Bitcoin Forum
September 19, 2018, 04:07:56 AM *
News: ♦♦ Bitcoin Core users must update to 0.16.3 [Torrent]. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Separate public and private key wallets  (Read 58 times)
bswamina
Newbie
*
Offline Offline

Activity: 5
Merit: 1


View Profile
September 08, 2018, 12:52:50 AM
Merited by DarkStar_ (1)
 #1

Is it possible to setup bitcoind such that it only uses a wallet with public keys and have a separate local (does not talk to the world) bitcoind with a wallet that has the private keys ? Want this setup so only transactions originating from my application will sign the raw transaction using the local bitcoind (using rpc) and then forward the signed transaction to the bitcoind connected to the internet. Any pointers/help appreciated
1537330076
Hero Member
*
Offline Offline

Posts: 1537330076

View Profile Personal Message (Offline)

Ignore
1537330076
Reply with quote  #2

1537330076
Report to moderator
1537330076
Hero Member
*
Offline Offline

Posts: 1537330076

View Profile Personal Message (Offline)

Ignore
1537330076
Reply with quote  #2

1537330076
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537330076
Hero Member
*
Offline Offline

Posts: 1537330076

View Profile Personal Message (Offline)

Ignore
1537330076
Reply with quote  #2

1537330076
Report to moderator
1537330076
Hero Member
*
Offline Offline

Posts: 1537330076

View Profile Personal Message (Offline)

Ignore
1537330076
Reply with quote  #2

1537330076
Report to moderator
bob123
Hero Member
*****
Offline Offline

Activity: 686
Merit: 561



View Profile WWW
September 08, 2018, 08:05:23 AM
 #2

Want this setup so only transactions originating from my application will sign the raw transaction using the local bitcoind (using rpc) and then forward the signed transaction to the bitcoind connected to the internet.

This sounds risky if you don't know exactly what you are doing.
In order to this approach being secure, you definitely need to setup your bitcoind connected to the internet in a DMZ.

And firewalls between your subnetworks is a must-have. Preferably append a signature (not a bitcoin-signature) to the unsigned transaction when transferring it to the signing machine to guarantee integrity and authentication.

Also, note that this approach is NOT fully cold-wallet. In order to be a true cold setup, your signing machine should be not connected to any network at all.
As i understand from your post, your signing machine is in the same network as the online-machine?

bswamina
Newbie
*
Offline Offline

Activity: 5
Merit: 1


View Profile
September 08, 2018, 10:51:47 AM
 #3

The full-node (bitcoind) connected to the internet is in the DMZ. The signing private node (bitcoind with private keys - cold wallet) is inside behind a firewall.
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1526
Merit: 1625


3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


View Profile WWW
September 08, 2018, 04:15:17 PM
Merited by suchmoon (4), Welsh (3)
 #4

Is it possible to setup bitcoind such that it only uses a wallet with public keys and have a separate local (does not talk to the world) bitcoind with a wallet that has the private keys ?
Yes, but it is somewhat annoying to setup and it doesn't really work in the way that you would want it to.

On your offline wallet, get a bunch of addresses by using getnewaddress. Import these addresses into your online wallet using importmulti. Your online wallet will now track those addresses and your balance will update when those addresses receive coins.

Because those addresses are imported and are watching only, any time you do any wallet command, you must set whatever watching only option for that command to true, otherwise it will pull things from the online wallet itself and not the things you are watching.

HOWEVER, you cannot use getnewaddress or the GUI equivalent on the online wallet as that will actually give you keys generated in the online wallet. Furthermore, in order to have your offline wallet sign the transactions, you will need to provide additional information from the online wallet besides the transaction being signed. You will need to provide the scriptPubKey's of the outputs being spent, the amounts, and some other stuff I can't remember right now.



Note that the above HOWEVER only applies to versions prior to 0.17. The upcoming 0.17.0 release fixes these problems. You can create a wallet that has no private keys thus eliminating the need to be careful about getnewaddress as getnewaddress will not work when private keys are disabled for a wallet. Furthermore, 0.17 introduces BIP 174 Partially Signed Bitcoin Transactions which solves the issue of having to provide additional information as part of the command arguments. Instead that information will be packed into a PSBT which you can create and send to the offline wallet.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!