Bitcoin Forum
December 12, 2024, 10:59:55 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: txn file  (Read 203 times)
btctoo (OP)
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
May 17, 2020, 12:01:13 PM
 #1

Just wanted to know whether disclosing a txn file is dangerous, or that our bitcoin address is at risk at losing funds,
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18771


View Profile
May 17, 2020, 12:25:21 PM
Merited by Coding Enthusiast (1)
 #2

Depends what you mean by "dangerous".

Your bitcoin is not at risk of being stolen if you disclose a transaction file. If you haven't signed the transaction, then a malicious party with access to the file can't do anything with it except read the contents. If you have already signed the transaction, then the most a malicious party could do would be to broadcast it, meaning the transaction you signed would be sent to nodes and miners, and the bitcoin you sent would end up at its intended destination. A malicious third party is unable to change a signed transaction in a way which allows them to steal your cleans (there are ways a signed transaction can be changed and yet remain valid, but they do not allow your bitcoins to be stolen or sent to anywhere other than the addresses you specified).

There is a privacy risk, however. If someone gets their hands on a transaction file they know was generated by you, then they know the inputs within that file almost certainly belong to you, and can use that information to track your spending and discover other addresses which you own.
btctoo (OP)
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
May 17, 2020, 12:31:58 PM
 #3

Depends what you mean by "dangerous".

Your bitcoin is not at risk of being stolen if you disclose a transaction file. If you haven't signed the transaction, then a malicious party with access to the file can't do anything with it except read the contents. If you have already signed the transaction, then the most a malicious party could do would be to broadcast it, meaning the transaction you signed would be sent to nodes and miners, and the bitcoin you sent would end up at its intended destination. A malicious third party is unable to change a signed transaction in a way which allows them to steal your cleans (there are ways a signed transaction can be changed and yet remain valid, but they do not allow your bitcoins to be stolen or sent to anywhere other than the addresses you specified).

There is a privacy risk, however. If someone gets their hands on a transaction file they know was generated by you, then they know the inputs within that file almost certainly belong to you, and can use that information to track your spending and discover other addresses which you own.

thanks, the tx has been broadcasted few days ago and fulfilled , so in that case my coins are safe rit?
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18771


View Profile
May 17, 2020, 12:43:41 PM
 #4

thanks, the tx has been broadcasted few days ago and fulfilled , so in that case my coins are safe rit?
Yes. If your transaction has confirmed and has a reasonable number of confirmations (most people would say greater than 6), then there is nothing anyone can do to reverse it short of attacking the entire bitcoin network, which would be hugely costly.

Even if it hadn't been confirmed, sharing a signed transaction file would not be dangerous to the security of your coins. This is essentially what you do when you broadcast a transaction to the network - you share your signed transaction with the nodes and miners.
btctoo (OP)
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
May 17, 2020, 12:53:15 PM
 #5

thanks, the tx has been broadcasted few days ago and fulfilled , so in that case my coins are safe rit?
Yes. If your transaction has confirmed and has a reasonable number of confirmations (most people would say greater than 6), then there is nothing anyone can do to reverse it short of attacking the entire bitcoin network, which would be hugely costly.

Even if it hadn't been confirmed, sharing a signed transaction file would not be dangerous to the security of your coins. This is essentially what you do when you broadcast a transaction to the network - you share your signed transaction with the nodes and miners.
ty
Coding Enthusiast
Legendary
*
Offline Offline

Activity: 1043
Merit: 2824


Bitcoin and C♯ Enthusiast


View Profile WWW
May 17, 2020, 01:06:06 PM
Merited by hugeblack (3)
 #6

Assuming the "txn file" was created by Electrum and the transaction is unsigned you may want to look here: https://bitcointalk.org/index.php?topic=5082785.0
There are both privacy and security concerns:
Privacy: you are revealing your entire list of past, present and future public keys (hence addresses).
Security: revealing a single private key from that wallet some day will reveal all your private keys.

Projects List+Suggestion box
Donate: 1Q9s or bc1q
|
|
|
FinderOuter(0.20.0)Ann-git
Denovo(0.7.0)Ann-git
Bitcoin.Net(0.26.0)Ann-git
|
|
|
BitcoinTransactionTool(0.11.0)Ann-git
WatchOnlyBitcoinWallet(3.2.1)Ann-git
SharpPusher(0.12.0)Ann-git
btctoo (OP)
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
May 17, 2020, 01:55:52 PM
 #7

Assuming the "txn file" was created by Electrum and the transaction is unsigned you may want to look here: https://bitcointalk.org/index.php?topic=5082785.0
There are both privacy and security concerns:
Privacy: you are revealing your entire list of past, present and future public keys (hence addresses).
Security: revealing a single private key from that wallet some day will reveal all your private keys.

thanks, the txn file is from electrum, does that mean, people now know my private key, i have a vanity addr?
Also the transaction is confirmed few hours ago already
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18771


View Profile
May 17, 2020, 02:24:40 PM
Merited by Coding Enthusiast (1)
 #8

No, the transaction file does not contain your private key. It contains your public key(s) only. These cannot be used to steal your coins unless you have exposed your private keys through another means. If someone else generated your vanity address for you, for example, then they will have access to your private key(s) and your coins.

If the transaction has been confirmed for several hours then it will have >10 confirmations by now and be essentially impossible to reverse. The concern about master public keys doesn't apply in this case since you are using a single vanity address rather than a hierarchical deterministic wallet.
btctoo (OP)
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
May 17, 2020, 02:26:40 PM
 #9

No, the transaction file does not contain your private key. It contains your public key(s) only. These cannot be used to steal your coins unless you have exposed your private keys through another means. If someone else generated your vanity address for you, for example, then they will have access to your private key(s) and your coins.

If the transaction has been confirmed for several hours then it will have >10 confirmations by now and be essentially impossible to reverse. The concern about master public keys doesn't apply in this case since you are using a single vanity address rather than a hierarchical deterministic wallet.
ok, my vanity address was gen from vante.me, the secure option in which i just provide a public key
hugeblack
Legendary
*
Offline Offline

Activity: 2730
Merit: 4032



View Profile WWW
May 18, 2020, 01:36:04 AM
 #10

ok, my vanity address was gen from vante.me, the secure option in which i just provide a public key
They use split key generation, which means that the only thing they can see is the public key. Thus, once they give you the key, you mix it with the private key "which they do not know" and thus it becomes impossible for them to know the new private key "They can try to brute force it, but this will take a very long time."

So in short, if you have generated your private key correctly and kept it in a safe/offline place, you are out of danger "stealing your money."


the secure option in which i just provide a public key
If you do it right, privacy is the only risk.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
nc50lc
Legendary
*
Offline Offline

Activity: 2632
Merit: 6511


Self-proclaimed Genius


View Profile
May 18, 2020, 03:19:20 AM
Merited by Coding Enthusiast (1)
 #11

Assuming the "txn file" was created by Electrum and the transaction is unsigned you may want to look here: https://bitcointalk.org/index.php?topic=5082785.0
The good thing is, the next release Electrum 4.0 (not yet released) will have a different export format.
I have tried the dev version on a standard wallet and checked the 'full txn export file', 'psbt export file' and 'copy to clipboard' method.

Both export files contains gibberish characters when opened with a text editor, suggests that it's not in human readable format.
The Copied raw transaction however is in 'Base64' and if you convert it to HEX, you'll only find the input's Public key(s) and Redeem Script (if applicable).
There's an option to export it together with the Master Public key, it's labeled as "for hardware device, include xpubs" but it's the same as the copied string above
and there's no x/y/z pub in HEX (maybe for wallets paired with a hardware wallet?).


@btctoo Since you're only using an imported wallet, then your exported unsigned Raw Txn will only contain the input's public key(s), no master public key.
But the privacy issue is still the same (you're going to reuse the address anyways).
If it came from an imported watch-only wallet that was created by pasting the address, then it wont even contain the public key.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!