Open source, local 2 of 2 multisig client with independent electrum verification

[tryexcept]

Hi all!

We just released and open sourced a local (no JS from server) 2 of 2 multisig wallet as a chrome app.

Original post: http://www.reddit.com/r/Bitcoin/comments/20g9ab/greenaddressit_trustless_2of2_open_source_wallet/

We at GreenAddress.it have just released and open sourced our local/packaged Chrome application for accessing GreenAddress.it's Multisig HD wallets.

If you are not familiar with GreenAddress.it, we encourage you to take a look at our website and FAQ, or you can even watch our infographics video, but roughly speaking it is a web wallet which aims to be much more secure than other ones in the market.

The idea behind a local (packaged) Chrome application is to make it more secure than using our web client off our servers by providing you with all the client JavaScript code to run locally, which should make the wallets immune to server-side hacks.

You can skip through to download the wallet app from chrome store, or read below for more technical details if you are interested.

The main feature behind making it more secure, which we have implemented specifically for the Chrome application, is transactions verification. Basically GreenAddress.it generates transactions for the client to sign, and the client's JavaScript, before signing, verifies that their amounts, destinations, fees, etc. are correct according to user's input. This prevents the server from sending tampered transactions which could be used to steal funds.

This verification requires a list of previous outputs to be available to the client, which also must be downloaded from an independent source to disallow tampering with transaction data. For this purpose we have used the public Electrum servers, so you are safe even if our server tried to send modified transaction outputs to make client think it is signing smaller amounts than it is in reality.

Here’s the open source project on GitHub. You can also find Gentle on GitHub, an open source tool we developed in case our service disappears such that you can free your funds from the 2 of 2 multisig.

Currently the GitHub repo contains merged JavaScript files, which is because of how our deployment process works, but we are going to improve it by providing the original directory structure soon. (EDIT: done!)

We are also looking to open source our Android Cordova app and give it the same treatment as the Chrome app (local files and Electrum verification)

Any feedback is welcome!

GreenAddress.it team

[qbitx]

Looks awesome so far, the only issue I had with the wallet so far was that it doesn't keep a list of my previously generated/used addresses somewhere where I can query it (but if I'm not mistaken, that's planned for the future)

A firefox add-on would be awesome too

This looks like one of the best options for multisig wallets at the moment.  Keep up the good work.

[tryexcept]

Thanks!  

We are adding "list of previous addresses" to settings soon, exactly

We were/are busy with the payment protocol and working on improving the user experience (for example, the 6 confirms limit will be mandatory only on instant transaction, currently however it is for all).

Firefox add-on is certainly possible, in particular given that is would be similar to the chrome app, which of course is open source https://github.com/greenaddress/WalletCrx

Is on the list but at somewhat lower priority than the other features we are preparing given those are more unique than another kind of ext/app

We welcome pull requests  

[genjix]

Impressive work. Already better than most wallets out there. This space is going to heat up soon. You've fought about lots of nice features.

Do you want to use Obelisk as the backend? We have a JS library:

https://github.com/darkwallet/gateway/tree/master/client

[tryexcept]

qbitx: In the "Receive Money" tab you can now see a button that shows you all the generated addresses with number of tx.
It's not too pretty yet but soon we are integrating some  pretty block explorer which will probably be used in various places

genjix: Thank you! We never spoke but I've been lurking around and read plenty of your posts! We are honored!

We don't know too much about Obelisk but from a quick read it could be quite handy and we are going to investigate it: do you have some pointers to speed up the process?

[qbitx]

qbitx: In the "Receive Money" tab you can now see a button that shows you all the generated addresses with number of tx.
It's not too pretty yet but soon we are integrating some  pretty block explorer which will probably be used in various places

Awesome looks good to me.

[tryexcept]

cheers!

Let us know if you find anything you'd like improved.

Of course in the meantime is not like we are not doing anything, so here's a short list of things coming soon (not a complete list by any mean):

- Two factor via robot call, works on landline and I'd imagine makes it harder for malware to intercept the two factor code.
- Payment protocol with instant confirmation (for parties that trust GreenAddress, but they don't have to trust you)
- Nice block explorer
- More exchanges and indexes.
- Adding languages (French, Italian, Spanish to start with, then Russian, Greek, Chinese, etc and if you want to help let us know!!)
- Drive and dropbox for nlocktime (on top of email)
- And more 

[Dusty]

Impressive feature list, and congratulations for being the first to find a good use of multig!

Looks awesome, I'll experiment a bit.

[genjix]

tryexcept, I'm on Freenode IRC as genjix in #darkwallet. Always happy to talk/help and show some of what we're doing. Maybe some of our work is useful for you, and vice versa. Choosing Electrum servers was a good choice, as that's a great community.

About Obelisk, there isn't too much info yet but the tools are there. We're still improving them though and documenting everything.

[bitjoint]

This looks A W E S O M E... Congrats

[MatthewLM]

I'll have to take my hat off to you. I've not used it, but this implements a few ideas I've had for a long while, as I could see this as the ultimate compromise for bitcoin wallets providing the best security and instant payments. It's just a shame I didn't get around to doing this myself. I think this has the potential to be huge.

[Eggy]

Seems very nice!

Any ETA on the Firefox add-on?

[tryexcept]

No ETA, sorry. It is in our list but not very urgent ATM.

It shouldn't be too hard given the code works fine as a Chromium app but we are focusing our energies on improving the stability on iOS and Android as well as improving and industrializing our server side service (including API documentation)

If someone wants to give it a go and do it I'd be happy to merge the Pull Request and tip for it (of course open source and ideally same repo as the Chromium one) if not we'll try to do it at the first occasion!