Signed raw transaction

[zoltanb]

Is there an easy way to get the signed raw transaction on bitcoin core, electrum wallet or any other popular wallets before or without broadcasting the transaction to the network?

[1715687514]

1715687514

[1715687514]

1715687514

[1715687514]

1715687514

[1715687514]

1715687514

[1715687514]

1715687514

[LoyceV]

It's easiest in Electrum: click Preview, click Sign, and click Copy. The common way to use this is to create an unsigned transaction from an online read-only wallet, then signing the same transaction from an offline wallet that has the private keys.

[mocacinno]

 

In electrum it's very easy, but in wasabi it's the easiest since they actually have a wizard to create transactions, and at the end of the wizard they just show you the transaction without broadcasting it (semantics, and personal preference ). The only thing you have to do is use the correct wizard (since there are 2 ways of creating transactions in wasabi, one broadcasts the tx automatically, the other one just shows the signed tx without broadcasting).

Also, OP, bitcoin core can indeed be used to create and sign a transaction without broadcasting it... I don't know if there is a gui wizard available to do this, but you can defenatly do it from the console. Fair warning: if you use the console, things do get a bit complicated... You first create a raw, unsigned transaction, then you use a second command to sign it... The first step needs the list of unspent outputs you'll be using, and a list addresses and values that will be funded using the new unspent outputs. You'll have to calculate the fee by yourself, and make sure everything checks out before broadcasting the transaction. Not very newbie-friendly.

A different option would be to download coinb.in's sourcecode and run it offline when you get to the signing-step... It guides you trough the process of creating a transaction and signing it... Be carefull with your private key tough! don't save it in an unencrypted way, and make sure you reboot your machine after the signing step.

Maybe it's easyer if you tell us why you want to do this? Is it a learning experience? In that case i'd suggest using coinb.in or bitcoin core on the testnet...

[zoltanb]

Thank you. Do any of these wallets have an API to send the signed transaction to an external service? Only the signed transaction, no private keys or anything else.

[mocacinno]

Thank you. Do any of these wallets have an API to send the signed transaction to an external service? Only the signed transaction, no private keys or anything else.

Well, if they'd broadcast the private key, it would be a huuuuuge vulnerability. That being said, electrum, core, wasabi and coinb.in do allow you to broadcast signed transactions in one way or another...
Electrum has a "broadcast" button, or you can use the console... It broadcasts the transaction to the node you're connected to.
Wasabi has a broadcast-wizard. It broadcasts the transaction to zsnark's node over tor.
Core can also broadcasts a signed transaction from the console. It broadcasts it to the other nodes it is connected to
Coinb.in allows you to chose a block explorer that has an api with a function to broadcast transactions, and it has a wizard where you can past a signed transaction and broadcast @the push of a button.

There are tons of block explorers that offer a free api that allows you to broadcast transactions. Some made a nice little webpage where you can past your signed transaction and broadcast it. Timelord2067 even made a list: https://bitcointalk.org/index.php?topic=1938621.0

[zoltanb]

Thank you. Do any of these wallets have an API to send the signed transaction to an external service? Only the signed transaction, no private keys or anything else.

Well, if they'd broadcast the private key, it would be a huuuuuge vulnerability. That being said, electrum, core, wasabi and coinb.in do allow you to broadcast signed transactions in one way or another...
Electrum has a "broadcast" button, or you can use the console... It broadcasts the transaction to the node you're connected to.
Wasabi has a broadcast-wizard. It broadcasts the transaction to zsnark's node over tor.
Core can also broadcasts a signed transaction from the console. It broadcasts it to the other nodes it is connected to
Coinb.in allows you to chose a block explorer that has an api with a function to broadcast transactions, and it has a wizard where you can past a signed transaction and broadcast @the push of a button.

There are tons of block explorers that offer a free api that allows you to broadcast transactions. Some made a nice little webpage where you can past your signed transaction and broadcast it. Timelord2067 even made a list: https://bitcointalk.org/index.php?topic=1938621.0

Of course it would be. This is why I asked if it is possible via an API to just send the signed transaction to an external service. So, once the user signs a transaction, he does not have to copy and paste it to an external service, it will be sent via API to an app / service accepted by user.
So, I do not want to broadcast the transaction, just get the signed transaction and decide later what do I want to do with it.

[zoltanb]

Maybe it's easyer if you tell us why you want to do this? Is it a learning experience? In that case i'd suggest using coinb.in or bitcoin core on the testnet...

No, not a learning experience. It is an external service where the only thing we need is the signed raw transaction. Will let you know more later.
The only thing I need is to communicate via an API to the wallet, so once the wallet have the signed transaction, the user won't have to copy this and paste it into the external service we are building, the sending of the signed transaction should be done automatically to our service.

[LoyceV]

It is an external service where the only thing we need is the signed raw transaction.

So, I do not want to broadcast the transaction, just get the signed transaction and decide later what do I want to do with it.

Depending on what you're trying to do: you should realize the user can invalidate the signed transaction at any moment by sending one of the inputs to another address.

[zoltanb]

Depending on what you're trying to do: you should realize the user can invalidate the signed transaction at any moment by sending one of the inputs to another address.

I am aware of this, this is why it would be great to have an API access.
Does any opensource wallet has the option to programaticaly get the a signed a raw transaction and send to an external service?

[LoyceV]

I am aware of this, this is why it would be great to have an API access.

Why not run your own Bitcoin Core daemon (bitcoind)?

[zoltanb]

Why not run your own Bitcoin Core daemon (bitcoind)?

I run multiple bitcoin core daemons that I can use any time to broadcast a signed transaction. This is not the issue. I need wallets to automatically send to me a signed transaction that will not be distributed just stored by a centralized system. Depending on certain scenarios the signed transaction will be distributed / broadcasted (or not) using my own node.

[mocacinno]

Well, i'm not 100% sure if you're solving your problem in the most efficient way... But if you're set on creating and signing a transaction locally, then using an external api to broadcast it, you'll probably have to write a small script (bash, perl, python,...)

There are many open source wallets which you can run as a daemon:
core, electrum, btcd,... These can be used to contruct and sign transactions. Your script will have to use the json-rpc interface to achieve this. Then it'll have to connect to one of the api's that allow you to broadcast transactions...

But like @LoyceV already said: why not use core to create, sign AND broadcast transactions? When you broadcast a transaction your peers don't know you're the source of said transaction... You might aswell just be broadcasting a transaction you received from another peer. If you're really worried, you can run your node over tor.

Why not run your own Bitcoin Core daemon (bitcoind)?

I run multiple bitcoin core daemons that I can use any time to broadcast a signed transaction. This is not the issue. I need wallets to automatically send to me a signed transaction that will not be distributed just stored by a centralized system. Depending on certain scenarios the signed transaction will be distributed / broadcasted (or not) using my own node.

In that case, you don't need an external api...
You're already running core daemons... Just write a script to use the json-rpc interface to query unspent outputs, create an unsigned transaction, unlock your wallet, sign the transaction, save the signed transaction into a relational database.
A second script can be used to retrieve signed transactions from your relational database and broadcast them using your daemon's json-rpc interface.

Really, it's not as hard as it sounds... If you can't do it by yourself, i can give you a quote on a price i'd charge to write such a script... Afterwards you can shop around to see if somebody else gives you a better deal.

[zoltanb]

In that case, you don't need an external api...
You're already running core daemons... Just write a script to use the json-rpc interface to query unspent outputs, create an unsigned transaction, unlock your wallet, sign the transaction, save the signed transaction into a relational database.
A second script can be used to retrieve signed transactions from your relational database and broadcast them using your daemon's json-rpc interface.

Really, it's not as hard as it sounds... If you can't do it by yourself, i can give you a quote on a price i'd charge to write such a script... Afterwards you can shop around to see if somebody else gives you a better deal.

I am familiar with bitcoin core and use the cli and RPC part of it. I build a project, where it would be indispensable to get the signed raw transaction of any particular transaction. Think of it this way: you use any wallet (electrum, bitcoin core, etc.) to send bitcoin to an address you want. As soon as this is done, your wallet should simply
1) get all or part of your remaining UTXO-s
2) create a raw transaction to an arbitrary address
3) sign that raw transaction but did not broadcast it just simply send it via an API to an external service

The service is built, and it stores the transaction and verifies every 5-10 minutes (using bitcoin-cli testmempoolaccept) if the transaction can be broadcasted / distributed. If any of the inputs is spent on a future transaction, the service notifies you because the signed transaction got invalidated. So, user gets a notification to sign a new transaction with the valid remaining inputs then copy and paste the new signed transaction to the service.

This can be used to setup a backup address for yourself (on another wallet or a custodial wallet) and if you lose access to your seed or passphrase on any wallet, you can simply login to this service and broadcast the signed transaction which will send all your funds to your backup address.

Right now, the system lets you manually store the signed raw transaction and notifies you once this is invalidated, and you have to manually login to your wallet again, create the new transaction, sign it and copy paste it again to the service.

This would be the best way to backup any of your non-custodial wallets. You do not give up your private keys, you just always sign a transaction to a backup address and store it somewhere externally and use it only if somehow you lose access to your private keys. The worse case scenario that could happen to you is if the said service will broadcast the transaction earlier, so basically all your funds get moved to your backup address.

[zoltanb]

Basically a similar service / API will resolve the issue of lost BTCs.

The scenario is very simple:
Setup 2 wallets: a non custodial wallet (wallet A) and a custodial wallet (or another non custodial wallet with different seed / passphrase) (wallet B).
Keep all your coins on your non custodial wallet (wallet A), don't keep anything on wallet B.
Do the KYC / AML procedure on the custodial wallet (wallet B), remember, you need this just in case you'll have to use your custodial wallet when losing access to your non-custodial wallet, hopefully you will never need it.

So, if you lose access to your non custodial wallet (wallet A), simply login to backup service and run the previously signed raw transaction that will send all your funds to wallet B where you can access it.

This scenario is just a piece of mind to recover your funds if you forget passphrase / seed phrase.

[ranochigo]

You'd probably be looking to incorporate nLockTime in the transaction as well, so the service or anyone else cannot broadcast the transaction before the preset block/unix time. You'll probably be looking at something like GreenAddress, they sign the raw transactions for 2-of-2 account and send it to the user with nLockTime so they can sign and broadcast it if GreenAddress ceases to exist.

There could be some potential privacy concerns with such implementations though, but I assume most users wouldn't really be concerned about that.

[zoltanb]

You'd probably be looking to incorporate nLockTime in the transaction as well, so the service or anyone else cannot broadcast the transaction before the preset block/unix time. You'll probably be looking at something like GreenAddress, they sign the raw transactions for 2-of-2 account and send it to the user with nLockTime so they can sign and broadcast it if GreenAddress ceases to exist.

There could be some potential privacy concerns with such implementations though, but I assume most users wouldn't really be concerned about that.

Thanks for the suggestion. Regarding privacy, you won't need KYC, just an email and a 2FA that would be mandatory. So, if you lose 2FA, you lose the access to the signed transaction (however with proper verification we can let you in with some conditions). You can use any privacy email, again, the worse case scenario is that we broadcast the transaction earlier but basically what we would do is to simply move your funds from wallet A to wallet B. We don't know the private keys to any of your wallets, so it wouldn't make any sense to do this.

[NotATether]

Why not run your own Bitcoin Core daemon (bitcoind)?

I run multiple bitcoin core daemons that I can use any time to broadcast a signed transaction. This is not the issue. I need wallets to automatically send to me a signed transaction that will not be distributed just stored by a centralized system. Depending on certain scenarios the signed transaction will be distributed / broadcasted (or not) using my own node.

There is a way to accomplish this assuming all your users use Electrum desktop. All you have to do is create a plugin that fetches signed transaction as they are created in the "Send" tab (but not visible there), and run some kind of REST server encrypted with HTTPS and then make a POST request to it with the signed transaction inside.


Electrum plug-in documentation is sparse but here is one of the more informative posts on how to create Electrum plugins: https://bitzuma.com/posts/an-introduction-to-plugin-development-for-the-electrum-bitcoin-wallet/

[zoltanb]

There is a way to accomplish this assuming all your users use Electrum desktop. All you have to do is create a plugin that fetches signed transaction as they are created in the "Send" tab (but not visible there), and run some kind of REST server encrypted with HTTPS and then make a POST request to it with the signed transaction inside.

Electrum plug-in documentation is sparse but here is one of the more informative posts on how to create Electrum plugins: https://bitzuma.com/posts/an-introduction-to-plugin-development-for-the-electrum-bitcoin-wallet/

Thanks for the suggestion, will check it out!

[LoyceV]

So, if you lose access to your non custodial wallet (wallet A), simply login to backup service and run the previously signed raw transaction that will send all your funds to wallet B where you can access it.

Why would they still have access to wallet B if they lose access to wallet A? If, for instance, you keep wallet B in a different location than wallet A, why don't you just keep a backup of wallet A on the same location?

[zoltanb]

Why would they still have access to wallet B if they lose access to wallet A? If, for instance, you keep wallet B in a different location than wallet A, why don't you just keep a backup of wallet A on the same location?

Because you have to secure it a lot and you can not prepare well for loss or stealing of your private keys.

What's the problem with the current non-custodial Bitcoin?
1. You have to take care of your own seed / private key.
2. You have to store it in a way that nobody could even access the seed, if somebody finds your seed even for a second, he / she can spend it and there is nothing you can do to stop this.
3. If you leave your key somewhere and somebody accesses it, you will not even find this out. So, a thief could spend all your balance immediately or he can wait for days, weeks, months or even years to spend everything you accumulate over the time. If you give me your 12 words seed phrase there is no way you can now if I did something with the words until I wipe out your wallet. For example you have 0.01 BTC now, and a thief will wait until you have it least 1 BTC and spend everything only that time. You think that everything is OK, while in fact somebody is already watching every move you make and just waits for the right time to rob you.
4. Based on point 2 and 3, you really have to hide the seed in a place where nobody can access it (by putting a camera with motion sensors in the room where you store it), as soon as somebody enters the room and potentially see the seed, you have to act fast. From that moment it is a matter of who is faster on spending the funds, you or the thief.
5. If you decide to put the seed to 2 different places to protect from loss (for example one in office safe and one in home safe) just to make sure that if a fire, flood or any other event destroys one of the seed copies, you still have the other one for backup. This is practically double your efforts on point 4, as this time, you have to protect 2 places. More backups, mean more safety precautions!
6. Too many precautions (for example splitting the seed phrase in 2-3-4 locations) will limit the chances of being robbed but can also lead to loss of the seed. Remember, for example if you split your seed phase and store it this way A-B-C-D-E-F (location 1), D-E-F-G-H-I (location 2), G-H-I-J-K-L (location 3), J-K-L-A-B-C (location 4), this has a 1/4 fault tolerance, so if somehow you can't access one of the locations you are still safe, but if you can't access 2 locations from 4, you already have a problem as your seed is gone.

With the proposed solution what you will need:
1. a non custodial wallet where you will hold all your bitcoins (wallet A to be backed up)
2. a custodial wallet where you do the KYC but not hold anything there (this can also be another non custodial wallet) (wallet B where we send your coins if you need to activate backup)
3. an account with us that you will use in case you lose your access to your non custodial wallet (wallet A)

So, basically all your funds will stay forever on the non-custodial wallet but you will need wallet B only if somehow you lose the private key / seed phrase of wallet A. In this case, all you have to do is to login to the backup service and use the previously signed raw transaction (you signed it when you could still access your keys) to send all your funds to your wallet B. Since, wallet B is a custodial service (which is an advantage in this case), for example Coinbase, Bitstamp, etc., you simply login back to this service and voila, you have your bitcoin on the wallet B. If, for some reason, you forget the login and password for your wallet B, with proper KYC proof, they will let you in, and your funds will be safe. Of course, after this is done, you simply withdraw your funds from wallet B to a new wallet you are creating just to not keep your coins on an exchange.