Bitcoin Forum
March 19, 2024, 03:13:33 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Separate public and private key wallets  (Read 176 times)
bswamina (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 2


View Profile
September 08, 2018, 12:52:50 AM
Merited by Foxpup (1), DarkStar_ (1)
 #1

Is it possible to setup bitcoind such that it only uses a wallet with public keys and have a separate local (does not talk to the world) bitcoind with a wallet that has the private keys ? Want this setup so only transactions originating from my application will sign the raw transaction using the local bitcoind (using rpc) and then forward the signed transaction to the bitcoind connected to the internet. Any pointers/help appreciated
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710818013
Hero Member
*
Offline Offline

Posts: 1710818013

View Profile Personal Message (Offline)

Ignore
1710818013
Reply with quote  #2

1710818013
Report to moderator
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
September 08, 2018, 08:05:23 AM
 #2

Want this setup so only transactions originating from my application will sign the raw transaction using the local bitcoind (using rpc) and then forward the signed transaction to the bitcoind connected to the internet.

This sounds risky if you don't know exactly what you are doing.
In order to this approach being secure, you definitely need to setup your bitcoind connected to the internet in a DMZ.

And firewalls between your subnetworks is a must-have. Preferably append a signature (not a bitcoin-signature) to the unsigned transaction when transferring it to the signing machine to guarantee integrity and authentication.

Also, note that this approach is NOT fully cold-wallet. In order to be a true cold setup, your signing machine should be not connected to any network at all.
As i understand from your post, your signing machine is in the same network as the online-machine?

bswamina (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 2


View Profile
September 08, 2018, 10:51:47 AM
 #3

The full-node (bitcoind) connected to the internet is in the DMZ. The signing private node (bitcoind with private keys - cold wallet) is inside behind a firewall.
achow101
Moderator
Legendary
*
Offline Offline

Activity: 3332
Merit: 6433


Just writing some code


View Profile WWW
September 08, 2018, 04:15:17 PM
Merited by Foxpup (5), suchmoon (4), Welsh (3)
 #4

Is it possible to setup bitcoind such that it only uses a wallet with public keys and have a separate local (does not talk to the world) bitcoind with a wallet that has the private keys ?
Yes, but it is somewhat annoying to setup and it doesn't really work in the way that you would want it to.

On your offline wallet, get a bunch of addresses by using getnewaddress. Import these addresses into your online wallet using importmulti. Your online wallet will now track those addresses and your balance will update when those addresses receive coins.

Because those addresses are imported and are watching only, any time you do any wallet command, you must set whatever watching only option for that command to true, otherwise it will pull things from the online wallet itself and not the things you are watching.

HOWEVER, you cannot use getnewaddress or the GUI equivalent on the online wallet as that will actually give you keys generated in the online wallet. Furthermore, in order to have your offline wallet sign the transactions, you will need to provide additional information from the online wallet besides the transaction being signed. You will need to provide the scriptPubKey's of the outputs being spent, the amounts, and some other stuff I can't remember right now.



Note that the above HOWEVER only applies to versions prior to 0.17. The upcoming 0.17.0 release fixes these problems. You can create a wallet that has no private keys thus eliminating the need to be careful about getnewaddress as getnewaddress will not work when private keys are disabled for a wallet. Furthermore, 0.17 introduces BIP 174 Partially Signed Bitcoin Transactions which solves the issue of having to provide additional information as part of the command arguments. Instead that information will be packed into a PSBT which you can create and send to the offline wallet.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!