fedfaf9"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"eab87650588dfec3cafcf616984a57aab7769c989923ca6920407ae0459b4454"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"93afec66aa1b4e5cac21d13f8225c1d04ceb3779c07e9ce4294ebad12d264824"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"41ec28321aac32d3200cf218b4a287167ac5f2c65bcef51caea0e80a8f151e67"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"eb703740c78563e9b3ddc6eca3004a1899c261c0f4b8f8c2a30609cfb218fe60"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"23a82ae670ba05d9e631465cd80119099a698f7bb6ce35bd7925054ecbb5d23d"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"73f656e5a7a5e03ffe878730d5518802e247556396cac243792f103ced3a838a"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"d7196db8b3f3b1dea43536eceaf08ad386d8e7770274c412fb78e90d7cacba3a"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"97186e2560f46594f569691b2b2f4e9b066fefe9705e9fb33fbc4dcbdf5fe8e9"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"32738d5ee1a8f3079a362fc7718ea778ac7d4c513b04676fc3438e892164cdce"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"2798a6aae2ef13cac83d30e4608fd5ad16f99d0c57d254e357664aab6a3bd923"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"ec1a10ad665073d355d55755677590e1f6f4b0075bc5ad7e70fb51007deab206"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"9855ea9b048f25294681868264886b5fc44c8c295cd8c3f938f4fa492de5a057"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"4fa4a09cdade58c8e7217f64bc4e3b99e04e0b1f56613ca1dd03370d1abc6cc4"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"761b4472f7ec584799e9e16b2c075cd71a2c8cddc2b4d3a990eba93796ecbe10"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      }
   ],
   "version":1,
   "vin_sz":20,
   "hash":"a523768de0835ee210d8afe47593328df2369267cecd5cea57ab5be28520ad5e",
   "vout_sz":1,
   "out":[
      {
         "script_string":"OP_DUP OP_HASH160 d29dde3ae2b63619bb2ccaf0219a368d758dfcd0 OP_EQUALVERIFY OP_CHECKSIG",
         "address":"1LCe29mys7ieDGJunTczRos9PjvvzF2ggu",
         "value":6660000000,
         "script":"76a914d29dde3ae2b63619bb2ccaf0219a368d758dfcd088ac"
      }
   ]
}
pebwindkraft
Sr. Member
****
Offline Offline

Activity: 259
Merit: 261


View Profile
February 12, 2018, 07:38:58 PM
 #4

I think RGBKey explained it pretty well for use of bitcoin core wallet. I agree to the steps and process. However: if you don‘t use a wallet software, and create the tx e.g. at the command line, you can assemble a tx completely offline. You would transfer only public known information. For sure you would need to know the tx details, like previous tx IDs, outpoints, amounts and pk scripts. Assembly could happen on the offline PC, and signing as well.
At the end the signing is a process of the tx hash, but it involves several steps of data management, and therefor you need all tax details on the cold storage system before signing.
RGBKey
Hero Member
*****
Offline Offline

Activity: 854
Merit: 631


rgbkey.github.io/pgp.txt


View Profile WWW
February 12, 2018, 08:03:36 PM
 #5

Thank you for the clarifications Smiley

Do you see any contrainst that can make it difficult for to move the transactions (in the two ways : from connected device, to disconnected and disconnected to connected) through QR-codes ? I guess the limit is the number of caracters i'm moving.

I don't want any physical connection between my computer and my 'cold' storage device.

Also, does these processes (generating a tx offline, signing it offline, broadcast it online) apply to Etherum and other cyrpto-currencies ?

Thanks in advance,

For example:
This is an unsigned transaction:
Looks too long to be qr-coded ?

Code:
{
   "lock_time":0,
   "size":1364,
   "inputs":[
      {
         "prev_out":{
            "index":0,
            "hash":"2738c88b71a466c1e844b46156abfb1533fd11adf1db97215e6c80162b7cb9ce"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"2527485015ce0502988cbc3f8b7f4ef7e38ebb00ad6d4b4f5a817c0b5869b657"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"19f54045219638bdb6bf04c1599a64d9915b0c07c71159224e0927ec65ae26f5"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"e100fa80e99a0928bbd55278cd85d8ed9ecc54dd2de4f93a3e7dd1fabaac22e7"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"b0b96a76f6d65f49328586844589128072f877e7e0b78d67268e4ccf8246d005"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"a19c058e8edcbc63028f7bf92aa75de983aa8c589cb226040cc6425f9fedfaf9"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"eab87650588dfec3cafcf616984a57aab7769c989923ca6920407ae0459b4454"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"93afec66aa1b4e5cac21d13f8225c1d04ceb3779c07e9ce4294ebad12d264824"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"41ec28321aac32d3200cf218b4a287167ac5f2c65bcef51caea0e80a8f151e67"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"eb703740c78563e9b3ddc6eca3004a1899c261c0f4b8f8c2a30609cfb218fe60"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"23a82ae670ba05d9e631465cd80119099a698f7bb6ce35bd7925054ecbb5d23d"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"73f656e5a7a5e03ffe878730d5518802e247556396cac243792f103ced3a838a"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"d7196db8b3f3b1dea43536eceaf08ad386d8e7770274c412fb78e90d7cacba3a"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"97186e2560f46594f569691b2b2f4e9b066fefe9705e9fb33fbc4dcbdf5fe8e9"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"32738d5ee1a8f3079a362fc7718ea778ac7d4c513b04676fc3438e892164cdce"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"2798a6aae2ef13cac83d30e4608fd5ad16f99d0c57d254e357664aab6a3bd923"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"ec1a10ad665073d355d55755677590e1f6f4b0075bc5ad7e70fb51007deab206"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"9855ea9b048f25294681868264886b5fc44c8c295cd8c3f938f4fa492de5a057"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"4fa4a09cdade58c8e7217f64bc4e3b99e04e0b1f56613ca1dd03370d1abc6cc4"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"761b4472f7ec584799e9e16b2c075cd71a2c8cddc2b4d3a990eba93796ecbe10"
         },
         "script":"76a914ba507bae8f1643d2556000ca26b9301b9069dc6b88ac"
      }
   ],
   "version":1,
   "vin_sz":20,
   "hash":"a523768de0835ee210d8afe47593328df2369267cecd5cea57ab5be28520ad5e",
   "vout_sz":1,
   "out":[
      {
         "script_string":"OP_DUP OP_HASH160 d29dde3ae2b63619bb2ccaf0219a368d758dfcd0 OP_EQUALVERIFY OP_CHECKSIG",
         "address":"1LCe29mys7ieDGJunTczRos9PjvvzF2ggu",
         "value":6660000000,
         "script":"76a914d29dde3ae2b63619bb2ccaf0219a368d758dfcd088ac"
      }
   ]
}

That is an unusually large transaction with many inputs, and it is also in JSON format instead of standard raw hex format used for transactions. It would need to be serialized first or read by a program that understands that encoding.
nakotashisamatoshoketchup
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
February 13, 2018, 09:40:45 AM
 #6

Thanks.

To see what an unsigned transaction looks like, i create a new transaction from coinb.in with some public addresses and amount.
Which gives me something like:
Code:
010000000d90dc34917d6599d43d524c173cab2175a7d3f411400ce84707cbc78591ccb5eb000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffa0bcc9638c52ecb9d98324dadcc19c243af91cb8526b3dd3292ee5fd00d36373010000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffcc1aef605401027bf39ff74e02e70ff773936d9d417e878b0af1544489fe985b030000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffd497c1c44faa66dcc533c32df86f8bd59a786a364ac737973f97a29620acb023000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff977dd5d9c7cf46488c7588996d302ac40ca54360fbc6e3673c8517927f3802b6000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffadc916c4de5b1c14e6352ddf9a40873bb74c2af9311de0c5c6d3235c5e51523e000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff18b2d434b335d9e09ba1fc665e7c1c0b97946bb83f261eaac55fcd07e0da9055240000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff471e586699d23e7dfeed657b03d50e31b19e53a050b4300d100aa23e10256b50040000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff9307a9667e6a52a87aee1e85f36db7d5727b2e9e63a073877dd365bbe99191d7000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff24d39dd7b587006af4ed2b601cebcae2e4376310deb7e43735fa1dd0341dd46f000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff9ff95b881c4b00df0cbffcac929c8bcdb2dc3a8d2b1631813cf04876527ee0f3010000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffc63b74fa5d4bf6db2d61ec8df658247f44fe071aa2d0160992ff1e75992f3ea1000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffe516c72f0cd7ff8c4ef353ccceeac6df53fa6e5391341c1bc74669ef1894924d190000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff01a0860100000000001976a914ec0fdbcddcb2d7fbeb3ab5112926c7374673b5a888ac00000000

Which gives me a qr-code that looks like: https://api.qrserver.com/v1/create-qr-code/?data=010000000d90dc34917d6599d43d524c173cab2175a7d3f411400ce84707cbc78591ccb5eb000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffa0bcc9638c52ecb9d98324dadcc19c243af91cb8526b3dd3292ee5fd00d36373010000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffcc1aef605401027bf39ff74e02e70ff773936d9d417e878b0af1544489fe985b030000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffd497c1c44faa66dcc533c32df86f8bd59a786a364ac737973f97a29620acb023000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff977dd5d9c7cf46488c7588996d302ac40ca54360fbc6e3673c8517927f3802b6000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffadc916c4de5b1c14e6352ddf9a40873bb74c2af9311de0c5c6d3235c5e51523e000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff18b2d434b335d9e09ba1fc665e7c1c0b97946bb83f261eaac55fcd07e0da9055240000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff471e586699d23e7dfeed657b03d50e31b19e53a050b4300d100aa23e10256b50040000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff9307a9667e6a52a87aee1e85f36db7d5727b2e9e63a073877dd365bbe99191d7000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff24d39dd7b587006af4ed2b601cebcae2e4376310deb7e43735fa1dd0341dd46f000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff9ff95b881c4b00df0cbffcac929c8bcdb2dc3a8d2b1631813cf04876527ee0f3010000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffc63b74fa5d4bf6db2d61ec8df658247f44fe071aa2d0160992ff1e75992f3ea1000000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffffe516c72f0cd7ff8c4ef353ccceeac6df53fa6e5391341c1bc74669ef1894924d190000001976a914f96cf87f0af85f611771a8f89a43d03c455fc49788acffffffff01a0860100000000001976a914ec0fdbcddcb2d7fbeb3ab5112926c7374673b5a888ac00000000&size=220x220&margin=0

Which seems not readable with most of qr-code scanners, because it contains +1800 chars.
nakotashisamatoshoketchup
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
February 13, 2018, 10:01:17 AM
 #7

If i cannot move the information trough a qr-code.. then, or with difficulty, the only option remaining is to transfer it between the two devices (online > offline & offline > online) through a cable. How trezor/ledger and other cold wallet devices manage to unsure this communication ?

I imagine that the communication is itself encrypted, and that it doesnt contain at any moment private keys.

Let's say i have two computers, one connected to the blockchain, and one that will never be.
Instead of linking the two devices with a cable that can compromise the cold device, what do you think of the idea of putting a 'cold' stack storage in the middle that each device can communicate with the other using a middle cold storage by depositing certain types of files ? (which can be an sd-card, for example) ?
See my proposal attached.
https://imgur.com/a/4mGin
RGBKey
Hero Member
*****
Offline Offline

Activity: 854
Merit: 631


rgbkey.github.io/pgp.txt


View Profile WWW
February 13, 2018, 03:55:46 PM
 #8

You can just use a flash drive, or hand type it.
nakotashisamatoshoketchup
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
February 13, 2018, 04:24:52 PM
 #9

I'm trying more to find a way to industrialize it and minimize user interaction.
Also, i'm trying to find out what can be a the safest way to interact between the 2 devices.
For information, i'm planning to use AES 256 to encrypt the private keys on the cold device part.

- exporting unsigned transactions through qr-code seems complicated when it comes to +2K characters. I thought about cuting the transaction into 5 smaller qr-code with different colors and concatenate the transaction on the other device. Seems a bit complicated, right ?
- if i plan to have a physical connection between the devices, then, what about a usb cable that has a two-way read/write function on a 'temp' storage ? in clear: ability to deposit/read files and detect the presence of new files. Can it be safe ?

thanks
RGBKey
Hero Member
*****
Offline Offline

Activity: 854
Merit: 631


rgbkey.github.io/pgp.txt


View Profile WWW
February 14, 2018, 02:01:49 AM
 #10

I'm trying more to find a way to industrialize it and minimize user interaction.
Also, i'm trying to find out what can be a the safest way to interact between the 2 devices.
For information, i'm planning to use AES 256 to encrypt the private keys on the cold device part.

- exporting unsigned transactions through qr-code seems complicated when it comes to +2K characters. I thought about cuting the transaction into 5 smaller qr-code with different colors and concatenate the transaction on the other device. Seems a bit complicated, right ?
- if i plan to have a physical connection between the devices, then, what about a usb cable that has a two-way read/write function on a 'temp' storage ? in clear: ability to deposit/read files and detect the presence of new files. Can it be safe ?

thanks

Sounds like you're almost talking about hardware wallets. Hardware wallets are devices which hold the private keys on them. You connect them to online computers, which build unsigned transactions and send them to the hardware wallet to sign. The transactions are then signed by the hardware wallet when the user presses a button confirming the transaction, the details of which are usually displayed on a screen.

This way the private keys never touch the online device
pebwindkraft
Sr. Member
****
Offline Offline

Activity: 259
Merit: 261


View Profile
February 14, 2018, 07:45:21 PM
 #11

I'm trying more to find a way to industrialize it and minimize user interaction.
Also, i'm trying to find out what can be a the safest way to interact between the 2 devices.
For information, i'm planning to use AES 256 to encrypt the private keys on the cold device part.
...
thanks

I am currently playing with my cold storage systems (single board computers like OrangePi, RaspberryPi...). They usually have a USB and Ethernet and/or WiFi.
- Ethernet is not desired, cause all known problems of „connectivity“ malware
- USB cable would be like a HW wallet (no re invention of the wheel please)
- USB Stick between two different OS is deemed to be secure
- QR Codes: you outlined already everything

remains serial and Bluetooth. Both allows to send data in a client-to-client way. Looking at serial, they are most probably dead on standard HW, but I use USB2serial. Advantage is, that the listening Programm cannot inject malware, cause code stacks are well known, open source. And you really see “immediately”, what data get’s exchanged, when using terminal programs like minicom/cu/screen or the Windows terminal.
Bluetooth has a similar approach, but there again is often a stack or library below, that one cannot always control.
nakotashisamatoshoketchup
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
February 15, 2018, 11:43:53 AM
 #12

Wow. thanks. that was exactly my point Smiley

I have actualy two options:
- divide the unsigned (and signed) transaction into x qr-code, but it doesn't seem super user-friendly
- work on a specific cable with a middle 'storage' communication device, based on an sd-card. subtility: be able to detect when the sd-card is in use by one of the device and avoid writing/reading from the other. I'll just write json files and timestamp them to allow the devices to interact with each others.


I'm trying more to find a way to industrialize it and minimize user interaction.
Also, i'm trying to find out what can be a the safest way to interact between the 2 devices.
For information, i'm planning to use AES 256 to encrypt the private keys on the cold device part.
...
thanks

I am currently playing with my cold storage systems (single board computers like OrangePi, RaspberryPi...). They usually have a USB and Ethernet and/or WiFi.
- Ethernet is not desired, cause all known problems of „connectivity“ malware
- USB cable would be like a HW wallet (no re invention of the wheel please)
- USB Stick between two different OS is deemed to be secure
- QR Codes: you outlined already everything

remains serial and Bluetooth. Both allows to send data in a client-to-client way. Looking at serial, they are most probably dead on standard HW, but I use USB2serial. Advantage is, that the listening Programm cannot inject malware, cause code stacks are well known, open source. And you really see “immediately”, what data get’s exchanged, when using terminal programs like minicom/cu/screen or the Windows terminal.
Bluetooth has a similar approach, but there again is often a stack or library below, that one cannot always control.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!