Bitcoin Forum
December 11, 2016, 02:06:09 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: WalletBuddy - secure wallet(s) storage and backup  (Read 5737 times)
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
February 22, 2011, 11:44:39 AM
 #1

Now (maybe) Linux compatible!

It's late, I'm tired, I'm going to keep this short.

I made it my goal to get this published tonight, and I did it. Binaries, Source

Absent encrypted private keys, I wanted a way to easily store my wallet encrypted. Absent solid import/export of private keys, I wanted a way to easily juggle multiple wallets. After a few weeks of writing and rewriting, this is what I came up with.

  • Uses GPG (via BouncyCastle) to encrypt the wallets.
  • Per-wallet GPG key choice
  • Queries Bitcoin when running (if -server switch) to determine oldestkeypool
  • Automatically backs wallets (encrypted) only when last backup is older than oldestkeypool
  • Supports wallets on removable volumes (with notifications)

This is my first time doing the open source dance, let me know if there's anything I can do better. I know the repository is a mess, I just threw it together, I have to figure out some organizational structure. If anyone wants to throw together a windows installer package rather than the ClickOnce one I threw up there, please do.

Requirements:
gpg keyring (I use gpg4win)
Windows: .NET Framework 4
Linux: Mono 2.8[1]

Changes:
[1] 2011-02-24.
I just pushed some updates removing some libraries that are incompatible with Mono. Anybody using Linux care to try this out? Also in the update are some incomplete ideas... I want to (optionally) store the wallet's address book with the wallet settings, updating it periodically. When I complete my JSON-RPC client, you could transfer funds from your current wallet to another with a few clicks.
1481465169
Hero Member
*
Offline Offline

Posts: 1481465169

View Profile Personal Message (Offline)

Ignore
1481465169
Reply with quote  #2

1481465169
Report to moderator
1481465169
Hero Member
*
Offline Offline

Posts: 1481465169

View Profile Personal Message (Offline)

Ignore
1481465169
Reply with quote  #2

1481465169
Report to moderator
1481465169
Hero Member
*
Offline Offline

Posts: 1481465169

View Profile Personal Message (Offline)

Ignore
1481465169
Reply with quote  #2

1481465169
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481465169
Hero Member
*
Offline Offline

Posts: 1481465169

View Profile Personal Message (Offline)

Ignore
1481465169
Reply with quote  #2

1481465169
Report to moderator
1481465169
Hero Member
*
Offline Offline

Posts: 1481465169

View Profile Personal Message (Offline)

Ignore
1481465169
Reply with quote  #2

1481465169
Report to moderator
1481465169
Hero Member
*
Offline Offline

Posts: 1481465169

View Profile Personal Message (Offline)

Ignore
1481465169
Reply with quote  #2

1481465169
Report to moderator
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
February 22, 2011, 10:15:28 PM
 #2

Is there no interest in this functionality, is there hesitance due to the recent malicious wallet tool, or am I just an impatient bastard?

There's one issue I didn't think of... currently there's no way to import a plaintext wallet. You'll have to manually encrypt with GPG the first time until I write some code to handle this.
Garrett Burgwardt
Sr. Member
****
Offline Offline

Activity: 350



View Profile
February 22, 2011, 10:18:57 PM
 #3

Tried to run it and it threw an error.
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
February 22, 2011, 10:24:52 PM
 #4

What was the error? It's compiled for .Net 4.0 I think. If you don't have the redistributable installed, the plain zip version probably won't work. Did you try the ClickOnce version?

Let me know and I'll look into it.
TiagoTiago
Hero Member
*****
Offline Offline

Activity: 616


Firstbits.com/1fg4i                :Ƀ


View Profile
February 22, 2011, 10:44:31 PM
 #5

I would be worried about using the binary, if i study the code and get convinced it's not gonna harm me, then copile it myself i would be more confortable using the program.

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
February 22, 2011, 10:59:10 PM
 #6

I would be worried about using the binary, if i study the code and get convinced it's not gonna harm me, then copile it myself i would be more confortable using the program.
Sure, that's totally understandable. The code is fairly clean so it shouldn't be too bad to review. For the crypto library (BouncyCastle), I'm wondering if it would be better to just include a static library reference rather than a project reference. That way, you could swap the DLL out for the one you download from their web site. Considering that it's the largest project in the solution, it would save some code review time.
Quip
Jr. Member
*
Offline Offline

Activity: 56


View Profile
February 22, 2011, 11:03:32 PM
 #7

Um, not after what happened with the last one.

1NEEFwHjXDhbLZ2RxM6qSDnNDByNZYCSKf

LVBX is down indefinitely, so use CoinPal. Sorry.
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
February 22, 2011, 11:07:49 PM
 #8

Um, not after what happened with the last one.
Which is why my code is available for review. Not very well documented, but available nonetheless. Smiley

Anything additional I can do to help alleviate concerns?
we6jbo
Jr. Member
*
Offline Offline

Activity: 42



View Profile WWW
February 22, 2011, 11:11:25 PM
 #9

Is there no interest in this functionality, is there hesitance due to the recent malicious wallet tool, or am I just an impatient bastard?

There's one issue I didn't think of... currently there's no way to import a plaintext wallet. You'll have to manually encrypt with GPG the first time until I write some code to handle this.
This quote intrigued me because at least the way I see things even compiled code that does not relate to Bitcoin could in fact take advantage of the bitcoin api and cause harm to the user. I'd like to debate this issue but instead do it in the thread that was about fraud because I don't want to derail your thread for a topic that has nothing to do with program. [I'll repaste a variation of my post here http://bitcointalk.org/index.php?topic=3596.40]

SmokeTooMuch
Legendary
*
Offline Offline

Activity: 873


View Profile
February 22, 2011, 11:18:04 PM
 #10

I don't see why we need such a programm.
backing up an encrypted copy of the wallet.dat is as easy as 1-2-3.

I still appreciate your effort Wink

Date Registered: 2009-12-10 | I'm using GPG, pm me for my public key. | Bitcoin on Reddit: https://www.reddit.com/r/btc
You like what I'm doing? Why don't you send me a coin: 17Pj8jpUgY6qTaKgiopL5U48zxU4rTrkuB
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
February 22, 2011, 11:54:55 PM
 #11

This quote intrigued me because at least the way I see things even compiled code that does not relate to Bitcoin could in fact take advantage of the bitcoin api and cause harm to the user. I'd like to debate this issue but instead do it in the thread that was about fraud because I don't want to derail your thread for a topic that has nothing to do with program. [I'll repaste a variation of my post here http://bitcointalk.org/index.php?topic=3596.40]

I'd like to make one reply to this, and then we can take it to another thread.

The code I was referring to is a well known crypto library, BouncyCastle. Wanting to know how it worked, I included the source of the library in the WalletBuddy solution. This means that I could have modified any of that code to include malicious behavior - a lot of code to check! My thought was that I'd instead link to a compiled DLL, which you could then download separately from a trusted source (e.g. BouncyCastle web site) to ensure that I didn't mess with the BouncyCastle code.

I don't see why we need such a programm.
backing up an encrypted copy of the wallet.dat is as easy as 1-2-3.

I still appreciate your effort Wink
Sure, for some users. But managing multiple wallets is still rather a pain. This alleviates some of that annoyance, I think.
we6jbo
Jr. Member
*
Offline Offline

Activity: 42



View Profile WWW
February 24, 2011, 12:40:19 AM
 #12

I was thinking that an attacker would probably not want to use Bitcoin.org to plan an attack on a persons wallet since the community is quite acute to what may be considered malicious code towards Bitcoin. Instead the attacker would most likely stage an attack on Tor which is highly popular with people with different levels of computer experience and then once the Tor community got enough word on Bitcoin some of the members including ones that are not technology savy would install Bitcoin on their machine which would also have the attackers program waiting patiently for the program to install and for the user to deposit some coins into the system which would then be transferred into the attackers account.

One of the reasons why I think Bitcoin would be considered a high target and why attacks like these could happen is because Bitcoin is a direct currency and it requires little or no effort for the attacker to get paid. I've also mentioned this before but I think that if Bitcoin allowed users to insert some identification such as their name or an email into the users transactions then if an attacker stole money from the user it would make it a lot easier to report the theft such as if the attacker tried to change the currency into dollars by exchanging it with a bitcoin trader, the trader would see the theft report and that person could track that the funds did originate from the original owner through blockexplorer and hopefully the person could return the funds back to the original owner.

That's just my comment about why Bitcoin security will be an issue on sites outside of Bitcoin.org and not necessary on the site itself. As for the program you wrote, I like the ideas that you mentioned that are in your program and it would probably be good for a Windows users. If it were written in C++ or Java then it would be easier to port to other platforms. Also I was just wondering how you were interfacing your program with Bitcoin. I'm guessing that you're using the JSON-RPC API.

BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
February 24, 2011, 09:48:35 AM
 #13

As for the program you wrote, I like the ideas that you mentioned that are in your program and it would probably be good for a Windows users. If it were written in C++ or Java then it would be easier to port to other platforms. Also I was just wondering how you were interfacing your program with Bitcoin. I'm guessing that you're using the JSON-RPC API.

I just released an update which might allow it to be compatible with Mono. If you'd like to give it a shot I'm interested to know how it works for you.

Right now I'm only using JSON-RPC to call getinfo and listreceivedbyaddress. From getinfo I use oldestkeypool to determine if it's time for a new backup (if the newest backup is older than the oldest key in the keypool). In the original post I added an update which explains my use of listreceivedbyaddress.
Luke-Jr
Legendary
*
expert
Offline Offline

Activity: 2100



View Profile
March 21, 2011, 01:35:08 PM
 #14

Since you are already factoring out libraries, I would suggest doing so with the formatting code too, possibly adding an abstract function to autodetect display type based on amount.

I don't use Windows/Mono, so I can't check for sure, but I suspect the TBC rendering code has a few bugs... It seems to just convert amount to hexadecimal and stick TBC on the end. If so, this is missing the tonal point (1 TBC = 10000 (65536) Satoshis), and neglecting the fact that tonal has different digits than hexadecimal. If .NET has a Unicode-compatible tr(anslate) function, you could map "9abcdef" to "".

Interesting concept with the ScientificSatoshis

BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
March 21, 2011, 04:36:04 PM
 #15

Since you are already factoring out libraries, I would suggest doing so with the formatting code too, possibly adding an abstract function to autodetect display type based on amount.

I don't use Windows/Mono, so I can't check for sure, but I suspect the TBC rendering code has a few bugs... It seems to just convert amount to hexadecimal and stick TBC on the end. If so, this is missing the tonal point (1 TBC = 10000 (65536) Satoshis), and neglecting the fact that tonal has different digits than hexadecimal. If .NET has a Unicode-compatible tr(anslate) function, you could map "9abcdef" to "".

Interesting concept with the ScientificSatoshis

Detecting display type based on amount would be easy, but I am storing the value as decimal base units no matter what is entered for ease of interoperability with Bitcoin's JSON-RPC.

You're right though, I should divide the decimal amount by 65536 before converting to hex, correct? For some reason I'm having trouble wrapping my head around that, though the math seems to work. I'm not sure about displaying actual tonal characters, I think I will keep it displaying their hexadecimal equivalents instead. Are there even any fonts which include tonal 9-f?

I've been working on payment queuing and syncing wallet(s) with removable devices and plan on updating git and releasing another version soon.
Luke-Jr
Legendary
*
expert
Offline Offline

Activity: 2100



View Profile
March 21, 2011, 08:20:57 PM
 #16

Detecting display type based on amount would be easy, but I am storing the value as decimal base units no matter what is entered for ease of interoperability with Bitcoin's JSON-RPC.
This is a bug.

You're right though, I should divide the decimal amount by 65536 before converting to hex, correct? For some reason I'm having trouble wrapping my head around that, though the math seems to work.
Yes, and be sure your hex-conversion function can handle fractional values (eg, 0.1 TBC).
I'm not sure about displaying actual tonal characters, I think I will keep it displaying their hexadecimal equivalents instead. Are there even any fonts which include tonal 9-f?
That could be confusing, since Tonal is not Hexadecimal. '9' Tonal is 'a' Hexadecimal, and '9' hexadecimal is '' tonal.
There are at least 3 fonts that I know of: http://luke.dashjr.org/education/tonal/glyphs/fonts/

BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
March 21, 2011, 10:09:50 PM
 #17

Detecting display type based on amount would be easy, but I am storing the value as decimal base units no matter what is entered for ease of interoperability with Bitcoin's JSON-RPC.
This is a bug.

Could you be more clear? If you're saying that Bitcoin expects a decimal number of Bitcoins, not base units, then I misspoke. I convert to Bitcoins (not base units) to send via JSON-RPC. If you're saying that storing base units in a 64 bit integer internally is a bug, how so?

That could be confusing, since Tonal is not Hexadecimal. '9' Tonal is 'a' Hexadecimal, and '9' hexadecimal is '' tonal.
There are at least 3 fonts that I know of: http://luke.dashjr.org/education/tonal/glyphs/fonts/

In that case, I will perform a string replacement of hex characters to tonal, on input and output.
Luke-Jr
Legendary
*
expert
Offline Offline

Activity: 2100



View Profile
March 22, 2011, 12:45:15 AM
 #18

If you're saying that storing base units in a 64 bit integer internally is a bug, how so?
No, I was saying the opposite (storing values as BTC) is a bug. Perhaps I misunderstood you.

theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2506


View Profile
March 22, 2011, 01:49:23 AM
 #19

Is this a GUI app? Are there any screenshots?

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
March 22, 2011, 05:36:06 AM
 #20

Yes, it runs in the system tray. It should run on Linux (Mono), but I've only tested on Windows XP/Vista/7.

I've been fixing bugs and adding features, but I plan on writing up some better documentation soon, and taking screenshots.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!